General SSLEngine problem

[veraic...@gmail.com]

hello

    i have a https site using tlsv1,which can be accessed by the following curl commad:

   

 curl --tlsv1 --key ./key.pem --cacert ./ca.pem --cert ./cert.pem -H "Content-Type: application/json" -d '{"Labels":{"ali.CpuCount":"2","ali.CpuQuota":"10","DiskQuota":"20g","ali.Site":"et15sqa","ali.BizName":"smoking","ali.AppName":"gat-ultron","ali.AppDeployUnit":"gat-ultron","ali.TargetReplica":"1","ali.InstanceGroup":"ultrontesthost","ali.EnableOverQuota":"false","ali.MemoryHardlimit":"8192000"},"Image":"reg.docker.alibaba-inc.com/aone/dockerapp:20170104133527_prepub"}' "https://myhost:8443/containers/create?async=ture"

i want to use gatiling to test the performance and i configed the gatling.conf as following:

ssl {
      trustStore {
        type = "JKS"      # Type of SSLContext's TrustManagers store
        file = "/Users/huanbi/code/sigmaPems/client.jks"      # Location of SSLContext's TrustManagers store
        password = "123"  # Password for SSLContext's TrustManagers store
        #algorithm = "" # Algorithm used by SSLContext's TrustManagers store
      }
      keyStore {
        type = "jks"      # Type of SSLContext's KeyManagers store
        file = "/Users/huanbi/code/sigmaPems/client.jks"      # Location of SSLContext's KeyManagers store
        password = "123"  # Password for SSLContext's KeyManagers store
        #algorithm = "" # Algorithm used SSLContext's KeyManagers store
      }
    }

i ran the script and got the following errors:

12:42:30.339 [DEBUG] c.n.h.c.p.n.h.Processor - Unexpected I/O exception on channel [id: 0x2e19655a, /30.6.71.189:54117 :> myhost/100.81.184.27:8443]
sun.security.validator.ValidatorException: No trusted certificate found
        at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:394) ~[na:1.8.0_101]
        at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:133) ~[na:1.8.0_101]
        at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_101]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_101]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[na:1.8.0_101]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_101]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[na:1.8.0_101]
        ... 26 common frames omitted
Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_101]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[na:1.8.0_101]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[na:1.8.0_101]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_101]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[na:1.8.0_101]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_101]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_101]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[na:1.8.0_101]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[na:1.8.0_101]
        at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_101]
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[na:1.8.0_101]
        at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1392) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1255) ~[netty-3.10.4.Final.jar:na]
        ... 18 common frames omitted


[Siegfried Goeschl]

Will, I might be of little help since I never used SSL/TLS with Gatling and I just point out the obvious 

* there is no "chain of trust" between the presented cert and your Java Key Store

* If I remember correctly this is done using "Issuer DN" & "Subject DN" (DN = distinguished name)

* Maybe the trusted cert is missing or there is a misspelling

* And working with certs is much easier using Particle (http://portecle.sourceforge.net)

Thanks in advance, 

Siegfried Goeschl