Client side certificate configuration
608 views
Skip to first unread message
Martin Flower
Jan 29, 2015, 10:07:06 AM1/29/15
to gat...@googlegroups.com
Hi - I have the following problem sending a request to a https site that requires a client side certificate.
When running using gatling.sh, the test runs correctly.
However, I would like to run from within Gradle (so that the continuous integration server and the testers don't need to install Gatling).
The following Gradle code will work with a http site, but not with a https site.
The console shows what appears to be the wrong certificate
The error is
which suggests that Gatling is not picking up the settings in gatling.conf (which point to the correct keystore for this service).
I have attempted to add the following to build.gradle (taken from the working gatling.conf), but it seems to have no effect
This may well be more a Gradle question, but I thought I would start here.
Cheers
/Martin
When running using gatling.sh, the test runs correctly.
However, I would like to run from within Gradle (so that the continuous integration server and the testers don't need to install Gatling).
The following Gradle code will work with a http site, but not with a https site.
task runLoadTest(type: JavaExec) {
classpath = sourceSets.main.runtimeClasspath
main = "io.gatling.app.Gatling"
args = Eval.me("['-s', 'agp.TP00WarmUp']")
}
The console shows what appears to be the wrong certificate
:runLoadTest
15:53:38.974 [New I/O worker #1] DEBUG c.n.h.c.p.n.r.NettyConnectListener - onFutureSuccess: session = [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256], id = [3KLr..., isValid = true, host = ssl.google-analytics.com
15:53:38.978 [New I/O worker #1] DEBUG c.n.h.util.DefaultHostnameVerifier - hostname = ssl.google-analytics.com, session = 3KLr...
15:53:38.979 [New I/O worker #1] DEBUG c.n.h.util.DefaultHostnameVerifier - peerCertificate = [
[
Version: V3
Subject: CN=*.google-analytics.com, O=Google Inc, L=Mountain View, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
[...
The error is
java.security.UnrecoverableKeyException: Password verification failed
which suggests that Gatling is not picking up the settings in gatling.conf (which point to the correct keystore for this service).
I have attempted to add the following to build.gradle (taken from the working gatling.conf), but it seems to have no effect
systemProperties = [
"enableGA" :"false",
"gatling.http.ssl.keyStore.type" : "JKS",
"gatling.http.ssl.keyStore.file" : "/Users/xyz/git/vp/certs/client.jks",
"gatling.http.ssl.keyStorepassword" : "abc"
]
This may well be more a Gradle question, but I thought I would start here.
Cheers
/Martin
Stéphane LANDELLE
Jan 29, 2015, 10:51:51 AM1/29/15
to gat...@googlegroups.com
Missing dot between keyStore and password => wrong property.
--
You received this message because you are subscribed to the Google Groups "Gatling User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Martin Flower
Jan 30, 2015, 2:39:23 AM1/30/15
to gat...@googlegroups.com
Thank you Stéphane for spotting that.
My error now is
It still seems to me that Gatling is not picking up the right keystore, which is probably due to come configuration setting that is correct when executing gatling.sh, but is missing when execuing io.gatling.app.Gatling.
Any ideas welcome.
/Martin
My error now is
SunCertPathBuilderException: unable to find valid certification path to requested targetIt still seems to me that Gatling is not picking up the right keystore, which is probably due to come configuration setting that is correct when executing gatling.sh, but is missing when execuing io.gatling.app.Gatling.
Any ideas welcome.
/Martin
Stéphane LANDELLE
Jan 30, 2015, 6:23:24 AM1/30/15
to gat...@googlegroups.com
I'd say you're trying to load a self-signed certificate, so it can't be trusted as is and has to be added in the truststore (either your JVM's one, or one you would externally provide, just like you've been providing a custom keystore).
Martin Flower
Feb 2, 2015, 2:52:30 AM2/2/15
to gat...@googlegroups.com
Thank you Stéphane.
I agree that I might be able to make the Gradle build work by making changes to my local truststore. But this doesn't explain why gatling.sh works. I suppose my next step is to examine gatling,sh and see what it does that I need to reproduce in the Gradle script. Once it works in a self-contained way, I would then be able to have it executed by Jenkins without me having to install extra software, or make local configuration changes, in Jenkins.
Cheers
/Martin
I agree that I might be able to make the Gradle build work by making changes to my local truststore. But this doesn't explain why gatling.sh works. I suppose my next step is to examine gatling,sh and see what it does that I need to reproduce in the Gradle script. Once it works in a self-contained way, I would then be able to have it executed by Jenkins without me having to install extra software, or make local configuration changes, in Jenkins.
Cheers
/Martin
Reply all
Reply to author
Forward
0 new messages