Client side certificate configuration

Hi - I have the following problem sending a request to a https site that requires a client side certificate.

When running using gatling.sh, the test runs correctly.

However, I would like to run from within Gradle (so that the continuous integration server and the testers don’t need to install Gatling).

The following Gradle code will work with a http site, but not with a https site.

`
task runLoadTest(type: JavaExec) {
classpath = sourceSets.main.runtimeClasspath
main = “io.gatling.app.Gatling”
args = Eval.me("[’-s’, ‘agp.TP00WarmUp’]")
}

`

The console shows what appears to be the wrong certificate

`

:runLoadTest
15:53:38.974 [New I/O worker #1] DEBUG c.n.h.c.p.n.r.NettyConnectListener - onFutureSuccess: session = [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256], id = [3KLr…, isValid = true, host = ssl.google-analytics.com
15:53:38.978 [New I/O worker #1] DEBUG c.n.h.util.DefaultHostnameVerifier - hostname = ssl.google-analytics.com, session = 3KLr…
15:53:38.979 [New I/O worker #1] DEBUG c.n.h.util.DefaultHostnameVerifier - peerCertificate = [
[
Version: V3
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
[…

`

The error is

`
java.security.UnrecoverableKeyException: Password verification failed

`

which suggests that Gatling is not picking up the settings in gatling.conf (which point to the correct keystore for this service).

I have attempted to add the following to build.gradle (taken from the working gatling.conf), but it seems to have no effect

`
systemProperties = [
“enableGA” :“false”,
“gatling.http.ssl.keyStore.type” : “JKS”,
“gatling.http.ssl.keyStore.file” : “/Users/xyz/git/vp/certs/client.jks”,
“gatling.http.ssl.keyStorepassword” : “abc”
]

`

This may well be more a Gradle question, but I thought I would start here.

Cheers

/Martin

Missing dot between keyStore and password => wrong property.

Thank you Stéphane for spotting that.

My error now is

SunCertPathBuilderException: unable to find valid certification path to requested target

It still seems to me that Gatling is not picking up the right keystore, which is probably due to come configuration setting that is correct when executing gatling.sh, but is missing when execuing io.gatling.app.Gatling.

Any ideas welcome.

/Martin

I’d say you’re trying to load a self-signed certificate, so it can’t be trusted as is and has to be added in the truststore (either your JVM’s one, or one you would externally provide, just like you’ve been providing a custom keystore).

Thank you Stéphane.

I agree that I might be able to make the Gradle build work by making changes to my local truststore. But this doesn’t explain why gatling.sh works. I suppose my next step is to examine gatling,sh and see what it does that I need to reproduce in the Gradle script. Once it works in a self-contained way, I would then be able to have it executed by Jenkins without me having to install extra software, or make local configuration changes, in Jenkins.

Cheers

/Martin