Gatling not sending client cert at all

Hello, I’ve been beating my head against the wall. TL;DR is that for some reason Gatling will not send, to my understanding, the client cert at all.

Some details:

  1. Project is a gatling-maven-plugin project
  2. Client cert is signed by an internal CA
  3. Enabling for gatling-maven-plugin reveals a ton of SSL information and from what I can glean it doesn’t send my cert
  4. If I purposely put in the wrong password OR bad file name, the gatling.conf is read and an exception is thrown.
  5. Based on the nature of the infrastructure the server will NOT reject due to no client cert but rather the application will have permission/entitlement issues and respond with error when not present
  6. My Scala skills are weak

My project structure below:




My pom:


<?xml version="1.0" encoding="UTF-8"?>


1.8 1.8 2.11.8 UTF-8



io.gatling gatling-app ${gatling.version} io.gatling gatling-recorder ${gatling.version} io.gatling.highcharts gatling-charts-highcharts ${gatling.version} org.scala-lang scala-library ${scala.version} io.gatling.highcharts gatling-charts-highcharts io.gatling gatling-app io.gatling gatling-recorder org.scala-lang scala-library src/test/scala net.alchim31.maven scala-maven-plugin ${scala-maven-plugin.version} net.alchim31.maven scala-maven-plugin testCompile -Ybackend:GenBCode -Ydelambdafy:method -target:jvm-1.8 -deprecation -feature -unchecked -language:implicitConversions -language:postfixOps io.gatling gatling-maven-plugin ${gatling.version} true test execute `

My gatling.conf:


http {
#fetchedCssCacheMaxCapacity = 200 # Cache size for CSS parsed content, set to 0 to disable
#fetchedHtmlCacheMaxCapacity = 200 # Cache size for HTML parsed content, set to 0 to disable
#perUserCacheMaxCapacity = 200 # Per virtual user cache size, set to 0 to disable
#warmUpUrl = “” # The URL to use to warm-up the HTTP stack (blank means disabled)
#enableGA = true # Very light Google Analytics, please support
ssl {
keyStore {
type = “jks” # Type of SSLContext’s TrustManagers store
file = “EATMCertsKeystore.jks” # Location of SSLContext’s TrustManagers store
password = “XXXX” # Password for SSLContext’s TrustManagers store
#algorithm = “” # Algorithm used by SSLContext’s TrustManagers store
trustStore {
#type = “jks” # Type of SSLContext’s KeyManagers store
#file = “XXXX” # Location of SSLContext’s KeyManagers store
#password = “XXX” # Password for SSLContext’s KeyManagers store
#algorithm = “” # Algorithm used SSLContext’s KeyManagers store
ahc {
#keepAlive = true # Allow pooling HTTP connections (keep-alive header automatically added)
#connectTimeout = 10000 # Timeout when establishing a connection
#handshakeTimeout = 10000 # Timeout when performing TLS hashshake
#pooledConnectionIdleTimeout = 60000 # Timeout when a connection stays unused in the pool
#readTimeout = 60000 # Timeout when a used connection stays idle
#maxRetry = 2 # Number of times that a request should be tried again
#requestTimeout = 60000 # Timeout of the requests
acceptAnyCertificate = true # When set to true, doesn’t validate SSL certificates


  1. Is there some sort of standard regarding the JKS file that isn’t well documented that will eliminate gatling from sending it?

  2. Is there any sort of real GitHub project with test JKS that one could pull apart to suss out the differences and flaws in their own project?

  3. Is there any sort of debug information I should be looking for as to why the cert is not being sent?

  4. What else can I do to get unblocked? What information can I provide?


We did the following to get past this:

  1. Created a new trust store that had the client cert and grandfather cert that signed the server cert
  2. Created a new key store that just had the client private key
  3. Made sure both had the same password (I don’t know why this would matter)
  4. Dont rename the keystore once created :slight_smile: