I am using Gatling 3.13.1 with Maven and need help configuring a gRPC request with a self-signed certificate.
Setup
I have generated the following files and used them to start my gRPC server:
privateKey.pem
certificate.pem
To verify that the server works correctly, I wrote a Java main method that successfully makes a request to the server (code is not provided now but I can provide it if needed it). However, when trying to perform the same request using Gatling, I run into an issue.
Gatling Configuration
I have a configuration file where I define the necessary properties:
grpcHost=localhost
grpcPort=9091
certificate.path=path/to/certificate.pem
This method returns a GrpcProtocolBuilder. I have also tried .useStandardTrustManager(), but the issue remains the same.
Error Message
When executing the test in Gatling, I receive the following error:
gRPC stream end:
status:
code: UNAVAILABLE
description: io exception
Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]
cause: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
I suspect I am missing something in my Gatling configuration. Could you help me identify the issue and guide me on how to correctly pass the self-signed certificate to Gatling for gRPC requests?
you’ve made a mistake while copying the correct certificate into your project
I verified that I copied the correct certificate from my gRPC server.
the certificate is not in X509 format
I double-checked, and the certificate is in X.509 format.
certificate.path must be a classpath path, eg the relative path from src/test/resources, not a filesystem path
Initially, I was using an absolute path:
C:/Users/myuser/path/to/certificate.pem.
I corrected it to a classpath path:
src/main/resources/certificate.pem and I am able to see information about certificate (as before).
My Java code reads the certificate as follows:
String certificatePath = configProperties.getProperty(“certificate.path”);
CertificateFactory certificateFactory = CertificateFactory.getInstance(“X.509”);
FileInputStream certInputStream = new FileInputStream(certificatePath);
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(certInputStream);
Output of above logs
Certificate’s information:
Issuer: CN=localhost
Subject: CN=localhost
Serial Number: 721581440726280250068496780889873755888237740866
Not Before: Mon Mar 31 22:06:18 EEST 2025
Not After: Tue Mar 31 22:06:18 EEST 2026
Signature Algorithm: SHA256withRSA
the code version you’re executing is not the one you have locally (eg forgot to push on a git repo or to re-upload a package)
I am running this locally, so there is no issue related to uncommitted or outdated code from a Git repository.
Behavior Without SSL when using
grpc.forAddress(configProperties.getGrpcHost(), configProperties.getGrpcPort())
.usePlaintext();
or
grpc.forAddress(configProperties.getGrpcHost(), configProperties.getGrpcPort())
.useInsecureTrustManager();
the gRPC service is accessible, meaning the connection works without certificate validation.
I do agree with you that most probably I miss something small and could be something stupid.
Do you have any other idea what could be wrong?
Are there any additional logs I could enable to get more insight into the problem?
Would it help if I provided details on how I created my self-signed certificate?
Any ideas or suggestions would be greatly appreciated!
Update: I run my simulation with command ‘mvn gatling:test’
You should actually be passing certificate.pem (with certificate.pem being located in src/main/resources).
Issue is fixed!
certificate located into: src/main/resources/certificate.pem
So I pass (as you said) certificate.pem and it is working with no problem.
with certificate.pem being located in src/main/resources
Is it strictly required to place certificate.pem inside src/main/resources or src/test/resources, or are there alternative locations where it can be stored?
So I pass (as you said) certificate.pem and it is working with no problem.
Great news. Still, I would have expected us to detect that the resources is missing and crash upfront. I’ll investigate.
Is it strictly required to place certificate.pem inside src/main/resources or src/test/resources , or are there alternative locations where it can be stored?
Strictly required.
Note that there’s nothing sensitive in this file.