I am trying to test an HTTPS site protected by Okta using Gatling. I am beating my head against the wall with Google searches and trial and error. My problem may even be deeper than an HTTPS issue. It may be an Okta SSO protection issue.
I have found many, many others that have said they, too, have similar trouble with HTTPS testing. In response, people keep providing the URL to the Gatling documentation. C’mon folks, bad instructions are not a good solution. The HTTPS mode instructions do not help at all.
Example:
The recorder will use the same self-signed certificate for every domain. Browsers will prompt a security alert, and ask you if you want to add a security exception for this domain. If it doesn’t do so, it means that you’ve already registered a validated (by a standard Certificate Authority) certificate and it refuses to replace it by a less secured one. You then have to remove it from your certificate registry.
WTF does that mean?
And it goes on:
- Provided KeyStore
One can pass a full Java keyStore (JKS or PKCS#12 format) that contains the certificate to be used. This mode is useful if you have already generated a Java keystore for your application and want to reuse it for recording.
Where or how do I get a Java keystore?
And more:
- On-the-fly certificate generation
This mode takes a Certificate Authority (certificate and private key, in PEM format) and generates signed certificates for every visited domain.
You can either ask Gatling to generate those files for you, or provide a CA of your own.
Note
If you’re not using the self-signed certificate, you’ll have to import the Certificate Authority certificate into your browser’s keystore:
- under desktop Chrome, go in HTTPS/SSL settings, Manage Certificates
- under desktop Firefox, go in Advanced settings, Certificates, Display, Authorities, Import
- on OSX for iPhone, IPad, you simply have to send you the certificate file by email, and then open the attached file
- on Android, check official documentation.
None of these instructions really tell me what I need to do to get off of square 1.
When I try to connect to the site I am trying to test, I get this response from Google Chrome:
sso-cert.johndeere.com normally uses encryption to protect your information. When Google Chrome tried to connect to sso-cert.johndeere.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be sso-cert.johndeere.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit sso-cert.johndeere.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
I am going to go keep studying the Internet, but the Gatling info might as well be in encrypted binary.
Randy