Passing Public Key Certificate ( client side cert ) in Gatling 2.1.7

Umesh_Pathak · June 20, 2016, 7:08am

Hi,
I have a client side certificate (Public Key Certificate) file which is to be passed in Gatling 2.1.7 script running in JDK 1.7.0_79 on Windows 7
I checked the .cer file. It has the public key in it.

I have created a new JKS using below command

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048.

Password for both the keystore and key is same i.e. “password”

Have added the .cer file using below command

keytool -import -trustcacerts -alias root -file myappPK.cer -keystore keystore.jks

When prompted, Trust Certificate, I entered Yes

And have specified it in the following config

ssl {
trustStore {
#type = “”
#file = “”
#password = “”
#algorithm = “”
}
keyStore {
type = “jks”
file = “c:\data\programs\gatling\2.1.7\user-files\Certificates\new5\keystore.jks”
password = “password”
#algorithm = “”
}
}

I am getting below error

17:06:27.586 [DEBUG] i.g.h.a.AsyncHandler - Request ‘LoginWithCert’ failed for user 5308633530546473736-0
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) ~[na:1.7.0_79]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) ~[na:1.7.0_79]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ~[na:1.7.0_79]
… 32 common frames omitted
Wrapped by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe
t
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) ~[na:1.7.0_79]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_79]
at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_79]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_79]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283) ~[na:1.7.0_79]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138) ~[na:1.7.0_79]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1433) ~[na:1.7.0_79]
… 26 common frames omitted
Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_79]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1703) ~[na:1.7.0_79]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281) ~[na:1.7.0_79]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) ~[na:1.7.0_79]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) ~[na:1.7.0_79]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) ~[na:1.7.0_79]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901) ~[na:1.7.0_79]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:841) ~[na:1.7.0_79]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:839) ~[na:1.7.0_79]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.7.0_79]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273) ~[na:1.7.0_79]
at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1392) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1255) [netty-3.10.4.Final.jar:na]
… 18 common frames omitted
Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1336) ~[na:1.7.0_79]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519) ~[na:1.7.0_79]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:796) ~[na:1.7.0_79]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764) ~[na:1.7.0_79]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_79]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218) [netty-3.10.4.Final.jar:na]
… 18 common frames omitted
Wrapped by: java.net.ConnectException: General SSLEngine problem
at com.ning.http.client.providers.netty.request.NettyConnectListener.onFutureFailure(NettyConnectListener.java:133) [async-http-client-1.9.30.jar:na]
at com.ning.http.client.providers.netty.request.NettyConnectListener.access$200(NettyConnectListener.java:37) [async-http-client-1.9.30.jar:na]
at com.ning.http.client.providers.netty.request.NettyConnectListener$1.operationComplete(NettyConnectListener.java:104) [async-http-client-1.9.30.jar:na]
at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:409) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:395) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:362) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1460) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1314) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:310) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [netty-3.10.4.Final.jar:na]
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [netty-3.10.4.Final.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_79]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_79]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_79]
17:06:27.599 [WARN ] i.g.h.a.AsyncHandlerActor - Request ‘LoginWithCert’ failed: java.net.ConnectException: General SSLEngine problem
17:06:27.608 [TRACE] i.g.h.a.AsyncHandlerActor -

Request:
LoginWithCert: KO java.net.ConnectException: General SSLEngine problem

Umesh_Pathak · June 20, 2016, 8:11am

Just got the info that I need to pass private key also. Where and how to specify the Private Key also in this config ?

Umesh_Pathak · June 22, 2016, 7:17am

Got the solution. The communication is the mutual SSL one. Hence I need both Public Key Certificate and Private key both in the JKS. Below is the approach I took

Created PK12 from the cert and private Key
openssl pkcs12 -export -in app_public.crt -inkey app_private.key -out server.p12 -name myAppAlias

give the password as changeit for the PK12 keystore, if prompted give the password for the key

Import this PK12 store in the JKS used in the Gatling
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore C:\data\certs\newJKS -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias myAppAlias

And the newJKS is ready to be used in gatling !!

S_Reddi · June 2, 2017, 11:39am

hi,

I have the issue something similar to this. I have the keystore and truststore added in the config.

ssl {
trustStore {
type = “JKS” # Type of SSLContext’s TrustManagers store
file = “src/test/resources/TST.site1.green/truststoreIdentitiesTest.jks” # Location of SSLContext’s TrustManagers store
password = “changeit” # Password for SSLContext’s TrustManagers store
#algorithm = “” # Algorithm used by SSLContext’s TrustManagers store
}
keyStore {
type = “JKS” # Type of SSLContext’s KeyManagers store
file = “src/test/resources/TST.site1.green/tomcatIdentitiesTest.jks” # Location of SSLContext’s KeyManagers store
password = “changeit” # Password for SSLContext’s KeyManagers store
#algorithm = “” # Algorithm used SSLContext’s KeyManagers store
}

but, I am getting the following message when Im executing the gatling project. Can anyone help me to solve this issue.

11:57:39.968 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:39.987 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.020 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.039 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.070 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.088 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.117 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.149 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.170 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.190 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.217 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.239 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.270 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.298 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.329 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.350 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.368 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine
11:57:40.401 [WARN ] i.g.h.a.ResponseProcessor - Request ‘GetProfiles’ failed: j.n.ConnectException: General SSLEngine

Topic		Replies	Views
Not able to setup client-side certificate in Gatling 2.2.5 Gatling (Open-Source)	0	132	May 23, 2017
Configure custom truststore Gatling (Open-Source)	4	119	October 9, 2024
SSL certificates and gatling Gatling (Open-Source)	2	239	May 23, 2014
gatling 3.0.1 - SSL problems even with useInsecureTrustManager Gatling (Open-Source)	3	255	December 13, 2018
SSL certificate seems not being sent to server (web services) Gatling (Open-Source)	3	692	September 16, 2016

Passing Public Key Certificate ( client side cert ) in Gatling 2.1.7

Related topics