Problems with SSL in Gatling Recorder

Hank · September 24, 2013, 5:44pm

Hi, I’m having problems with SSL in Gatling Recorder. I’m using Firefox in Mac OS X (because it allows me to use custom proxy settings). When I attempt to navigate to a secured site, I get a “This Connection is Untrusted” warning. Viewing the technical details gives the following message:

www.github.com uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for Gatling

(Error code: sec_error_ca_cert_invalid)

When I attempt to add an exception, I receive a “No Information Available” message, and there’s no way for me to confirm the security exception or import the gatling certificate. The following exception appears in my terminal window.

10:39:20.765 [WARN ] i.g.r.h.h.BrowserHttpsRequestHandler - Trying to connect to https://www.github.com:443, make sure you’ve accepted the recorder certificate for this site
10:39:20.783 [ERROR] i.g.r.h.h.BrowserHttpsRequestHandler - Exception caught
javax.net.ssl.SSLException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) ~[na:1.7.0_21]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_21]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1225) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:913) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) ~[netty-3.6.6.Final.jar:na]
at io.gatling.recorder.http.ssl.FirstEventIsUnsecuredConnectSslHandler.handleUpstream(FirstEventIsUnsecuredConnectSslHandler.scala:31) ~[gatling-recorder-2.0.0-M3a.jar:na]
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) ~[netty-3.6.6.Final.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_21]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_21]
at java.lang.Thread.run(Thread.java:722) [na:1.7.0_21]

I’m using gatling-charts-highcharts-2.0.0-M3a-bundle. I’ve tried using the Mac OS X system proxy with both Google Chrome and Firefox and I’m getting the same behavior there. Any suggestions for getting this to work?

Thanks,
Hank

Excilys · September 24, 2013, 6:54pm

Hi,

You probably have to remove github’s certificate from Firefox’s keystore, as explained here: https://github.com/excilys/gatling/wiki/Recorder#wiki-https

Cheers,

Stéphane

Hank · September 24, 2013, 8:23pm

There doesn’t seem to be a certificate for github in the Firefox keystore - there’s a root certificate authority for DigiCert High Assurance EV CA-1, which is the authority that issues the Github certificate, but even deleting/distrusting that authority doesn’t change the certificate behavior in Firefox - I go to add an exception and it gives me the “No information available” error.

Is there perhaps a place where I can get the Gatling cert file so I can try manually adding it to my trusted certificates list?

Thanks,
Hank

Excilys · September 24, 2013, 9:00pm

Damn, this was possible a few weeks ago, Firefox probably changed that.

Until someone finds a solution, the only way I see is the HAR support: https://github.com/excilys/gatling/wiki/Gatling-2#wiki-recorder

Excilys · September 26, 2013, 12:39pm

I have no problems with other sites such as https://www.secure.bnpparibas.net.

I won’t have the cycles to investigate this any time out. If you find out the reason why it doesn’t work for github, please let us know.

Regards,

Stéphane

Topic		Replies	Views
Certificates Usage / Private Key Gatling (Open-Source)	1	196	February 5, 2022
Gatling recorder with https urls Gatling (Open-Source)	2	132	January 4, 2013
Help to overcome certificate error Gatling (Open-Source)	2	229	March 20, 2020
Gatling [2] recorder https proxy halts Gatling (Open-Source)	5	145	August 25, 2014
adding a certificate for a https site Gatling (Open-Source)	5	270	February 13, 2015

Problems with SSL in Gatling Recorder

Related topics