Self Signed Keystore configuration , without have to provide TrustStore

HTTPS request throws the following error.
Wrapped by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe

Error is because I use self signed certificate. I understand this will be solved by providing the TrustStore of my servers. However the documentation says (http://gatling.io/docs/2.1.4/http/http_ssl.html)
“Default Gatling TrustStore is very permissive and doesn’t validate certificates, meaning that it works out of the box with self-signed certificates.”

Can I run a Test with outhaving to provide TrustStore…? Jmeter accepts self signed certs without having to provide TrustStore.!

Am I miisng any thing in my configuration…?

acceptAnyCertificate = true
httpsEnabledProtocols = “TLSv1.2”
ssl {
trustStore {
#type = “” # Type of SSLContext’s TrustManagers store
#file = “” # Location of SSLContext’s TrustManagers store
#password = “” # Password for SSLContext’s TrustManagers store
#algorithm = “” # Algorithm used by SSLContext’s TrustManagers store
}
keyStore {
type = “JKS” # Type of SSLContext’s KeyManagers store
file = “C:/Vividh/keys/lp3_ret.jks” # Location of SSLContext’s KeyManagers store
password = “synth” # Password for SSLContext’s KeyManagers store
#algorithm = “” # Algorithm used SSLContext’s KeyManagers store
}
}

Is your certificate self-signed, or signed with a private CA?
Are you sure your issue is not that your server doesn’t properly implement SNI, so you should disable it?

Certificate is Self-Signed.
Don’t get me wrong here, when it works with Jmeter the SNI should be implement correctly right…?

I just ran this test, that targets a self signed certificate, both with 2.1.4 and current master:

val httpProtocol = http
.baseURL(“https://support.excilys.com”)
.acceptCharsetHeader(“ISO-8859-1,utf-8;q=0.7,;q=0.7")
.acceptHeader("text/html,application/xhtml+xml,application/xml;q=0.9,
/*;q=0.8”)
.acceptLanguageHeader(“fr,fr”)
.userAgentHeader(“Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1”)

val selfSigned = scenario(“selfSigned”)
.exec(http(“selfSigned”).get("/"))

setUp(selfSigned.inject(atOnceUsers(1))).protocols(httpProtocol)

Everything is fine.

THEN, if I turn acceptAnyCertificate to false in gatling.conf, I indeed get errors.

Regarding JMeter, I can’t tell. They could be disabling SNI by default.

OK, after digging around in the Jmeter configurations I found -Djsse.enableSNIExtension=false was set during the startup.

Can I disable SNIExtension in Gatling by set the above flag using Intellij Maven plug in.

OK, after digging around in the Jmeter configurations I
found -Djsse.enableSNIExtension=false was set during the startup.

As expected.

We've been considering disabling SNI by default:
https://github.com/gatling/gatling/issues/2551
But the feedback from the community we had so far was that the information
that the SNI set up wasn't correct was interesting.

Can I disable SNIExtension in Gatling by set the above flag using Intellij

Maven plug in.

Of course. In the Maven.Runner section.

@Vividh were able to get around this problem by disabling SNI?

@Stephane I disabled the SNI by passing ( -Djsse.enableSNIExtension=false ) as system property. It did not work. I get this error

Wrapped by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_65]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_65]