HTTPS request throws the following error.
Wrapped by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe
Error is because I use self signed certificate. I understand this will be solved by providing the TrustStore of my servers. However the documentation says (http://gatling.io/docs/2.1.4/http/http_ssl.html)
“Default Gatling TrustStore is very permissive and doesn’t validate certificates, meaning that it works out of the box with self-signed certificates.”
Can I run a Test with outhaving to provide TrustStore…? Jmeter accepts self signed certs without having to provide TrustStore.!
Am I miisng any thing in my configuration…?
acceptAnyCertificate = true
httpsEnabledProtocols = “TLSv1.2”
#type = “” # Type of SSLContext’s TrustManagers store
#file = “” # Location of SSLContext’s TrustManagers store
#password = “” # Password for SSLContext’s TrustManagers store
#algorithm = “” # Algorithm used by SSLContext’s TrustManagers store
type = “JKS” # Type of SSLContext’s KeyManagers store
file = “C:/Vividh/keys/lp3_ret.jks” # Location of SSLContext’s KeyManagers store
password = “synth” # Password for SSLContext’s KeyManagers store
#algorithm = “” # Algorithm used SSLContext’s KeyManagers store
Is your certificate self-signed, or signed with a private CA?
Are you sure your issue is not that your server doesn’t properly implement SNI, so you should disable it?
Certificate is Self-Signed.
Don’t get me wrong here, when it works with Jmeter the SNI should be implement correctly right…?
I just ran this test, that targets a self signed certificate, both with 2.1.4 and current master:
val httpProtocol = http
.userAgentHeader(“Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1”)
val selfSigned = scenario(“selfSigned”)
Everything is fine.
THEN, if I turn acceptAnyCertificate to false in gatling.conf, I indeed get errors.
Regarding JMeter, I can’t tell. They could be disabling SNI by default.
OK, after digging around in the Jmeter configurations I found -Djsse.enableSNIExtension=false was set during the startup.
Can I disable SNIExtension in Gatling by set the above flag using Intellij Maven plug in.
OK, after digging around in the Jmeter configurations I
found -Djsse.enableSNIExtension=false was set during the startup.
We've been considering disabling SNI by default:
But the feedback from the community we had so far was that the information
that the SNI set up wasn't correct was interesting.
Can I disable SNIExtension in Gatling by set the above flag using Intellij
Maven plug in.
Of course. In the Maven.Runner section.
@Vividh were able to get around this problem by disabling SNI?
@Stephane I disabled the SNI by passing ( -Djsse.enableSNIExtension=false ) as system property. It did not work. I get this error
Wrapped by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_65]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_65]