Importing the pem certificate into jmeter test plan

0
votes

Currently I am doing the API load test using the LoadRunner, where the mTLS is implemented on the server side. Also I am able to include the certficates(2 pem files) using the web_set_certificate_ex function by passing the cerificate paths(clientA-crt.pem and clientA-key.pem) - the calls works perfectly fine.

Now we are planning to use jmeter for load testing. As first step, I converted pem into p12 format using the following command openssl pkcs12 -export -out Cert.p12 -in clientA-crt.pem -inkey clientA-key.pem -passin pass:root -passout pass:root

https://www.ibm.com/support/knowledgecenter/en/SSPH29_9.0.3/com.ibm.help.common.infocenter.aps/t_ConvertthepfxCertificatetopemFormat068.html

Then next step I am converting the cert.p12 into java keystore using the following command keytool -importkeystore -srckeystore Cert.p12 -srcstoretype PKCS12 -srcstorepass root123 -keystore dex.jks -storepass root111

https://www.blazemeter.com/blog/how-set-your-jmeter-load-test-use-client-side-certificates/

The below error is encountered: Importing keystore Cert.p12 to dex.jks... keytool error: java.io.IOException: keystore password was incorrect

Can someone let me know where I am going wrong.

Contents of clientA-crt.pem

-----BEGIN CERTIFICATE----- some alphanumeric values -----END CERTIFICATE-----

Contents of clientA-key.pem

-----BEGIN RSA PRIVATE KEY----- some alphanumeric values -----END RSA PRIVATE KEY-----

1
ssljmeterclient-certificates

1 Answers

0
votes

  1. You don't need to convert PKCS12 keystore into a JKS keystore, JMeter can deal with both types, moreover it's recommended to use PKCS12 as JKS is a proprietary format. You just need to "tell" JMeter to use PKCS12 format via system.properties file 

    javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=Cert.p12
javax.net.ssl.keyStorePassword=root

  2. If you want to use the .jks type for any reason you need to provide the same password as you specified during the keystore creation:

    keytool -importkeystore -srckeystore Cert.p12 -srcstoretype PKCS12  -srcstorepass root -keystore dex.jks  -storepass root111

It might be easier to use a GUI-based tool like KeyStore Explorer if you are not too familiar with OpenSSL and Keytool command-line utilities.

More information: How to Set Your JMeter Load Test to Use Client Side Certificates