Updated
It’s been dark over net and was hard to find any
good and consolidated doc about this. I got some information and trying to
consolidate all and putting here.
For your brief information A keystore contains
private keys, and the certificates with their corresponding public keys. A
truststore contains certificates from other parties that you expect to
communicate with, or from Certificate Authorities that you trust to identify
other parties. If you open any browser you can see truststore of all valid CA
installed in browser by default. If you have installed any .pfx certificate for
authentication in browser you can see in keystore of browser.
Please follow the steps as needed for you
requirement.
Phase 1: If server supports ssl (https). One ways SSL. This is very common SSL
where your server have certificate. Gmail is an example of one way SSL when you hit gmail it always opens in https://
Phase 2: Two way SSL where server is configured for two ways SSL. It is next
step of one way ssl. Here when server handshake happens it ask for user authentication
and one certificate would be installed in your browser.
How to test
Phase 1:
It is very simple. You need Jmeter. You need java
keytoo.exe which come in all latest version of java under java/jdk/bin
directory.
Steps:
1.) Make Sure you have java 1.5 or above version installed and classpath
configured
2.) Download Jmeter (http://jmeter.apache.org/download_jmeter.cgi)
3.) Unzip Jmeter
4.) Open browser, hit the https (SSL) site that you want to test
5.) If Site is https then the URL first part will be in green color
6.) Click on Green part
7.) One pop up will open, Select More Information button
8.) Next Select Security -> View Certificate ->Details
9.) Select the Root CA and export it. See picture below for your
understanding. (You can save in PEM or .der format)
10.)
Now using java keytool.exe convert exported file to
.jks
keytool -importcert
-alias mycert -file exportedFile.der -keystore Convertedtruststore.jks
-storepass password
11.) Now copy this jks file in some
directory. I create a cert directory in jmeter and
Keep this
file there.
12.)
Now open file system.properties from jmeter/bin
Add this
line at that end of the file.
javax.net.ssl.trustStore=C:/jakarta-jmeter-2.4/Convertedtruststore.jks
(Make sure all other javax.net.ssl.trustStore is commented except what
you enter)
13.) Start jmeter from
jmeter/bin/jmeter.bat
14.) Create thread with server and
login details
And you are ready to test SSL
using Jmeter.
How to test
Phase 2:
You need java keytool, jmeter and jetty.jar to test
two way ssl. Download /jetty-6.1.22.zip from this location (http://dist.codehaus.org/jetty/jetty-6.1.22/jetty-6.1.22.zip).
Unzip this file.
There are lot more other stuff that we will not use
for SSL testing.
Look for jetty-6.1.22\jetty-6.1.22\lib\jetty-6.1.22.jar.
You just need this jar file from this whole download. Copy this at some
location.
Steps:
1.) Follow the same step to convert truststore to jks mention in Phase1.
2.) Copy your .pfx certificate (cert for login authentication) inside the
location where you
copied jetty-6.1.22.jar.
3.) Run below command to convert .pfx file to .jks file
java -classpath jetty-6.1.22.jar org.mortbay.jetty.security.PKCS12Import
AdminCert.pfx AdminKeystore.jks
Input keystore passphrase : is the password which you give while
installing the cert in browser.
Output keystore passphrase : new password if you want or else give the
same old password that you used while installing the cert.
Example:
C:\jakarta-jmeter-2.4>java
-classpath jetty-6.1.22.jar org.mortbay.jetty.securit
y.PKCS12Import
"ADMIN.pfx" "Admin_Keystore.jks"
Enter input
keystore passphrase: password123
Enter output
keystore passphrase: password
Alias 0:
a30aa2839c8903cfab4c10a0bf63bb38_ed9f8b24-03cd-4908-9bed-3adc703c5d80
Adding key
for alias a30aa2839c8903cfab4c10a0bf63bb38_ed9f8b24-03cd-4908-9bed-3a
dc703c5d80
4.) Copy these two .jks file and put it inside some directory in jmeter
(Mention in Phase1)
5.) Now open file system.properties from jmeter/bin
Add this
line at that end of the file.
javax.net.ssl.trustStore=C:/jakarta-jmeter-2.4/Convertedtruststore.jks
javax.net.ssl.keyStore=C:/jakarta-jmeter-2.4/Admin_Keystore.jks
javax.net.ssl.keyStorePassword=password
(Make sure all other
javax.net.ssl.trustStore, javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword are commented except what you enter)
7.) Create thread with server and login details
And you are ready to test SSL
using Jmeter.
Hope this will help you to test SSL using jmeter. Let
me know if you have any question.
Thanks,
Manoj
Rajan