Menu
So I have JMeter setup to test my SSL-enabled site (I've got a real certificate from Geotrust, not a self-signed cert) and I've been running into problems when I try testing an SSL connection directly from Tomcat. I get:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:277)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:62)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1060)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1049)
at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:442)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:271)
at java.lang.Thread.run(Thread.java:680)
whenever I try to connect. This is using JMeter 2.7 with the HttpClient4 implementation. It is a simple GET request to one of my services hosted on Tomcat 7 (7.0.27 for anyone interested).
Here is my Tomcat config for my SSL connector. Note that I have APR/native installed and this is running on an Ubuntu 12.04 server up on EC2.
<Connector port="8443" maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
URIEncoding="UTF-8"
acceptorThreadCount="5"
maxThreads="400"
scheme="https"
secure="true"
SSLEnabled="true"
SSLCipherSuite="ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
SSLHonorCipherOrder="true"
SSLVerifyClient="optional"
SSLCertificateFile="/etc/tomcat7/ssl/star.example.com.crt"
SSLCertificateKeyFile="/etc/tomcat7/ssl/star.example.com.key"
SSLCertificateChainFile="/etc/tomcat7/ssl/geotrust.crt" />
Again this is just a problem with JMeter. I can hit the site without issue using any browsers, and if I stick Apache in front of Tomcat and use either mod_proxy or mod_jk, I have no issues. Any help would be appreciated.
667
After your last comment, I managed to reproduce issue with certificate not matching your host AND with the one matching your host.
It seems you are facing a bug in Java 6. Indeed I reproduce issue with JDK6 but not in JDK7 with JMeter 2.7.
To record this I opened bug here:
And here and Oleg gave me the hint about JDK7 :
Analysing further your configuration it might be coming from your custom tomcat7 config:
SSLCipherSuite="ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
SSLHonorCipherOrder="true"
Maybe you could try a change, but anyway it works with JDK7 so you have your solution.
Thanks very much for proposing this publicly available URL to test issue.
Thanks
79
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
