0

I have been trying to record a google cloud hosted application from my company based VM. I am using proxy to reach the website to record the flow. Jmeter version is 5.4.3 with Azul Zulu JDK 11.76.21

I have all connection open and also network team verified no blocks from VM to this URl.

When i start recording, I can navigate to third party site e.g. microsoft.com , but when i try to reach my target application, i get below error. First i get connection reset error then if i refresh then i get below unknown CA error.

I have applied Jmeter client certificate and places under Trusted CA folder, but still no luck. Also changed https.socket.protocol values from (SSLv2, 3, TLS, TLS1 etc) and currently using TLSv1.3.

After all these still this issue is not going away and not able to record any step at all.

javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
Improve this question
1
  • Please provide enough code so others can better understand or reproduce the problem. Commented May 18 at 7:11

3 Answers 3

Reset to default
0

from Jmeter ---> target url

download the CA/chain from target url from browser, and add it to the JVM/JAVA ca, on which Jmeter is running.

or start the jmeter with trust store where you have uploaded the certificate and its corresponding CA

-Djavax.net.ssl.trustStore=path/to/your/truststore.jks -Djavax.net.ssl.trustStorePassword=your_password

jmeter -n -t test_plan.jmx -l result.jtl -Djavax.net.ssl.trustStore=path/to/your/truststore.jks -Djavax.net.ssl.trustStorePassword=your_password

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If you can reach microsoft.com via browser using JMeter as a proxy and getting unknown_ca for your system under test it might mean that you need to send a client certificate.

Ask around whether it's the case and if yes - get the certificate, import it into a Java Keystore and make JMeter aware of this keystore by setting javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword system properties.

See How to Set Your JMeter Load Test to Use Client Side Certificates

Also there is an alternative way of recording a JMeter test - JMeter Chrome Extension, in this case you won't have to worry about proxies and certificates.

Improve this answer

Comments

0

Thanks both for the valuable input in this matter.

While I was adding client certificate , I observed an old certificate entry in system.properties file, and after disabling that, my recording started working.

Improve this answer

1 Comment

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.