'Using the AWS SSL certificate in JMeter

I have a collection in documentdb in which I need to verify the contents using JMeter. I'm relatively new to JMeter and I was wondering how I can connect JMeter to AWS document db. I tried using the SSL manager to use the rds-combined-ca-bundle.pem but it does not work with pem files. How can I use this pem file in JMeter?

ssljmeterpemaws-documentdb


Solution 1:[1]

You need to convert the PEM file to the .p12 using either OpenSSL tool like:

openssl pkcs12 -in certificate.pem -out certificate.p12 -nodes

Alternatively you can use the keytool and import the certificate into existing .p12 Java Keystore

keytool -import -v -alias your-certificate-alias-here -file certificate.pem -keystore certificate.p12

Once done you can specify the path to the certificate and its password in JMeter's system.properties file like

javax.net.ssl.keyStore=certificate.p12
javax.net.ssl.keyStorePassword=changeit

and after JMeter restart it will send encrypted requests to the backend.

More information: How to Set Your JMeter Load Test to Use Client Side Certificates

Solution 2:[2]

Use this script to import the .pem certificate for Amazon DocumentDB to the keystore:

#!/bin/bash

mydir=/tmp/certs
truststore="$mydir"/rds-truststore.jks
storepassword="truststorePassword" # at least 6 characters

mkdir -p "$mydir"; cd "$mydir" || exit
curl -sS "https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem" > "$mydir"/rds-combined-ca-bundle.pem
awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ".pem"}' < "$mydir"/rds-combined-ca-bundle.pem

for CERT in "$mydir"/rds-ca-*; do
  alias=$(openssl x509 -noout -text -in "$CERT" | perl -ne 'next unless /Subject:/; s/.*(CN=|CN = )//; print')
  echo "Importing $alias"
  keytool -import -file "$CERT" -alias "$alias" -storepass "$storepassword" -keystore "$truststore" -noprompt
  rm -f "$CERT"
done

rm -f "$mydir"/rds-combined-ca-bundle.pem

echo "Trust store content is: "

keytool -list -v -keystore "$truststore" -storepass "$storepassword" | grep Alias | cut -d " " -f3- | while read -r alias 
do
   expiry=$(keytool -list -v -keystore "$truststore" -storepass "$storepassword" -alias "$alias" | grep Valid | perl -ne 'if(/until: (.*?)\n/) { print "$1\n"; }')
   echo " Certificate ""$alias"" expires in '$expiry'" 
done

Then update system.properties as mentioned above with the location of the keystore and its password.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Dmitri T
Solution 2 Mihai A

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

Solving sslv3 alert handshake failure when trying to use a client certificate

Nginx the event was not signaled for 5s

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

How to fix ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)?

tls unsigned certificate when using terraform

Library not loaded: /opt/local/lib/libssl.1.0.0.dylib (LoadError)

SSL certificate error for IE users only

Mongodb SSL - unable to get issuer certificate

Where can I find the WAMP error log?

How to convert certificate from PEM to JKS?

CondaHTTPError: HTTP 000 CONNECTION FAILED for url - Anaconda

Getting Chrome to accept self-signed localhost certificate

"ssl module in Python is not available" when installing package with pip3