Keystore Configuration

/ Jmeter / By

JMeter – Keystore Configuration

The JMeter keystore configuration element helps to configure the client-side certificate. Some systems require a client-side certificate, which allows the server to identify the exact client making the connection. In many organizations today, to access the company’s IT system, internal users must install and display a certificate when interacting with the server. The Apache JMeter keystore configuration element can replicate such a scenario. You must configure a Java keystore with the client certificates you want to test before adding a keystore configuration element. While doing the following:

• Create your certificates using the PKI or Java key tool and then convert them to a JKS-acceptable format: Use the following command line to change a PKCS12 file to a JKS file if you have one:

• The command line parameters are: keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 -srcstorepass “certificate_password”

• -keystore ”keystore_filename” the stored password, storepass

• Changes must be made to the system.properties file; if it’s not there or has been commented out, add (or uncomment) it:

• javax.net.ssl.keyStore=path_to_keystore

• javax.net.ssl.keyStorePassword=keystore_password

• Instead of using HC3.1 or HC4, change your sample HTTP implementation to Java.

How do I add ‘Keystore Settings’?

You can follow the steps below to add the keystore configuration:

  1. Select the “Test Plan” node.
  2. Right-click on the “Test Plan” node.
  3. Move your mouse over “Add”
  4. Move your mouse over ‘Configuration Item’
  5. Click ‘Keystore Settings’

JMeter - Keystore Configuration

What are the input fields of ‘Keystore Configuration’?

  • Name: To provide element name
  • Comments: To provide arbitrary comments (if any)
  • Preload: This option helps you to choose whether you want to preload Keystore or not.
  • Variable name holding certificate aliasVariable name that will contain the alias to use for authentication by client certificate.
  • Alias Start IndexThe index of the first key to use in Keystore, 0-based
  • Alias End IndexThe index of the last key to use in Keystore, 0-based. When using “Variable name holding certificate alias” ensure it is large enough so that all keys are loaded at startup. 
JMeter - Keystore Configuration

How can I check?

View the JMeter log file to confirm the creation and loading of the Keystore

INFO – jmeter.util at 2016/01/03 11:09:15.JmeterKeyStore Location: testKeystore.jks type: SSLManager JKS

INFO – jmeter.util at 2016/01/03 11:09:15.SSLManager: OK, generated KeyStore

INFO – jmeter.util at 2016/01/03 11:09:15.SSLManager: The keystore successfully loaded a total of 1 alias.

Scroll to Top