Keystore configuration element in JMeter helps to configure the Client’s side certificate. Some systems require a Client-side certificate which helps the server to know exactly who is connecting. Today, in many organizations internal users must install and present a certificate when communicating with the server in order to receive authorization to log into the organization’s IT system. Such a scenario can be simulated using the Keystore Configuration element of Apache JMeter.Before adding a Keystore Configuration element, you must set up a Java Key Store with the client certificates that you want to test. Follow the below steps:
- Create your certificates either with Java keytool utility or through your PKI and covert them to a format acceptable by JKS: If you have a PKCS12 file, use the following command line to convert it to a JKS file:
keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12
-srcstorepass <certificate_password>
-keystore <keystore_filename>-storepass <stored_password>
- Changes need to be done in the system.properties file (if not available (or commented) then add (or uncomment) them:
javax.net.ssl.keyStore=path_to_keystore
javax.net.ssl.keyStorePassword=password_of_keystore
- Change your HTTP sampler implementation to Java (instead of HC3.1 or HC4)
How to add ‘Keystore Configuration’?
You can follow the below steps to add Keystore Configuration:
- Select the “Test Plan” node
- Right-click on the “Test Plan” node
- Hover the mouse on “Add”
- Hover the mouse on ‘Config Element‘
- Click on ‘Keystore Configuration’

What are the input fields of ‘Keystore Configuration’?
- Name: To provide element name
- Comments: To provide arbitrary comments (if any)
- Preload: This option helps you to choose whether you want to preload Keystore or not.
- Variable name holding certificate alias: Variable name that will contain the alias to use for authentication by client certificate.
- Alias Start Index: The index of the first key to use in Keystore, 0-based
- Alias End Index: The index of the last key to use in Keystore, 0-based. When using “Variable name holding certificate alias” ensure it is large enough so that all keys are loaded at startup.

How to verify?
To verify keystore creation and loading, view the JMeter log file:
2016/01/03 11:09:15 INFO – jmeter.util.SSLManager: JmeterKeyStore Location: testKeystore.jks type JKS
2016/01/03 11:09:15 INFO – jmeter.util.SSLManager: KeyStore created OK
2016/01/03 11:09:15 INFO – jmeter.util.SSLManager: Total of 1 aliases loaded OK from keystore
You may be interested: