JMeter – Keystore Configuration

JMeter - Keystore Configuration

Keystore configuration element in JMeter helps to configure the Client’s side certificate. Some systems require a Client-side certificate which helps the server to know exactly who is connecting. Today, in many organizations internal users must install and present a certificate when communicating with the server in order to receive authorization to log into the organization’s IT system. Such a scenario can be simulated using the Keystore Configuration element of Apache JMeter.Before adding a Keystore Configuration element, you must set up a Java Key Store with the client certificates that you want to test. Follow the below steps:

  • Create your certificates either with Java keytool utility or through your PKI and converting them to a format acceptable by JKS: If you have a PKCS12 file, use the following command line to convert it to a JKS file:
    keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12
    -srcstorepass <certificate_password>
    -keystore <keystore_filename>-storepass <stored_password>
  • Changes need to be done in system.properties file (if not available (or commented) then add (or uncomment) them:
    javax.net.ssl.keyStore=path_to_keystore
    javax.net.ssl.keyStorePassword=password_of_keystore
  • Change your HTTP sampler implementation to Java (instead of HC3.1 or HC4)

How to add ‘Keystore Configuration’?

You can follow below steps to add Keystore Configuration:

  1. Select “Test Plan” node
  2. Right-click on “Test Plan” node
  3. Hover the mouse on “Add”
  4. Hover the mouse on ‘Config Element
  5. Click on ‘Keystore Configuration’ 
JMeter - Keystore Configuration
Figure 01

What are the input fields of ‘Keystore Configuration’?

  • Name: To provide element name
  • Comments: To provide arbitrary comments (if any)
  • Preload: This option helps you to choose whether you want preload Keystore or not?
  • Variable name holding certificate aliasVariable name that will contain the alias to use for authentication by client certificate.
  • Alias Start IndexThe index of the first key to use in Keystore, 0-based
  • Alias End IndexThe index of the last key to use in Keystore, 0-based. When using “Variable name holding certificate alias” ensure it is large enough so that all keys are loaded at startup. 
JMeter - Keystore Configuration
Figure 02

How to verify?

To verify keystore creation and loading, view JMeter log file

2016/01/03 11:09:15 INFO  – jmeter.util.SSLManager: JmeterKeyStore Location: testKeystore.jks type JKS
2016/01/03 11:09:15 INFO  – jmeter.util.SSLManager: KeyStore created OK
2016/01/03 11:09:15 INFO  – jmeter.util.SSLManager: Total of 1 aliases loaded OK from keystore


Leave a Reply

Your email address will not be published. Required fields are marked *