在 JMeter 中使用 AWS SSL 证书

Question

I have a collection in documentdb in which I need to verify the contents using JMeter. I'm relatively new to JMeter and I was wondering how I can connect JMeter to AWS document db. I tried using the SSL manager to use the rds-combined-ca-bundle.pem but it does not work with pem files. How can I use this pem file in JMeter?

Answer 1

You need to convert the PEM file to the.p12 using either OpenSSL tool like:

openssl pkcs12 -in certificate.pem -out certificate.p12 -nodes

Alternatively you can use the keytool and import the certificate into existing.p12 Java Keystore

keytool -import -v -alias your-certificate-alias-here -file certificate.pem -keystore certificate.p12

Once done you can specify the path to the certificate and its password in JMeter's system.properties file like

javax.net.ssl.keyStore=certificate.p12
javax.net.ssl.keyStorePassword=changeit

and after JMeter restart it will send encrypted requests to the backend.

More information: How to Set Your JMeter Load Test to Use Client Side Certificates

Answer 2

Use this script to import the.pem certificate for Amazon DocumentDB to the keystore:

#!/bin/bash

mydir=/tmp/certs
truststore="$mydir"/rds-truststore.jks
storepassword="truststorePassword" # at least 6 characters

mkdir -p "$mydir"; cd "$mydir" || exit
curl -sS "https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem" > "$mydir"/rds-combined-ca-bundle.pem
awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ".pem"}' < "$mydir"/rds-combined-ca-bundle.pem

for CERT in "$mydir"/rds-ca-*; do
  alias=$(openssl x509 -noout -text -in "$CERT" | perl -ne 'next unless /Subject:/; s/.*(CN=|CN = )//; print')
  echo "Importing $alias"
  keytool -import -file "$CERT" -alias "$alias" -storepass "$storepassword" -keystore "$truststore" -noprompt
  rm -f "$CERT"
done

rm -f "$mydir"/rds-combined-ca-bundle.pem

echo "Trust store content is: "

keytool -list -v -keystore "$truststore" -storepass "$storepassword" | grep Alias | cut -d " " -f3- | while read -r alias 
do
   expiry=$(keytool -list -v -keystore "$truststore" -storepass "$storepassword" -alias "$alias" | grep Valid | perl -ne 'if(/until: (.*?)\n/) { print "$1\n"; }')
   echo " Certificate ""$alias"" expires in '$expiry'" 
done

Then update system.properties as mentioned above with the location of the keystore and its password.