0

I'm trying to use JMeter to test my app by sniffing the packet and then replaying them. I followed the instructions of JMeter, by creating a HTTPS Test Script Record, configuring the proxy both on my phone and installed the certificate generated by Apache, but I still get this exception:

2018-02-27 11:16:50,564 INFO o.a.j.p.h.p.ProxyControl: [62991] Creating entry xxx.111-xxx.ch in C:\xxx\apache-jmeter-4.0\bin\proxyserver.jks
2018-02-27 11:16:50,564 ERROR o.a.j.p.h.p.Proxy: [63017]  Problem with keystore
java.io.IOException:   >> erreur keytool : java.lang.RuntimeException: java.io.IOException: DNSName components must begin with a letter <<
Command failed, code: 1
'keytool -genkeypair -alias xxx.111-xxx.ch -dname "cn=xxx.111-xxx.ch, o=JMeter Proxy (TEMPORARY TRUST ONLY)" -keyalg RSA -keystore proxyserver.jks -storepass {redacted} -keypass {redacted} -validity 7 -ext san=dns:xxx.111-xxx.ch'
    at org.apache.jorphan.exec.KeyToolUtils.genkeypair(KeyToolUtils.java:171) ~[jorphan.jar:4.0 r1823414]
    at org.apache.jorphan.exec.KeyToolUtils.generateSignedCert(KeyToolUtils.java:285) ~[jorphan.jar:4.0 r1823414]
    at org.apache.jorphan.exec.KeyToolUtils.generateHostCert(KeyToolUtils.java:276) ~[jorphan.jar:4.0 r1823414]
    at org.apache.jmeter.protocol.http.proxy.ProxyControl.updateKeyStore(ProxyControl.java:1563) ~[ApacheJMeter_http.jar:4.0 r1823414]
    at org.apache.jmeter.protocol.http.proxy.Proxy.getSSLSocketFactory(Proxy.java:324) [ApacheJMeter_http.jar:4.0 r1823414]
    at org.apache.jmeter.protocol.http.proxy.Proxy.startSSL(Proxy.java:429) [ApacheJMeter_http.jar:4.0 r1823414]
    at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:194) [ApacheJMeter_http.jar:4.0 r1823414]
2018-02-27 11:16:50,564 WARN o.a.j.p.h.p.Proxy: [63017]  Unable to negotiate SSL transaction, no keystore?
2018-02-27 11:16:50,564 ERROR o.a.j.p.h.p.Proxy: [63017]  Exception when processing sample

Can anyone help ?

Maloz
  • 165
  • 1
  • 2
  • 17
  • 1
    Possible duplicate of [Self-signed certificate: DNSName components must begin with a letter](https://stackoverflow.com/questions/33827789/self-signed-certificate-dnsname-components-must-begin-with-a-letter) – Omikron Feb 27 '18 at 10:37
  • Almost the same problem I think but I didn't managed to modify or create correct jks store with KeyStore, so I wanted to see if someone found another way to handle with that bug – Maloz Feb 27 '18 at 10:40
  • it's not a bug though: 111-xxx.ch violates DNS naming RFC. So behavior is correct. Don't know if there's a workaround, but a real solution would be to change domain name to be RFC-compatible. E.g. a111-xxx.ch – timbre timbre Feb 27 '18 at 16:27
  • According to this post: https://serverfault.com/questions/638260/is-it-valid-for-a-hostname-to-start-with-a-digit it looks like it's not violating the news rules about domain naming, is it? – Maloz Mar 05 '18 at 08:08

0 Answers0