apache
GRPC mTLS request: Problem with client certificates being returned empty
Expected behavior
Client certificates should be populated with correct certificates provided in config Log file with detailed flow has been attached
Actual behavior
javax.net.ssl|ALL|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.685 IST|X509Authentication.java:249|No X.509 cert selected for RSA
javax.net.ssl|WARNING|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.685 IST|CertificateMessage.java:1084|Unavailable authentication scheme: rsa_pkcs1_sha384
javax.net.ssl|ALL|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.685 IST|X509Authentication.java:249|No X.509 cert selected for RSA
javax.net.ssl|WARNING|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.686 IST|CertificateMessage.java:1084|Unavailable authentication scheme: rsa_pkcs1_sha512
javax.net.ssl|WARNING|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.686 IST|CertificateMessage.java:1094|No available authentication scheme
javax.net.ssl|DEBUG|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.686 IST|CertificateMessage.java:1106|No available client authentication scheme
javax.net.ssl|DEBUG|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.686 IST|CertificateMessage.java:1140|Produced client Certificate message (
"Certificate": {
"certificate_request_context": "",
"certificate_list": [
]
}
)
consolelogJmeter.txt
Steps to reproduce the problem
-
Configure a grpc request sampler config
-
System.properties are configured for keystore and trustore config as per documentation.
-
Launch jmeter In jmeter.log keystore is created OK 2024-07-09 15:04:39,608 INFO o.a.j.c.KeystoreConfig: Configuring Keystore with (preload: 'True', startIndex: 0, endIndex: 1, clientCertAliasVarName: 'certAlias') 2024-07-09 15:04:39,609 INFO o.a.j.u.JsseSSLManager: Using default SSL protocol: TLS 2024-07-09 15:04:39,609 INFO o.a.j.u.JsseSSLManager: SSL session context: per-thread 2024-07-09 15:04:39,609 DEBUG o.a.j.u.JsseSSLManager: ssl Provider = null 2024-07-09 15:04:39,610 DEBUG o.a.j.u.JsseSSLManager: SSL stuff all set 2024-07-09 15:04:39,610 DEBUG o.a.j.u.JsseSSLManager: JsseSSLManager installed 2024-07-09 15:04:39,610 INFO o.a.j.u.SSLManager: JmeterKeyStore Location: /home/ebjjssh/newcert3jul/keys/client.jks type JKS 2024-07-09 15:04:39,613 INFO o.a.j.u.SSLManager: KeyStore created OK
-
Jmeter console logs show client certificates as empty while keystore and trustore config correct. javax.net.ssl|WARNING|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.685 IST|CertificateMessage.java:1084|Unavailable authentication scheme: rsa_pkcs1_sha384 javax.net.ssl|ALL|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.685 IST|X509Authentication.java:249|No X.509 cert selected for RSA javax.net.ssl|WARNING|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.686 IST|CertificateMessage.java:1084|Unavailable authentication scheme: rsa_pkcs1_sha512 javax.net.ssl|WARNING|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.686 IST|CertificateMessage.java:1094|No available authentication scheme javax.net.ssl|DEBUG|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.686 IST|CertificateMessage.java:1106|No available client authentication scheme javax.net.ssl|DEBUG|E2|grpc-nio-worker-ELG-1-4|2024-07-09 15:04:40.686 IST|CertificateMessage.java:1140|Produced client Certificate message ( "Certificate": { "certificate_request_context": "", "certificate_list": [
] } )
JMeter Version
5.6.3
Java Version
17.0.7
OS Version
RHEL 8.7
note that gRPC won't get any support, since the author has archived it on their repo. Consider using other tools
