Hi! I'm currently trying to test a web application and encountered a certificate error. According to the documentation all certificates should be accepted despite validity, but in my case the certificate is valid for https://www.example.com and I need to run tests for https://servername:port In wget I get ERROR: cannot verify servernames's certificate, issued by `xx': Self-signed certificate encountered. ERROR: certificate common name `example' doesn't match requested host name `servername'. To connect to localhost insecurely, use `--no-check-certificate'. Unable to establish SSL connection. Which works when bypassing with the --no-check-certificate option. In jmeter i get the following error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412) at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328) at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:619) at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:379) at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74) at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1146) at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1135) at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:465) at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:410) at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:241) at java.lang.Thread.run(Unknown Source) Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source) at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source) ... 28 more
*** This bug has been marked as a duplicate of bug 56357 ***
This issue cannot be solved by the given workaround in ticket 56357. The issue is a certificate name missmatch. I.e. localhost vs www.example.com and not an issue with certificate algorithm or size.
The stacktrace shown is the same as in the linked duplicate, so I believe that you originally had two problems. If the server has a different name in the certificate than the name, you are using for lookup, you can try to use a DNS config element in newer JMeter versions. As this is a rather old issue, I tend to close it, if no one is arguing against it.
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/4215