Reproducing: - Clone https://github.com/hokein/electron-sample-apps/tree/master/client-certificate - Run ssl/setup.sh - Run node server.js - Input the client.p12 into firefox "Your certificate" - Hit https://localhost:5000 , you are asked for a certificate and then have approved page Now to test with JMeter: - Setup -Djavax.net.ssl.keyStore=<path to client.p12> -Djavax.net.ssl.keyStorePassword=password - Clear your FF history - Use Recording Template - Start it - Add JMeter ROOT CA in FF - Hit https://localhost:5000, you immediately get "denied" Switch implementation for Java and restart: - Clear your FF history - You get approved
After further investigation it appears that issue was due to an old SSLManager that was an instance variable of HttpSSLProtocolSocketFactory which was used. As an effect first certificate loaded was incorrect, updating it with SSLManager menu had no effect.
Author: pmouawad Date: Sun Feb 18 20:48:21 2018 New Revision: 1824707 URL: http://svn.apache.org/viewvc?rev=1824707&view=rev Log: Bug 62114 - HTTP(S) Test Script Recorder : Client certificate authentication uses the first SSLManager created Contributed by UbikLoadPack Bugzilla Id: 62114 Modified: jmeter/trunk/src/core/org/apache/jmeter/util/HttpSSLProtocolSocketFactory.java jmeter/trunk/src/core/org/apache/jmeter/util/JsseSSLManager.java jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/sampler/HTTPHC4Impl.java jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/util/HC4TrustAllSSLSocketFactory.java jmeter/trunk/xdocs/changes.xml
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/4698