JMeter/Java Exceptions with SSL secured websites

Last week i had to setup a JMeter Testsuite for performance measurement of an SSL Secured Website. No big deal I thought, but I was completely wrong! Finally it took about one day to get rid of this annoying error below. At this point i need to mention, the server is running with a selfsigned certificate and Apache 2.x

For each request the client throws either an NullPointerException or SSLPeerUnverifiedException.

Java HTTP Client 4.0

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)

at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)

at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)

at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)

at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)

at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)

at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)

at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)

at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:277)

at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:62)

at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1054)

at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1043)

at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:416)

at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:271)

at java.lang.Thread.run(Thread.java:680)

Java HTTP Client 3.1

javax.net.ssl.SSLException: java.lang.NullPointerException

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:93)

at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)

at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)

at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)

at org.apache.jmeter.protocol.http.sampler.HTTPHC3Impl.sample(HTTPHC3Impl.java:249)

at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:62)

at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1054)

at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1043)

at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:416)

at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:271)

at java.lang.Thread.run(Thread.java:680)

Caused by: java.lang.NullPointerException

at org.apache.jmeter.util.keystore.JmeterKeyStore.getAlias(JmeterKeyStore.java:139)

at org.apache.jmeter.util.JsseSSLManager$WrappedX509KeyManager.chooseClientAlias(JsseSSLManager.java:380)

at com.sun.net.ssl.internal.ssl.AbstractWrapper.chooseClientAlias(SSLContextImpl.java:262)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:639)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)

... 16 more

I spent the main time of investigation on the JMeter/Java side. I’ve played around with the Java Keystore, created new certificates and searched trough internet forums.

From one to the other second i had the solution. The Website is running in a virtualHost container in the apache. The server is configured to serve sites as namebased virtualhosts. The SSL configuration has been done also inside the virtualhost configuration. Browsers do support this configuration without any problems. Its hard to point to any error at this point. I know from my previous employer, we configured a single separate ip for each SSL secured virtualHost in apache.

After configuring the website as a standalone site, outside an virtualhost container, everything worked perfectly.

If anyone has an idea how this problem could be solved from java side or has en explanation why this is as it is, i would be interested!

Update:

There is a technologie called SNI (Server Name Indication) which is responsible to make an handshake between client and server with TLS on a hostname basis possible. I looks like Java7 will support SNI. Is there no way to support SNI with Java versions below 7?