[Webtest] Anyone using Webtest and SSL?

Siegfried Goeschl webtest@lists.canoo.com
Tue, 25 Apr 2006 11:16:32 +0200


Hi Troy,

you have a certificate problem and it is totally unrelated to WebTest.

As far as I understand it

+) you added the X.509 server certificate to your trusted keystore - you 
probably got already an error or warning

+) the SSL library tries to determine if you trust the server 
certificate by building up a chain of trust using the SubjectDN 
(Distinguished Name) and IssuerDN. You trust the certificate if and only 
if an issuer certificate along the chain of trust is found in the cacert 
of your JRE installation. In short - you have to add the root 
certificate of your CA (certification authority) to your cacert if it is 
not already there

+) there might be some other problems with your certificates and 
keystore but this scenario is rather likely. Most of the problems occur 
with self-signed cert and in-house CAs

+) IMHO forget the keytool - check out Portecle found at SourceForge. It 
is a GUI keytool based on the BouncyCastle libraries.

+) Try to get a SSL connection with a public server using a Verisign 
certificate since all of Verisign's root certificates are usually part 
of your JRE anyway. If this works you can tackle your certificate problem

Cheers,

Siegfried Goeschl




Paul King wrote:
> 
> Your webtest tests seem fine. I think it is a problem with the keystore.
> 
> Cheers, Paul.
> 
> Troy McGuire wrote:
> 
>> My specific issue, I think, is in regards to creating/using a trusted 
>> keystore.  I have followed the directions using keytool, but still 
>> received errors.  Marc Guillemot directed me to:
>>
>> http://webtest.canoo.com/webtest/reports/selftest/WebTestReport.html#testspec213 
>>
>>
>> So, I copied and pasted portions from that to my script, which appears 
>> to be a different implementation of what I already had, but I did get 
>> a different error.  Prior to making that change the error I was 
>> getting was:
>>
>> ***************************
>> [invoke]  INFO (com.canoo.webtest.steps.Step) - Exception thrown from 
>> this class: javax.net.ssl.SSLHandshakeException
>> [invoke]  INFO (com.canoo.webtest.steps.Step) - Message was: 
>> sun.security.validator.ValidatorException: PKIX path building failed: 
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to 
>> find valid certification path to requested target
>> ***************************
>>
>> After pasting/replacing some of the items from the link that Marc gave 
>> me I now get the following error:
>>
>> ***************************
>>  [invoke]  INFO (com.canoo.webtest.steps.Step) - Running with: Canoo 
>> Webtest: R_1274.
>>  [invoke]  INFO (com.canoo.webtest.steps.Step) - Exception thrown from 
>> this class: javax.net.ssl.SSLHandshakeException
>>  [invoke]  INFO (com.canoo.webtest.steps.Step) - Message was: 
>> sun.security.validator.ValidatorException: PKIX path validation 
>> failed: java.security.cert.CertPathValidatorException: timestamp check 
>> failed
>> ***************************
>>
>> I've searched the web for the above error, but really didn't find 
>> anything that let me know what the issue is.  Below are the two 
>> versions of my script (before and after the changes I made).
>>
>> ***********Script yielding the first error above****************
>> <?xml version="1.0"?>
>> <!DOCTYPE project SYSTEM 
>> "/usr/local/sbin/canoo_webtest/selftests/config/WebTest.dtd">
>>
>> <project name="loginpage" basedir="." default="main">
>>   <property name="webtest.connectioninitializer" 
>> value="com.canoo.webtest.security.SunJsseBaseConnectionInitializer" />
>>   <property name="webtest.truststore.file" value="trust.keystore" />
>>   <property name="webtest.truststore.passphrase" value="XXXXXX" />
>>   <property name="webtest.home" 
>> location="/usr/local/sbin/canoo_webtest" />
>>   <import file="${webtest.home}/lib/taskdef.xml" />
>>     <target name="main">
>>       <webtest name="loginpage">
>>           <config
>>               host="secure.customerdb.com"
>>               port="443"
>>               protocol="https"
>>               basepath="admin"
>>               summary="true"
>>               saveresponse="true"
>>               resultpath="results"
>>               resultfile="results.xml"/>
>>           <steps>
>>               <invoke
>>                   description="Get Login Page"
>>                   url="index.php" />
>>               <verifyTitle
>>                   description="Verify Login Page Title"
>>                   text="Customer :: Database Administration" />
>>           </steps>
>>       </webtest>
>>   </target>
>> </project>
>> ************************************************************************
>> ...and for the next/current one....
>> ***********Script yielding the second error above****************
>> <?xml version="1.0"?>
>> <!DOCTYPE project SYSTEM 
>> "/usr/local/sbin/canoo_webtest/selftests/config/WebTest.dtd">
>>
>> <project name="tm_loginpage" basedir="." default="main">
>>   <property name="webtest.home" 
>> location="/usr/local/sbin/canoo_webtest" />
>>   <import file="${webtest.home}/lib/taskdef.xml" />
>>   <target name="callBaseHttps">
>>       <antcall target="https">
>>           <param name="webtest.port" value="${webtest.ssl.port}"/>
>>           <param name="webtest.protocol" value="https"/>
>>           <param name="webtest.truststore.file" value="trust.keystore"/>
>>           <param name="webtest.truststore.passphrase" value="XXXXXX"/>
>>           <param name="webtest.connectioninitializer" 
>> value="com.canoo.webtest.security.SunJsseBaseConnectionInitializer"/>
>>           <param name="webtest.keystore.alias" value=""/>
>>       </antcall>
>>   </target>
>>   <target name="main">
>>       <webtest name="tm_loginpage">
>>           <config
>>               host="secure.customer.com"
>>               port="443"
>>               protocol="https"
>>               basepath="admin"
>>               summary="true"
>>               resultfile="results.xml"/>
>>           <steps>
>>               <invoke
>>                   description="Get Login Page"
>>                   url="index.php" />
>>               <verifyTitle
>>                   description="Verify Login Page Title"
>>                   text="Customer :: Dealer Database Administration" />
>>           </steps>
>>       </webtest>
>>   </target>
>> </project>
>> ************************************************************************
>>
>> Thanks for your response!
>>
>> Troy McGuire
>> troy AT spawnordie DOT com
>>
>>
>> Fabian Peters wrote:
>>
>>>
>>> Am 24.04.2006 um 20:48 schrieb Troy McGuire:
>>>
>>>> I'm curious as to how many people using Webtest with SSL pages.  
>>>> I've seen a few posts regarding this issue, but it doesn't appear 
>>>> that many people have experience in this area.  So far I've been 
>>>> able to use Webtest to verify loading a page (so I know that I have 
>>>> it installed and am using it 'somewhat' correctly), however to test 
>>>> my customer's site I need to login via SSL.  Most suggestions that 
>>>> I've seen from this list are usually something like, "I haven't 
>>>> tried this, but it might work for you...".  From my research of some 
>>>> different web gui testing tools, this appears to be the better one, 
>>>> but if I can't even test the login I'll have to look at what else is 
>>>> available.  Is anyone experienced in this area?
>>>
>>>
>>> We're using webtest on a site with redirects to an SSL server, an SSL 
>>> login page and a customer account section that's only accessible via 
>>> SSL. No problems. Do you have any specific issue?
>>>
>>> cheers
>>>
>>> Fabian
>>>
>>>> Thank You,
>>>>
>>>> Troy
>>>> _______________________________________________
>>>> WebTest mailing list
>>>> WebTest@lists.canoo.com
>>>> http://lists.canoo.com/mailman/listinfo/webtest
>>>
>>>
>>> _______________________________________________
>>> WebTest mailing list
>>> WebTest@lists.canoo.com
>>> http://lists.canoo.com/mailman/listinfo/webtest
>>>
>>>
>>
>> _______________________________________________
>> WebTest mailing list
>> WebTest@lists.canoo.com
>> http://lists.canoo.com/mailman/listinfo/webtest
>>
>>
> 
> _______________________________________________
> WebTest mailing list
> WebTest@lists.canoo.com
> http://lists.canoo.com/mailman/listinfo/webtest
>