Enabling server certificate authentication in jmeter

Question

As the title says, i\'d like to enable the authentication of server certificates in jmeter. Is it possible to configure it?

What i found so far is this article According

Answer 1

According to JMeter Documentation:

The JMeter HTTP samplers are configured to accept all certificates, whether trusted or not, regardless of validity periods, etc. This is to allow the maximum flexibility in testing servers.

There is no easy way of disabling this behavior without modification of JMeter source code, however you can use JSR223 Sampler in order to check the server certificate and/or certificate chain.

The relevant code would be something like:

def factory = javax.net.ssl.SSLSocketFactory.getDefault();

def socket = factory.createSocket('example.com', 443);

socket.withStreams { input, output ->
    output.withWriter {
        it << 'hello'
        it.flush()
    }
}

Replace example.com and 443 with your server host and port. If there is no problem with certificate(s) - the request will be successful, otherwise you will see error with details in the sample result.

Check out Apache Groovy - Why and How You Should Use It article to learn more about the concept of custom scripting in JMeter