How to Create and Install a Certificate Authority (CA) Certificate

You can create and install a Certificate Authority (CA) certificate using either of the following:

  • Use the LoadRunner Certificate Manager application.

  • Run the gen_ca_cert command line utility.

Note: If you already have a CA certificate in your organization, you can use it instead of creating one in LoadRunner.

For details on importing a CA certificate, see How to Create and Install an SSL Digital Certificate.

LoadRunner Certificate Manager

To create a CA certificate using the LoadRunner Certificate Manager:

  1. Run the LoadRunner Certificate Manager from Start > All Programs > HPE Software > HPE LoadRunner > Tools > LoadRunner Certificate Manager.

    If you have not previously created certificates with this application, it displays the default LoadRunner certificates.

  2. In the LoadRunner Certificate Manager, click Change.

  3. Click New and enter the required values in the Create New CA Certificate screen. When finished, click Create.

  4. (Optional) To install this CA certificate on other LoadRunner computers, click Export and save the generated certificate. Then install it on other LoadRunner computers using the gen_ca_cert command with a -install option as described at the end of the procedure below.
  5. Click Next and continue following the on-screen instructions to create a corresponding SSL certificate and install both certificates on the current LoadRunner machine. For details, see How to Create and Install an SSL Digital Certificate.

Back to top

gen_ca_cert command line utility

To create a CA certificate using the gen_ca_cert command line utility:

  1. Run the gen_ca_cert utility from the <LoadRunner root>\bin
    folder.

  2. Run the gen_ca_cert command with at least one of the following options:

    • -country_name

    • -organization_name

    • -common_name

    This process creates two files in the folder from which the utility was run: the CA Certificate (cacert.cer), and the CA Private Key (capvk.cer). To provide different file names, use the -CA_cert_file_name and the -CA_pk_file_name options respectively.

    Note: By default, the CA certificate is valid for three years from when it is generated. To change the validation dates, use the -nb_time (beginning of validity) and/or -na_time (end of validity) options.

    The following example creates two files: ca_igloo_cert.cer and ca_igloo_pk.cer in the current folder:

    gen_ca_cert -country_name "North Pole" -organization_name "Igloo Makers" -common_name "ICL" -CA_cert_file_name "ca_igloo_cert.cer" -CA_pk_file_name "ca_igloo_pk.cer" -nb_time 10/10/2013 -na_time 11/11/2013

  3. Install the CA using one of the following options:

    • -install <name of certificate file>. Replaces any previous CA list and creates a new one that includes this CA only.

    • -install_add <name of certificate file>. Adds the new CA to the existing CA list.

    Note: The -install and -install_add options install only the certificate file. Keep the private key file in a safe place and use it only for issuing certificates.

Back to top

See also: