How to Configure Client-Server Authentication

This task describes the steps required to create, setup, and activate the CA and SSL certificate authentication on your LoadRunner system.

  1. Create a Certificate Authority (CA) or ensure that you have a valid existing CA.

    To create a certificate in LoadRunner or to change the certificate you want to use, run the LoadRunner Certificate Manager application or the gen_ca_cert command line utility. For details, see How to Create and Install a Certificate Authority (CA) Certificate

    Note: If you already have a CA in your organization, you can use it instead of creating one in LoadRunner.

  2. Create or select the Digital Certificate for SSL communication.  You can do this in one of the following ways: 

    • Use the LoadRunner Certificate Manager
    • Use gen_cert.exe command-line tool 

    • Use the Authentication Settings dialog box > auto-generate option

    • Use the Network & Security Manager command line tool

    For details, see How to Create and Install an SSL Digital Certificate.

  3. Install the CA and SSL Digital Certificate on all relevant LoadRunner machines in your system.

  4. Determine which machine in your system is the server for client-server communications. For details, see Client-Server Authentication Configurations.

  5. Activate client authentication on the machine acting as the server.

    Do one of the following:

    • On the machine acting as the server, use the Agent Configuration Settings Dialog Box to select the relevant certificate.
    • Use the Network and Security Manager dialog box (Use Authentication Settings option) or command line (-check_client_cert) to activate authentication for the host machine that is acting as the server.
  6. Configure Authentication Settings on the Controller.

    On the Controller, in the Authentication Settings Dialog Box select the CA and SSL to be used for the scenario run.

  7. Activate server authentication on client machines (optional).

    If you want your client machines to validate the server certificate, set this option for each client machine.  Do one of the following:

    • On each client machine in your system, enable the Use Secure Connection (SSL) - Check Server Certificates option in the Agent Configuration Settings Dialog Box.
    • Use the Network and Security Manager command line (-check_server_cert) from a single location to activate server authentication on all relevant host machines.

    Note: When provisioning Load Generators on the cloud, the certificates will be taken from the Controller and automatically copied to the Load Generators, so the communication will be secure by default. For details about working with load generators on the cloud, see Load Generators on the Cloud.

Back to top

See also: