Secure communication over Firewalls
When the MI Listener sends its Public Key to the LoadRunner agent, it always sends its certificate as well: this is the server-side certificate. The LoadRunner agent can also be configured to authenticate the certificate it received. If the agent is configured to authenticate the certificate, it can verify whether the sender is really the machine that it claims to be by:
Comparing the certificate's IP address with the sender's IP address
Checking the validation date
Looking for the digital signature in its Certification Authorities list
The MI Listener may also require the LoadRunner agent to send a certificate at any point in the session: this is the client-side certificate. You can set this option in the MI Listener Configuration Dialog Box.
If the LoadRunner agent owns a certificate, it sends the certificate to the MI Listener for the same authentication process. If the LoadRunner agent does not own a certificate, the communication might not be continued.