About Certificates

To set up the components in your LoadRunner environment to communicate securely using TLS (SSL), you need to install your Certification Authority (CA) certificate and a TLS certificate issued by that CA on each LoadRunner machine.

LoadRunner Default Certificate

LoadRunner provides a default CA and TLS certificate for all LoadRunner machines. They are located in the <LoadRunner root>\dat\cert folder.

However, for a more secure process, create your own CA and issue matching TLS certificates for your machines. For details, see Configure Secure Communication with Two-way TLS (SSL) Authentication.

Back to top

Certificate Attributes and Requirements

Certificates created by LoadRunner

In general, all certificates created by LoadRunner utilities have the following attributes:

  • Signature hash algorithm: sha256
  • Encryption algorithm: RSA (2048 Bits)

Requirements for using existing CA certificates

You can use an existing CA certificate from your own organization—one that was not created by LoadRunner—as long as it complies with the following:

  • enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

  • base64 encoded DER certificate (*.pem)

    Tip: If your certificate is not already in PEM format, you can use any known tool to convert it.

You can also provide certificate files that contain a root CA and one or more intermediate CAs. LoadRunner supports chain verification as long as all the certificates in the chain from the root to the client certificate can be verified.

For example, suppose your Controller machine cacert.cer verification file contains A (root), B (signed by root), C (signed by root).

Then suppose that on a load generator machine, the cert.cer certificate file contains D (signed by B) and E (signed by D).

The certificate chain is valid: A > B > D > E.

Back to top

See also: