Configure Secure Communication with TLS (SSL)

To set up secure communication using TLS (SSL), you need to install a CA certificate and TLS certificate on each LoadRunner machine. You can manage these certificates using the LoadRunner Certificate Manager, or using a command line interface.

Manage certificates using the LoadRunner Certificate Manager

Using the LoadRunner Certificate Manager, you can create a CA certificate (or select an already existing one), create server/client certificates, and install the certificates on your LoadRunner machines.

  1. Launch the LoadRunner Certificate Manager from the Windows Start menu: go toMicro Focus > LoadRunner > Tools > LoadRunner Certificate Manager.

    If you have previously installed CA and TLS certificate with this application, these certificates are displayed. If not, the default LoadRunner certificates are displayed.

  2. Select a CA certificate:

    1. Click the Change button.
    2. On the Select CA Certificate page, select a CA Certificate. If no certificate is displayed in the list, do one of the following:

      Create a new CA certificate Click New and, in the Create New CA Certificate screen, enter the required details. When finished, click Create. Then select the certificate in the list.

      Tip: To export the CA certificate so that you can install it on other LoadRunner machines, click Export.

      Import an existing CA certificate

      If you already have a CA certificate in your organization, you can import it:

      1. Click Import.
      2. On the Import a CA Certificate page, click the CA Certificate and Private Key buttons to browse to and select the required files. Then click Import.

        The imported certificate appears in the CA Certificates list.

      3. Select the imported certificate.
    1. Click Next. The SSL Certificate page opens.

  3. Select or create a TLS (SSL) certificate.

    Note: For higher security, it is recommended to create and install a separate certificate for each machine.

    Create a new TLS certificate
    1. On the Select SSL Certificate page, click New to create a new TLS certificate.

      Tip: If you are creating one certificate for all LoadRunner machines, click Export to export the TLS certificate so that you can install it on other LoadRunner machines.

    2. Click Next.

    Import an existing TLS certificate To import an existing certificate, use the gen_cert utility with the -install option, as described in Manage certificates using the command line utility below.
  4. Click Finish. The CA certificate and corresponding TLS certificate are installed on the current LoadRunner machine.

  5. Restart the LoadRunner Agent service.

Back to top

Manage certificates using the command line utility

Use the gen_ca_cert utility to create a new CA certificate, and the gen_cert utility to create the TLS certificate.

  1. Create a CA certificate using the gen_ca_cert command line utility:

    From the <LoadRunner root>\bin folder, run gen_ca_cert, using at least one of the following options:

    • -country_name

    • -organization_name

    • -common_name

    This process creates two files in the folder from which the utility was run: the CA Certificate (cacert.cer), and the CA Private Key (capvk.cer).

  2. (Optional) Rename the files created by the utility.

    To rename the certificate files, use the -CA_cert_file_name and the -CA_pk_file_name options respectively.

    Note: By default, the CA certificate is valid for three years from when it is generated. To change the validation dates, use the -nb_time (beginning of validity) and/or -na_time (end of validity) options.

    Example:  

    The following command creates two files: ca_igloo_cert.cer and ca_igloo_pk.cer in the current folder, and sets the validity to 10/10/2013-11/11/2017:

    gen_ca_cert -country_name "North Pole" -organization_name "Igloo Makers" -common_name "ICL" -CA_cert_file_name "ca_igloo_cert.cer" -CA_pk_file_name "ca_igloo_pk.cer" -nb_time 10/10/2017 -na_time 11/11/2017

  3. Install the CA certificate.

    Use one of the following options:

    -install <name of certificate file> Replaces any previous CA list and creates a new one that includes this CA certificate only.
    -install_add <name of certificate file>.

    Adds the new CA certificate to the existing CA list.

    Note: The -install and -install_add options install only the certificate file. Keep the private key file in a safe place and use it only for issuing certificates.

  4. Create a TLS certificate using the gen_cert command line utility.

    From the <LoadRunner root>\bin folder, run:

    Windows gen_cert.exe
    Linux gen_cert

    Run the gen_cert command with at least one of the following options:

    • -country_name

    • -organization_name

    • -organization_unit_name

    • -eMail

    • -common_name

    Note:  

    • The CA Certificate and the CA Private Key files are necessary for the creation of the TLS certificate. By default, it is assumed that they are in the current folder, and are named cacert.cer and capvk.cer respectively. In any other case, use the -CA_cert_file_name and -CA_pk_file_name options to give the correct files and locations.
    • The certificate file is created in the folder from which the utility was run. By default, the file name is cert.cer. To rename the TLS certificate, use the -cert_file_name option.
  5. Install the TLS certificate using the gen_cert command with the -install option.

  6. Restart the LoadRunner Agent service.

Back to top

Other tools for setting up communication with communication with TLS

You can also use the following tools to set up TLS authentication:

Network and Security Manager command line tool

Automate your certificate setup process with the LoadRunner Network and Security Manager command line tool using the -generate_new_cert option command to create a new TLS certificate.

For details, see Network and Security Manager - Command Line Tool.

Controller

You can automatically generate a TLS certificate on Controller, associating the certificate with your scenario run.

To do this, in the Authentication Settings Tool, select the Generate a certificate automatically option.

Back to top