Configure Secure Communication with Two-way TLS (SSL) Authentication

This task describes the steps required to set up secure communication with two-way TLS (SSL) authentication on your LoadRunner environment.

  1. Set up the CA and TLS certificates

    1. Create a Certificate Authority (CA) certificate or ensure that you have a valid existing CA certificate.
    2. Create or select a TLS certificate.

    3. Install the CA and TLS certificate on all relevant LoadRunner machines in your system.

    For details, see Configure Secure Communication with TLS (SSL).

  2. Determine which machine in your system is the server for client-server communications. For details, see Two-way TLS (SSL) Authentication.

  3. Activate client authentication on the machine acting as the server.

    Do one of the following:

  4. Configure Authentication Settings in Controller.

    In Controller, select the CA and TLS certificates to be used for the scenario run. For details, see Authentication Settings Tool.

  5. Activate server authentication on client machines (optional).

    If you want the client machines to validate the server certificate, set this option for each client machine.

    Do one of the following:

    • Use the following Network and Security Manager command line from a single location to activate server authentication on all relevant host machines: set -check_server_cert to High for the highest level of security. For more information, see -check_server_cert.
    • On each client machine in your system, enable the Use Secure Connection (SSL) option in the Agent Configuration Settings Dialog Box, and set the Check Server Certificates level.

    Note: When provisioning Load Generators on the cloud, the certificates will be taken from the Controller and automatically copied to the Load Generators, so the communication will be secure by default. For details about working with load generators on the cloud, see Load Generators on the Cloud.

Back to top

See also: