Manage certificates using the command line utilities

Use the gen_ca_cert and gen_cert command line utilities to manage CA and TLS (SSL) certificates.

Create and install a CA certificate from the command line

You must install a root CA certificate in order to use TLS (SSL) for secure communication. You can create a new root CA certificate or install an existing one.

You can also install intermediate CA certificates if required.

To create a root CA certificate:

  1. Create a CA certificate using the gen_ca_cert command line utility:

    From the <LoadRunner Professional root>\bin folder, run gen_ca_cert, using at least one of the following options:

    • -country_name

    • -organization_name

    • -common_name

    • -CA_pk_pwd. Use this option to encrypt the CA private key with the specified password.

    This process creates two files in the folder from which the utility was run: the CA certificate (cacert.cer), and the CA private key (capvk.cer).

  2. (Optional) Rename the files created by the utility.

    To rename the certificate and private key files, use the -CA_cert_file_name and the -CA_pk_file_name options, respectively.

    Note: By default, the CA certificate is valid for three years from when it is generated. To change the validation dates, use the -nb_time (beginning of validity) and/or -na_time (end of validity) options.

    Example:  The following command creates two files: ca_igloo_cert.cer and ca_igloo_pk.cer in the current folder, and sets the validity to 10/10/2022-11/11/2026:

    gen_ca_cert -country_name "North Pole" -organization_name "Igloo Makers" -common_name "ICL" -CA_cert_file_name "ca_igloo_cert.cer" -CA_pk_file_name "ca_igloo_pk.cer" -nb_time 10/10/2022 -na_time 11/11/2026

  3. Install the CA certificate. For details, see Install a CA certificate.

Install a CA certificate

To install a root or intermediate CA certificate, run the gen_ca_cert command line utility with one of the following options:

-install <name of certificate file> Replaces any previous CA list and creates a new one that includes this CA certificate only.
-install_add <name of certificate file>

Adds the new CA or intermediate certificate to the existing CA list.

Note: The -install and -install_add options install only the certificate file. Keep the private key file in a safe place and use it only for issuing certificates.

Back to top

Create and install a TLS (SSL) certificate from the command line

After you install a root CA certificate and any required intermediate certificates, you must install a TLS (SSL) certificate.

To create and install a TLS (SSL) certificate:

  1. Run the gen_cert command from the <LoadRunner Professional root>\bin folder:

    Windows gen_cert.exe
    Linux gen_cert

    The following options are available:

    Option Notes
    TLS certificate options

    (Mandatory) Encrypts the TLS certificate private key with the specified password.

    To generate an unencrypted private key, specify an empty password: "".

    -country_name (Mandatory) Use at least one of these options.
    Renames the TLS certificate file (from the default cert.cer).
    Renames the TLS certificate private key file (from the default cert.key).
    Parent CA certificate options

    The CA certificate and the CA private key files that you created manually in step 1, above, are necessary for the creation of the TLS certificate. By default, it is assumed that they are in the current folder, and are named cacert.cer and capvk.cer respectively. In any other case, use these options to give the correct files and locations.
    If the CA private key is encrypted, use this option to specify the password.

    After you run the command, the certificate file is created in the folder from which the utility was run.

  2. Install the TLS certificate using the gen_cert command with the -install <name of certificate file> option.

  3. Restart the LoadRunner Agent service.

Back to top

See also: