Secure communication with TLS (SSL)

Set up TLS (SSL) for secure communication between your LoadRunner Professional machines.

Overview

You can use TLS (SSL) for secure communication between your LoadRunner Professional machines. To set up TLS (SSL), you install a CA certificate, and a TLS (SSL) certificate issued by that CA, on each LoadRunner Professional machine.

You can also install one or more intermediate CAs as part of a certificate chain. LoadRunner Professional supports verification via a chain of trust, as long as all the certificates in the chain from the root to the client certificate can be verified.

We recommend using the Certificate Manager to manage the certificates. For details, see Certificate Manager.

Alternatively, you can use the dedicated command line utilities to manage the certificates. For details, see Manage certificates using the command line utilities. You can also use the Network and Security Manager command line tool with the -generate_new_cert option command to create a new TLS certificate. For details, see Network and Security Manager.

Back to top

LoadRunner Professional default certificate

LoadRunner Professional provides a default CA and SSL certificate for all LoadRunner Professional machines. These certificates are located in the <LoadRunner Professional root>\dat\cert folder.

Caution: It is not recommended to change these files manually. Instead, use the Certificate Manager or command line utilities.

For a more secure process, create your own CA and issue matching TLS certificates for your machines. For details, see Two-way TLS (SSL) authentication.

Back to top

Certificate attributes and requirements

The following attributes and requirements apply to certificates used in LoadRunner Professional.

Certificates created by LoadRunner Professional

All certificates created by LoadRunner Professional utilities have the following attributes:

  • Signature hash algorithm: sha256
  • Encryption algorithm: RSA (2048 Bits)

Requirements for using existing CA certificates

You can use an existing CA certificate from your own organization—one that was not created by LoadRunner Professional—as long as it complies with the following:

  • Enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

  • base64 encoded DER certificate (*.pem)

    Tip: If your certificate is not already in PEM format, you can use any known tool to convert it.

You can also provide certificate files that contain a root CA and one or more intermediate CAs. If your CA has an Issuing or Intermediate certificate, then you can add that to the cacert.cer file content. It is recommended to use the Certificate Manager or command line utilities to add CA and Intermediate certificates, rather than adding them manually.

Example:  

cert.cer file content:

-----BEGIN CERTIFICATE-----

Content of TLS (SSL) certificate

-----END CERTIFICATE-----

-----BEGIN PRIVATE KEY-----

Private Key of TLS (SSL) certificate

-----END PRIVATE KEY-----

 

cacert.cer verification file content:

-----BEGIN CERTIFICATE-----

Content of CA/root certificate

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Content of Issuing/Intermediate certificate

-----END CERTIFICATE-----

Back to top

See also: