Create digital certificates

This topic describes how to create a certification authority (CA) and a TLS (SSL) certificate. A CA and TLS certificate are required for secure communication to your cloud-based load generators.

Overview

You can use TLS (SSL) for secure communication between your LoadRunner Professional machines. To set up TLS (SSL), you install a CA certificate, and a TLS (SSL) certificate issued by that CA, on each LoadRunner Enterprise machine.

You can create and install certificates using the command line utilities as described in the steps below, or using the LoadRunner Certificate Manager. For details on installing and managing certificates using the Certificate Manager, see Certificate Manager in the LoadRunner Professional Help Center.

Back to top

Create a CA certificate using a command line utility

You must install a CA certificate in order to use TLS (SSL) for secure communication.

Note: This step describes how to create a CA using the gen_ca_cert.exe utility. If you are working on a Linux platform, use the gen_ca_cert utility instead.

To create and install a CA certificate:

  1. Create a CA certificate using the gen_ca_cert command line utility.

    From the <LRE_installdir>\bin folder, run gen_ca_cert with at least one of the following options:

    • -country_name

    • -organization name

    • -common_name

    This process creates two files in the folder from which the utility was run: the CA certificate (cacert.cer), and the CA private key (capvk.cer).

    Note: By default, the CA is valid for three years from when it is generated. To change the validation dates, use the -nb_time (beginning of validity) and/or -na_time (end of validity) options in the gen_ca_cert command. The date format is DD/MM/YYYY.

    Example: The following creates two files: ca_igloo_cert.cer and ca_igloo_pk.cer in the current folder, and sets the validity to 31/12/2020-31/12/2023:

    gen_ca_cert ‑country_name "North Pole" ‑organization_name "Igloo Makers" ‑ common_name "ICL" ‑CA_cert_file_name "ca_igloo_cert.cer" ‑CA_pk_file_name "ca_igloo_pk.cer" ‑nb_time 31/12/2020 ‑na_time 31/12/2023

  2. Install the CA certificate using one of the following options:

    -install <name of certificate file> Replaces any previous CA list and creates a new one that includes this CA certificate only.
    -install_add <name of certificate file> Adds the new CA certificate to the existing CA list.

    Note: The -install and -install_add options install the certificate file only. Keep the private key file in a safe place, and use it only for issuing certificates.

Back to top

Create a TLS (SSL) certificate using a command line utility

After you install a CA certificate, you must install a TLS (SSL) certificate.

Note: This step describes how to create a digital certificate using the gen_cert.exe utility. If you are working on a Linux platform, use the gen_cert utility instead.

To create and install a TLS (SSL) certificate:

  1. From the <LRE_installdir>\bin folder, run the gen_cert command with at least one of the following options:

    • -country_name

    • -organization_name

    • -organization_unit_name

    • -eMail

    • -common_name

    After you run the command, the certificate file is created in the folder from which the utility was run.

    Note:  

    • The CA certificate and the CA private key files are necessary for the creation of the certificate. By default, they are in the \bin folder, and are named cacert.cer and capvk.cer, respectively. In any other case, use the -CA_cert_file_name and -CA_pk_file_name options to give the correct locations.

    • The certificate file is created in the folder from which the utility was run. By default, the file name is cert.cer.

  2. Install the TLS certificate using the gen_cert command with the -install <name of certificate file> option.

  3. Reboot LoadRunner Enterprise after creating a new certificate.

Back to top

Copy or import certificates to other hosts in the environment

After creating a CA and a TLS (SSL) certificate, you must store the files on the LoadRunner Enterprise server and the Controller. You can copy or import certificates to other LoadRunner Enterprise host machines in the environment using a command line utility or the Certificate Manager.

For details, see Secure communication with TLS (SSL) in the LoadRunner Professional Help Center.

Note: For certificates created in LoadRunner Enterprise versions 2022 R1 or earlier using the Certificate Manager, you must use the Certificate Manager to import the certificates to another machine.

Back to top

See also: