Create digital certificates

This task describes how to create a Certification Authority and a Digital Certificate for working with SSL (Secure Socket Layer) to secure communication to your cloud-based load generators.

Create a Certification Authority (CA)

Note: This step describes how to create a CA using the gen_ca_cert.exe utility. If you are working on a Linux platform, use the gen_ca_cert utility instead.

  1. Run the gen_ca_cert utility from the <LoadRunner root folder>\bin folder.

  2. Run the gen_ca_cert command with at least one of the following options:

    • -country_name

    • -organization name

    • -common_name

    This process creates two files in the folder from which the utility was run: the CA Certificate (cacert.cer), and the CA Private Key (capvk.cer).

    Note: By default, the CA is valid for three years from when it is generated. To change the validation dates, use the -nb_time (beginning of validity) and/or -na_time (end of validity) options.

    The following example creates two files: ca_igloo_cert.cer and ca_igloo_pk.cer in the current folder:

    gen_ca_cert - country_name "North Pole" -organization_name "Igloo Makers" -common_name "ICL" -CA_cert_file_name "ca_igloo_cert.cer" - CA_pk_file_name "ca_igloo_pk.cer" -nb_time 10/10/2013 -na_time 11/11/2013

  3. Install the CA using one of the following options:

    • -install <name of certificate file>. Replaces any previous CA list and creates a new one that includes this CA only.

    • -install_add <name of certificate file>. Adds the new CA to the existing CA list.

    The -install and -install_add options install the certificate file only. Keep the private key file in a safe place and use it only for issuing certificates.

Back to top

Create a digital certificate

Note: This step describes how to create a digital certificate using the gen_cert.exe utility. If you are working on a Linux platform, use the gen_cert utility instead.

  1. Run the gen_cert utility from the <LoadRunner root folder>\bin folder.

  2. Run the gen_cert command with at least one of the following options:

    • -country_name

    • -organization_name

    • -organization_unit_name

    • -eMail

    • -common_name

    It is important to note the following:

    • The CA Certificate and the CA Private Key files are necessary for the creation of the certificate. By default, it is assumed that they are in the current folder, and are named cacert.cer and capvk.cer respectively. In any other case, use the -CA_cert_file_name and -CA_pk_file_name options to give the correct locations.

    • The certificate file is created in the folder from which the utility was run. By default, the file name is cert.cer.

Back to top

Copy the certificates to ALM, Performance Center, and the Controller

After creating a Certification Authority (CA) and a Digital Certificate, you must store the files on ALM, the Performance Center server, and the Controller

  • ALM: Copy cert.cer and cacert.cer to ALM deployment directory>\repository\sa\DomsInfo\Certificates.
  • Performance Center server: Copy cert.cer to <Performance Center Server directory>\dat\cert, and cacert.cer to <Performance Center Server directory>\dat\cert\Verify.
  • Controller: Copy cert.cer to <Performance Center Host directory>\dat\cert, and cacert.cer to <Performance Center Host directory>\dat\cert\Verify.

Back to top

See also: