Perform load testing with nCipher HSM

This task describes how to set up a script to load test an environment with an nCipher HSM (Hardware Security Module).

  1. Prerequisite: Generate the client certificate file (client_cert.pem) with the private key (client_key.pem) pointing to the private keys stored in the HSM. Make sure that you can connect to your web server ( with a generated CA file (ca-certs.pem). The successful openssl command should have the following form: 

    openssl s_client –connect –CAfile ca-certs.pem –cert client_cert.pem –certform PEM –key client_key.pem – keyform PEM –engine CHIL

  2. Set up the PATH environment variable:

    1. Add the nfhwcrhk.dll file, usually located in C:\Program Files (x86)\nCipher\nfast\toolkits\hwcrhk, to the PATH environment variable.
    2. Restart VuGen to apply the changes.
  3. Enable nCipher key retrieval

    1. In the runtime settings, go to the Internet Protocol > Preferences view and expand the Authentication section.
    2. Select the Enable retrieving keys from nCipher HSM option. For details, see Preferences View - Internet Protocol.
  4. Edit the Vuser script

    Add the following content to the vuser_init section of your Vuser script.

    web_set_sockets_option(SSL_VERSION, "TLS");

    web_set_sockets_option(DEFAULT_VERIFY_PATH, <full_path>\ca-certs.pem);

    web_set_certificate_ex (



    "KeyFilePath= <full_path_to_client_private_key_file> /client_key.pem",



Back to top