Certificate Manager

The Certificate Manager panel allows to connect to SSL applications that require highly-secure authentication based on client certificates. No setting is required at this point for normal SSL applications (those not requiring certificates).

Import certificates

Certificates must be imported before they can be used. The Import certificates button makes it possible to add certificates to a project. This import procedure merely copies the files selected in the project client-certificates directory. It is possible to copy the files directly to this directory.

Certificates must contain the private key and be in PKCS12 format. The file extension is usually .pfx, .p12 or .pkcs12.

A click on the Check a certificate button allows checking password, format and content of a certificate.

Record certificates

You need to install the certificate to be used for recording the scenario. As NeoLoad intervenes between the web browser and the server to record the requests, the certificate is required for authentication with the server.

The file is selected in the drop-down list, or entered manually together with the certificate password. The file name must be the same as in the client-certificates directory (e.g. user1.pfx).

• Information: For security reasons, the password is stored encrypted.

Play back certificates

During a test, Virtual Users may use:

• a single certificate: the one set for the recording, or
• a different certificate for each Virtual User

• To use a different certificate for each Virtual User

1. Import all the certificates, as described in Import certificates.
2. Create a variable containing the file names and corresponding passwords (or modify a file containing existing accounts).
   • Using the Edit > Variables command, create a List or File type variable. The value change policy must be For each Virtual User.
   • Depending on the variable type, either create a CSV file or directly enter the data through the graphical interface.
   • Each line must represent a Virtual User and each column a piece of data relating to the user. Some columns may also contain information useful for your particular application (name, address, telephone number...) and others the following information: the user certificate file name and also its corresponding password.
3. Back in the Certificate Manager, select Use a different certificate for each user.
4. Use the variable picker to use the appropriate variable.

Example

login  ; lastName ; firstName ; certificate ; passwd

jsmith ;   smith  ;    john   ;  jswith.pfx ; s2cr3t

jdoe   ;   doe    ;    john   ;  jdoe.pfx   ; p4ssw4

It is necessary to declare the accounts file-type variable and select the option Use first line in file as column headings. Then use ${accounts.certificate} for the name and ${accounts.passwd} for the password used within the Certificate Manager.

• Tip: Variable names may be used in combination, for example, ${accounts.login}.pfx.

Security concerns

The recording certificate password is stored in the NeoLoad project in encrypted form. However, this does not ensure its total security.

Playback passwords, and all NeoLoad variables, are stored in plain-text format. It is important when validating the User Path to use test certificates and not real certificates, and only to test a system that is in not in production.

If this is not the case, then access to the NeoLoad project must be secured in order to protect the certificates and their relevant passwords.