Certificate Manager

The Certificate Manager panel allows to connect to SSL applications that require highly-secure authentication based on client certificates. No setting is required at this point for normal SSL applications (those not requiring certificates).

Import certificates

Certificates must be imported before they can be used. The Import certificates button makes it possible to add certificates to a project. This import procedure merely copies the files selected in the project client-certificates directory. It is possible to copy the files directly to this directory.

Certificates must contain the private key and be in PKCS12 format. The file extension is usually .pfx, .p12 or .pkcs12.

A click on the Check a certificate button allows checking password, format and content of a certificate.

Record certificates

You need to install the certificate to be used for recording the scenario. As NeoLoad intervenes between the web browser and the server to record the requests, the certificate is required for authentication with the server.

The file is selected in the drop-down list, or entered manually together with the certificate password. The file name must be the same as in the client-certificates directory (e.g. user1.pfx).

Play back certificates

During a test, Virtual Users may use:

  1. Import all the certificates, as described in Import certificates.
  2. Create a variable containing the file names and corresponding passwords (or modify a file containing existing accounts).
  3. Back in the Certificate Manager, select Use a different certificate for each user.
  4. Use the variable picker to use the appropriate variable.
Example
login  ; lastName ; firstName ; certificate ; passwd
jsmith ;   smith  ;    john   ;  jswith.pfx ; s2cr3t
jdoe   ;   doe    ;    john   ;  jdoe.pfx   ; p4ssw4

It is necessary to declare the accounts file-type variable and select the option Use first line in file as column headings. Then use ${accounts.certificate} for the name and ${accounts.passwd} for the password used within the Certificate Manager.

Security concerns

The recording certificate password is stored in the NeoLoad project in encrypted form. However, this does not ensure its total security.

Playback passwords, and all NeoLoad variables, are stored in plain-text format. It is important when validating the User Path to use test certificates and not real certificates, and only to test a system that is in not in production.

If this is not the case, then access to the NeoLoad project must be secured in order to protect the certificates and their relevant passwords.