The Certificate Manager panel allows to connect to SSL applications that require highly-secure authentication based on client certificates. No setting is required at this point for normal SSL applications (those not requiring certificates).
Certificates must be imported before they can be used. The Import certificates button makes it possible to add certificates to a project. This import procedure merely copies the files selected in the project client-certificates
directory. It is possible to copy the files directly to this directory.
Certificates must contain the private key and be in PKCS12 format. The file extension is usually .pfx
, .p12
or .pkcs12
.
A click on the Check a certificate button allows checking password, format and content of a certificate.
You need to install the certificate to be used for recording the scenario. As NeoLoad intervenes between the web browser and the server to record the requests, the certificate is required for authentication with the server.
The file is selected in the drop-down list, or entered manually together with the certificate password. The file name must be the same as in the client-certificates
directory (e.g. user1.pfx
).
During a test, Virtual Users may use:
List
or File
type variable. The value change policy must be For each Virtual User.login ; lastName ; firstName ; certificate ; passwd
jsmith ; smith ; john ; jswith.pfx ; s2cr3t
jdoe ; doe ; john ; jdoe.pfx ; p4ssw4
It is necessary to declare the accounts
file-type variable and select the option Use first line in file as column headings. Then use ${accounts.certificate}
for the name and ${accounts.passwd}
for the password used within the Certificate Manager.
${accounts.login}.pfx
.The recording certificate password is stored in the NeoLoad project in encrypted form. However, this does not ensure its total security.
Playback passwords, and all NeoLoad variables, are stored in plain-text format. It is important when validating the User Path to use test certificates and not real certificates, and only to test a system that is in not in production.
If this is not the case, then access to the NeoLoad project must be secured in order to protect the certificates and their relevant passwords.