How to Set Your JMeter Load Test to Use Client Side Certificates
July 23, 2021

How to Set Your JMeter Load Test to Use Client Side Certificates

Open Source Automation

Learn about client-side performance testing using JMeter, which allows you to test an application's response for different clients using different platforms. 

Table of Contents: 

 

What is client-side performance testing using JMeter? 

Client-side performance testing using JMeter allows you to test an application's response for different clients using different platforms such as mobile, desktop, tablet, smart TV, etc. with JMeter.  Client-side metrics can check interaction speed, location and connection speed.

Many times when performance testing an application you need to use certificates for security reasons to perform your tests. If you need to use certificates to provide HTTPS requests for your load testing there are two options:

 

1. Use a server-side client certificate

This requires the least amount of work. You use the server to encrypt and decrypt the data. However, occasionally the web application requires a client-side certificate due to security policies.

 

2. Use a client-side certificate

Client-side certificates are sometimes required because they are the best way for a server to "know" exactly who is connecting. One of the most common examples we see of this today is within large IT enterprises. Internal users must install and present a certificate when communicating with the server in order to receive authorization to log into the enterprise’s IT system. Fortunately, we can use JMeter to simulate this form of secure communication.

 

How to Run Client-Side Performance Testing using JMeter 

 

JMeter supports client-side JKS and PKCS12 certificates ‘out-of-the-box’. It does this by using the SSL Manager to select the certificate when running in GUI mode. To use the PKCS12 certificate, make sure that the extension of the file is .p12 (e.g : mykeystore.p12). The other extension will be treated as a JKS (Java KeyStore) certificate.

 

If you want to run your script using BlazeMeter (JMeter in non-GUI), take the following steps to allow your script to run with your client-side certificate:

 

1. Create a Java KeyStore file (e.g. mykeystore.jks).

If you have a PKCS12 file, use the following command line to convert it to a JKS file:

 

keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12

-srcstorepass -keystore

-storepass

 

2. Go to your JMeter directory and open your system.properties file.

There, uncomment the following lines, and change the file to match your values:

 

javax.net.ssl.keyStore=

javax.net.ssl.keyStorePassword=yourJKSpassword

 

You can also use the -D option to pass these values straight from the command line.

For example:

-D javax.net.ssl.keyStore=your_JKS_filename.jks -D javax.net.ssl.keyStorePassword=yourJKSpassword

 

3. Change your HTTP sampler implementation to Java (instead of HC3.1 or HC4).

You should now be able to run your script successfully.

 

If you plan to use BlazeMeter, upload your JMX, JKS file (with no spaces) to your BlazeMeter test.

Then pass the javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword values through the command line parameters.

 

Press save...and you’re ready to go!

 

4. Verify your script successfully created the KeyStore  load your JKS certificate into it.

To do this, view your JMeter log file (if you’re using BlazeMeter - click on the ‘Logs’ tab in your test report and select a log file)

 

You should see lines similar to these:

 

2013/12/12 13:13:49 INFO  - jmeter.util.SSLManager: JmeterKeyStore Location: mykeystore.jks type JKS

2013/12/12 13:13:49 INFO  - jmeter.util.SSLManager: KeyStore created OK

2013/12/12 13:13:49 INFO  - jmeter.util.SSLManager: Total of 1 aliases loaded OK from keystore

 

Benefits of client-side performance testing using JMeter

 

Sometimes you need to use a client-side certificate because it is the best way for a server to "know" exactly who is connecting to the server. 

One of the most common examples we see today is in large enterprises. Internal users must install and present a certificate when communicating with the server in order to receive authorization to log into the enterprise's IT system. 

Fortunately, JMeter can simulate this type of secure communication. BlazeMeter can help you perform client-side performance testing using JMeter easily by following the steps in this blog. 

START TESTING NOW