Anand is an accomplished leader with over 20 years of experience in Product Management, Technical Marketing, Engineering and Support for enterprise software and datacenter technologies. Anand currently leads Product Management for BlazeMeter API Testing and Monitoring at Broadcom and is focused on helping customers with their Continuous Testing journey.

Become a JMeter and Continuous Testing Pro

Start Learning
Slack

Test Your Website Performance NOW!

arrowPlease enter a URL with http(s)
Assert:is found in response
May 24 2021

Enhanced Security for Client Certificates Based Authentication in BlazeMeter API Monitoring

In BlazeMeter, we heavily invest in our security measures and authentication features. We are pleased to share that we have enhanced the PEM-encoded Client Certificates based authentication for API Monitoring Tests to also accept a key file or a passphrase. 

 

We’ve heard your concerns

Many of our customers in the banking and healthcare industries have voiced that not only do their APIs require client certificates, but their client certificates also require an additional key file or passphrase.

 

Adding Key Files and Passphrases

To get started, edit your Test under API Monitoring and click on the “Authentication” tab. Under “Client Certificates” you’ll be presented with the ability to upload a PEM-encoded Client Certificates File.

 

As seen in the screenshot below, you will also be presented with the choice to upload an optional key file or specify a passphrase. The Client Certificates file and the key file can each be up to 1 MB in size, and the passphrase can have a maximum length of 128 characters.

 

 

Once you choose the files from your computer, click on the “Upload Certificate” button to upload the certificates. Then enable it for all request steps by clicking on "Add Client Certificate" under “Authentication Methods”, or in each step individually.

 

 

Designating Passphrases as “Secrets”

In addition, you can optionally set up the passphrase as a Secret at the team or bucket level using the Secrets Management feature. This ensures that the passphrase need not be shared with every member of the team and is also not visible in Tests. This ties together two powerful features within BlazeMeter API Monitoring, designed to monitor your secure APIs and keep your API Tests secure.

 

Try it Yourself

These optional security enhancements are available for all BlazeMeter API Monitoring users who already have support for client certificates enabled for their team or you can contact sales to add Client Certificates support to your account. Check out the documentation to learn more.

 

   
arrowPlease enter a URL with http(s)

Interested in writing for our Blog?Send us a pitch!