Enhanced Security for Client Certificates Based Authentication in BlazeMeter API Monitoring
In BlazeMeter, we heavily invest in our security measures and authentication features. We are pleased to share that we have enhanced the PEM-encoded Client Certificates based authentication for API Monitoring Tests to also accept a key file or a passphrase.
We’ve heard your concerns
Many of our customers in the banking and healthcare industries have voiced that not only do their APIs require client certificates, but their client certificates also require an additional key file or passphrase.
Adding Key Files and Passphrases
To get started, edit your Test under API Monitoring and click on the “Authentication” tab. Under “Client Certificates” you’ll be presented with the ability to upload a PEM-encoded Client Certificates File.
As seen in the screenshot below, you will also be presented with the choice to upload an optional key file or specify a passphrase. The Client Certificates file and the key file can each be up to 1 MB in size, and the passphrase can have a maximum length of 128 characters.
Once you choose the files from your computer, click on the “Upload Certificate” button to upload the certificates. Then enable it for all request steps by clicking on "Add Client Certificate" under “Authentication Methods”, or in each step individually.
Designating Passphrases as “Secrets”
In addition, you can optionally set up the passphrase as a Secret at the team or bucket level using the Secrets Management feature. This ensures that the passphrase need not be shared with every member of the team and is also not visible in Tests. This ties together two powerful features within BlazeMeter API Monitoring, designed to monitor your secure APIs and keep your API Tests secure.
Try it Yourself
These optional security enhancements are available for all BlazeMeter API Monitoring users who already have support for client certificates enabled for their team or you can contact sales to add Client Certificates support to your account. Check out the documentation to learn more.