Blog
July 23, 2021
How to Set Your JMeter Load Test to Use Client Side Certificates
Open Source Automation
Learn about client-side performance testing using JMeter, which allows you to test an application's response for different clients using different platforms.
What is Client-side Performance Testing Using JMeter?
Client-side performance testing using JMeter allows you to test an application's response for different clients using different platforms such as mobile, desktop, tablet, smart TV, etc. with JMeter. Client-side metrics can check interaction speed, location and connection speed.
Many times when performance testing an application you need to use certificates for security reasons to perform your tests. If you need to use certificates to provide HTTPS requests for your load testing there are two options:
1. Use a server-side client certificate
This requires the least amount of work. You use the server to encrypt and decrypt the data. However, occasionally the web application requires a client-side certificate due to security policies.
2. Use a client-side certificate
Client-side certificates are sometimes required because they are the best way for a server to "know" exactly who is connecting. One of the most common examples we see of this today is within large IT enterprises. Internal users must install and present a certificate when communicating with the server in order to receive authorization to log into the enterprise’s IT system. Fortunately, we can use JMeter to simulate this form of secure communication.
Back to top
How to Run Client-Side Performance Testing using JMeter
JMeter supports client-side JKS and PKCS12 certificates ‘out-of-the-box’. It does this by using the SSL Manager to select the certificate when running in GUI mode. To use the PKCS12 certificate, make sure that the extension of the file is .p12 (e.g : mykeystore.p12). The other extension will be treated as a JKS (Java KeyStore) certificate.
If you want to run your script using BlazeMeter (JMeter in non-GUI), take the following steps to allow your script to run with your client-side certificate:
1. Create a Java KeyStore file (e.g. mykeystore.jks).
If you have a PKCS12 file, use the following command line to convert it to a JKS file:
keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12
-srcstorepass -keystore
-storepass
2. Go to your JMeter directory and open your system.properties file.
There, uncomment the following lines, and change the file to match your values:
javax.net.ssl.keyStore=
javax.net.ssl.keyStorePassword=yourJKSpassword
You can also use the -D option to pass these values straight from the command line.
For example:
-D javax.net.ssl.keyStore=your_JKS_filename.jks -D javax.net.ssl.keyStorePassword=yourJKSpassword
3. Change your HTTP sampler implementation to Java (instead of HC3.1 or HC4).
You should now be able to run your script successfully.
If you plan to use BlazeMeter, upload your JMX, JKS file (with no spaces) to your BlazeMeter test.
Then pass the javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword values through the command line parameters.
Press save...and you’re ready to go!
4. Verify your script successfully created the KeyStore load your JKS certificate into it.
To do this, view your JMeter log file (if you’re using BlazeMeter - click on the ‘Logs’ tab in your test report and select a log file)
You should see lines similar to these:
2013/12/12 13:13:49 INFO - jmeter.util.SSLManager: JmeterKeyStore Location: mykeystore.jks type JKS
2013/12/12 13:13:49 INFO - jmeter.util.SSLManager: KeyStore created OK
2013/12/12 13:13:49 INFO - jmeter.util.SSLManager: Total of 1 aliases loaded OK from keystore
Back to top
Benefits of Client-side Performance Testing Using JMeter
Sometimes you need to use a client-side certificate because it is the best way for a server to "know" exactly who is connecting to the server.
One of the most common examples we see today is in large enterprises. Internal users must install and present a certificate when communicating with the server in order to receive authorization to log into the enterprise's IT system.
Fortunately, JMeter can simulate this type of secure communication. BlazeMeter can help you perform client-side performance testing using JMeter easily by following the steps in this blog.