Skip to main content

Client Certificates

Some web services require a client to have a valid certificate to establish a secure (HTTPS) connection. Certificates are often kept in a certificate store. These can be viewed and edited in various ways:

  • Using Google Chrome, click Settings > Privacy and security > Security > Manage device certificates
  • Using Firefox, click Settings > Privacy & Security > Security > View Certificates
  • On Windows, run certmgr.msc

The certificates displayed by these options are located in the Certificates - Current User store within Windows. There is another store named Certificates - Local Machine which is accessible by running certlm.msc but these cannot be used by Eggplant Performance.

When replicating clients that use client certificates, there are two approaches depending on which HTTP connection handler is being used by the virtual users.

WinHTTP or WinInet

Use the following API methods to set the location of the certificate store, and the name of the client certificate to search for.

  • The default certificate store name is "MY" which corresponds to Certificates - Current User\Personal\Certificates
  • Another common option is "ROOT" which corresponds to Certificates - Current User\Trusted Root Certification Authorities\Certificates

The subject to search for is typically the value of the CN (Common Name) field

  • setCertificateStoreName(String storeName)
  • setCertificateSubject(String subject)
  • setCertificateDisplay(boolean display) is useful for debugging which client certificates are found
  • setEnableOptionalClientCertificates​(boolean enable) can be used if you know the server requests a client certificate but does not require one

These are methods of the WebBrowser class

You must run the Eggplant Performance injector process as a user that has access to the required certificate stores. This will generally mean starting the injector process from a command line in the context of a user rather than as a service.

Internal HTTP handler

This uses a path to a certificate file, in PEM format or other formats supported by OpenSSL. For further information, see

  • setCertLocation(String path)

These is a method of the WebBrowser class