Some web services require a client to have a valid certificate to establish a secure (HTTPS) connection. Certificates are often kept in a certificate store. These can be viewed and edited in various ways:
- Using Google Chrome, click Settings > Privacy and security > Security > Manage device certificates
- Using Firefox, click Settings > Privacy & Security > Security > View Certificates
- On Windows, run
The certificates displayed by these options are located in the Certificates - Current User store within Windows. There is another store named Certificates - Local Machine which is accessible by running
certlm.msc but these cannot be used by Eggplant Performance.
When replicating clients that use client certificates, there are two approaches depending on which HTTP connection handler is being used by the virtual users.
WinHTTP or WinInet
Use the following API methods to set the location of the certificate store, and the name of the client certificate to search for.
- The default certificate store name is
"MY"which corresponds to Certificates - Current User\Personal\Certificates
- Another common option is
"ROOT"which corresponds to Certificates - Current User\Trusted Root Certification Authorities\Certificates
The subject to search for is typically the value of the CN (Common Name) field
setCertificateDisplay(boolean display)is useful for debugging which client certificates are found
setEnableOptionalClientCertificates(boolean enable)can be used if you know the server requests a client certificate but does not require one
These are methods of the
You must run the Eggplant Performance injector process as a user that has access to the required certificate stores. This will generally mean starting the injector process from a command line in the context of a user rather than as a service.
Internal HTTP handler
This uses a path to a certificate file, in PEM format or other formats supported by OpenSSL. For further information, see www.openssl.org.