We recently had a requirement to do some performance testing of an application which used Unipass certificates to secure content. We've often encountered SSL certificates before, but Unipass certificates were a novelty for us....
Unipass certificates allow users to use specific, secured websites without the need to manually provide login credentials for each site (the certificate does this for you). Obviously, LoadRunner can present certificates when simulating a user action, but this has always required manual coding effort to add the SSL certificate to the LoadRunner script (until now).
The old method for including certificates in a test script
Normally when creating performance test scripts, the first challenge is acquiring the certificate. This in itself can present a challenge. Certificates are normally delivered directly to the client machine. Without administrative access to the client PC it's not even possible to extract the certificate. This means that you have to find a machine where you do have administrative access (often these PCs are in your test environment with no direct Internet access), which makes getting the certificate difficult in the first place!
Once you have obtained the certificate (usually in the form of a .pfx file), you need to convert it to a .pem file using OpenSSL. This is relatively straightforward, assuming that you have the pre-requisite components, but takes time none the less.
After finally getting your .pem file, you then have to place code instructing your LoadRunner script present the certificate to the application you're trying to test. When you’ve done this, testing can finally begin.
The new nethod (LR 11.5)
Recently we have been converting a number of our test scripts to LoadRunner 11.5. Best-practice guidelines recommend that you re-record test scripts at regular intervals, this ensures that there have been no undocumented changes to the test application. We re-recorded the business process in LoadRunner 11.5 and were delighted to see that HP has come up trumps for us! Not only did LoadRunner automatically insert the code required for submitting the certificate, it also converted the .pfx certificate to a .pem file and stored the file in the script directory ready for replay.
Great news for testers!