Highlighted
Established Member..
Established Member..
1017 views

SSL communication, LoadRunner controller to LoadGenerator

In our system, the load generators act as the server in client-server communications between the LR controller and the LoadGenerator.  Must the SSL digital certificate installed on each load generator be unique among the load generators?

 

Tags (1)
0 Likes
3 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: SSL communication, LoadRunner controller to LoadGenerator

 

Hi,

Do you want to use a unique certificate per Load Generator or a single certificate for all of them?

I suggest reading this blog post 

/t5/LoadRunner-and-Performance/New-Ways-to-Secure-Your-LoadRunner-Environment-in-12-00/ba-p/6417836#.WHU_oPl96Cj

Regards,

Shlomi

 

 

 

0 Likes
Highlighted
Established Member..
Established Member..

Re: SSL communication, LoadRunner controller to LoadGenerator

Shlomi,

I should have mentioned in my post that we are using version 12.53 for both LR controller and LG.

Regarding "Do you want to use a unique certificate per Load Generator or a single certificate for all of them?", since we have a lot of load generators in our system, I would choose "a single certificate for all of them".

I read the blog post you referenced above, however it raised some additional questions in my mind.  The 3rd paragraph from the end of the section "Working with certificates" states "You can create a single unique certificate in advance and install it on all LoadRunner components, or alternatively you can create a separate certificate for each of the client machines such as the Controller, Load Generator over firewall, and Monitor over firewall. For client certificates, the latter is recommended so that you can differentiate between them."

1) If I "create a single unique certificate in advance and install it on all LoadRunner components", should I install the same single unique certificate on both the LoadRunner controller and Load Generators, since they are all "LoadRunner components"?

2) If the answer to the previous question is yes, then that would seem to conflict with the SSL Client-to-SSL Server protocol messages in the diagram near the beginning of the referenced blog post.  That diagram implies that there is a server certificate [on load generator] and a client certificate [on LR controller] that are different.  Please clarify.

Homer-the-Great

0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: SSL communication, LoadRunner controller to LoadGenerator

Technically you can use unique certificate on different machines (LG, Controller, MIL, etc.). Using seperated certificates on them are usually best practice for security in industry. The line is, the CA which signs the certificate should be trusted by the opposite.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.