JavaScript Functions > Alphabetical Listing of Web Functions > web.setCertificateEx


Sets the certificate and key file attributes.


web.setCertificateEx( {object} ); 

JavaScript Object

    certFilePath: "<string>",
    certFormat: "<string>",
    sendCertChain: "<string>",
    keyFilePath: "<string>",
    keyFormat: "<string>",
    password: "<string>",
    stringToSign: "<string>",
    signedStringParam: "<string>",
    certIndex: "<string>"
Property Name
certFilepath The path and file name of the certificate (Sockets replay only).
certFormat The format of the certificate: PEM or ASN1 (Sockets replay only).
sendCertChain If the certificate should be sent to the server with or without an existing chain. Setting sendCertChain to 1 sends the chain; Not specifying a value, or specifying the default value 0, does not send the chain.
keyFilepath The path and filename of the certificate's key file (Sockets replay only).
keyFormat The format of the key file: PEM or ASN1 (Sockets replay only).
password The password required by the certificate (Sockets replay only).
stringToSign A PKCS7–compatible digital signature is generated from the stringToSign text, and stored in the signedStringParam parameter. This option is meaningless if signedStringParam is not used. (Sockets replay only).
signedStringParam The name of the parameter to store the digital signature created from the stringToSign argument. This option is meaningless if stringToSign is not used. (Sockets replay only).
certIndex The WinInet certificate index. It specifies a one–based index of the security certificate within the IE certificate database. The index must be the same on all replay machines (WinInet and Sockets replay).certIndex can be passed as the only option.

Return Values

Not applicable


The following argument(s) can be parameterized using standard parameterization: List of Options

General Information

web.setCertificateEx sets the certificate and key file attributes, such as its location, type, and password. This information is used for HTTPS requests that require a certificate. All of the parameters are null–terminated character strings. The keywords are not case–sensitive; but the values attributed to the keywords are case–sensitive. Spaces are not allowed at the beginning or end of a keyword value. Note that this function is only recorded when using Internet Explorer.

In most cases, this function is generated automatically. VuGen records the relevant certificate files and sends them to the machine under test during replay. In instances where this function was not generated automatically, you can manually add it by following these steps:

To use this function, you must add it to the Vuser's file list. Select group Information > More > Files tab in the Controller. Alternatively, you can copy the certificate file to all machines running the script.

To determine the certificate and key information, extract it from the machine on which the script was recorded. To extract a certificate and key file:

In Internet Explorer:

  1. Choose Tools > Internet Options. Select the Content tab and click Certificates.

  2. Select a certificate from the list and click Export.

  3. Click Next several times until you are prompted for a password.

  4. Enter a password and click Next.

  5. Enter a file name and click Next.

  6. Click Finish

For other browsers, consult the browser help for the equivalent procedure.

The resulting certificate file is in PKCS12 format. To convert the file to PEM format, use the openssl_10_x32.exe utility located in the bin directory. To run the utility, open a command window, set the working directory to the bin directory and do the following sequence:

    C:\Program Files\HP\LoadRunner\bin>openssl_10_x32
    OpenSSL> pkcs12 -in <input file> -out <output file>
    Enter Import password:
    MAC verified OK
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:

Copy the output file with the .pem extension to the replay machine(s). This file serves as both the certificate file and key file.

Insert a web.setCertificateEx function into the script, specifying the name of the output file.

When installing a certificate with private key in Internet Explorer, if you choose strong private key protection, you can set security level of this certificate. The default is medium. The socket mode cannot handle the high security level with the certIndex parameter. If you do not use certIndex, the security level can be high but then you must provide the certificate password.

The Wininet mode only handles the low security level.