SSL Client Certificate Authentication

What you’ll learn

  • How to test servers that use SSL/TLS client certificate authentication with Artillery

Overview

This plugin is part of Artillery Pro and does not need to be installed separately.

Client certificate authentication is a mechanism to restrict access to HTTP resources to clients that possess a certificate. This authentication method is frequently employed in enterprise applications.

Basic Configuration

To configure SSL client authentication provide the key and the certificate to be used in TLS settings and enable the SSL client auth plugin in config:

config:
  target: "https://example.com"
  tls:
    # Can useful for testing, should not be used in production:
    rejectUnauthorized: false
    # Specify client key and certificate:
    client:
      key: "./client-key.pem"
      cert: "./client-crt.pem"
  # Enable the plugin:
  plugins:
    http-ssl-auth: {}

Once configured, all requests will use the provided key and certificate for authentication.

PEM key password

You can provide a password for the key with the passphrase option:

config:
  target: "https://example.com"
  tls:
    rejectUnauthorized: false
    client:
      key: "./client-key.pem"
      cert: "./client-crt.pem"
      passphrase: "mysecretpassword"
  plugins:
    http-ssl-auth: {}

Disabling SSL auth selectively

To specify that a request should not use SSL client auth, set sslAuth to false:

  - flow:
      - get:
          url: "https://example.com/some/url"
          sslAuth: false # ignore SSL client auth settings