No results for

Powered byAlgolia

SSL/TLS client certificates

suggest edits

Usually, when we are talking about TLS certificates we are referring to the mechanism by which clients authenticate servers. The reverse, servers authenticating clients, is also supported by both TLS and k6.

To use client certificates you specify global configuration options that tell k6 how to map a public certificate and private key to the domains they are valid for. You can load the certificate and key from local files or embed them as strings in the script.

Loading a certificate and a key from local files

To load a certificate and a key from local files you use the builtin open(...) function:

TLS client certificates from local certificate and key files
1import http from 'k6/http';
2
3export let options = {
4 tlsAuth: [
5 {
6 domains: ['example.com'],
7 cert: open('./mycert.pem'),
8 key: open('./mycert-key.pem'),
9 },
10 ],
11};
12
13export default function () {
14 http.get('https://example.com/');
15}

Loading certificate and key from embedded strings

To load certificate and key from embedded strings (note the use of template literals for multi-line strings):

⚠️ Certificate and key used in the example

The partial certificate and key data in the above example were generated for this particular example, they're not real or in-use anywhere.

TLS client certificates from local certificate and key files
1import http from 'k6/http';
2
3const CERT = `-----BEGIN CERTIFICATE-----
4MIIFgTCCA2kCAQEwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlNFMRcwFQYD
5VQQIEw5TdG9ja2hvbG1zIExhbjESMBAGA1UEBxMJU3RvY2tob2xtMRcwFQYDVQQK
6...
7/n5QrTGhP51P9Q1THzRfn6cNCDwzSTMVEJr40QhuTJQWASe3miuFmZoG5ykmGqVm
8fWQRiQyM330s9vTwFy14J2Bxe4px6cyy7rVXvYL2LvfA4L0T7/x1nUULw+Mpqun1
9R3XRJWqGDjBKXr5q8VatdQO1QLgr
10-----END CERTIFICATE-----`;
11
12const KEY = `-----BEGIN RSA PRIVATE KEY-----
13KsZVVI1FTX+F959vqu1S02T+R1JM29PkIfJILIXapKQfb0FWrALU5xpipdPYBWp7
14j5iSp06/7H8ms87Uz9BrOA6rytoRSE0/wEe5WkWdBBgLLPpfOSWZsAA5RGCB2n+N
15...
16Dk+frzKuiErHFN7HOHAQannui4eLsY0ehYMByowgJIUGzIJyXR6O19hVhV7Py66u
17X7/Jy01JXn83LuWdpaPAKU+B42BLP0IGXt5CocPms07HOdtJ/wm2zwHTyfjn9vu+
18HO/dQr6a7DhRu2lLI9Sc983NwRqDKICZQQ/+gqWk8BgQZ1yI9O4AYkzywzAEk3py
19-----END RSA PRIVATE KEY-----`;
20
21export let options = {
22 tlsAuth: [
23 {
24 domains: ['example.com'],
25 cert: CERT,
26 key: KEY,
27 },
28 ],
29};
30
31export default function () {
32 http.get('https://example.com/');
33}