docs

Get started

Welcome
Installation
Running k6
Results output
k6 resources

Using k6

HTTP Requests
Metrics
Checks
Thresholds
Options
Test lifecycle
Modules
Tags and Groups
Cookies
Protocols
Environment variables
Execution context variables
Scenarios

Using k6 browser

Overview
Running browser tests
Browser metrics
Migrating to k6 v0.46
Recommended practices

Results output

Overview
End of test
Real time
Grafana dashboards

Test authoring

Test builder
Create tests from recordings

Test types

Load test types
Smoke testing
Load testing
Stress testing
Soak testing
Spike testing
Breakpoint testing

Testing guides

API load testing
Automated performance testing
Load testing websites
Running large tests
Running distributed tests

Misc

Usage collection
IntelliSense
Fine tuning OS
Archive Command
Release notes
Glossary
k6.ioapp.k6.io

No results for

Powered byAlgolia

SSL/TLS client certificates

suggest edits

Discussion about TLS certificates is usually about how clients authenticate servers. However, both TLS and k6 also support the reverse process, in which servers authenticate clients.

To use client certificates, specify global configuration options that tell k6 how to map a public certificate and private key to the domains they are valid for. You can load the certificate and key from local files or embed them as strings in the script.

Loading a certificate and a key from local files

To load a certificate and a key from local files, use the builtin open(...) function:

TLS client certificates from local certificate and key files
1import http from 'k6/http';
2

3export const options = {
4  tlsAuth: [
5    {
6      domains: ['example.com'],
7      cert: open('./mycert.pem'),
8      key: open('./mycert-key.pem'),
9    },
10  ],
11};
12

13export default function () {
14  http.get('https://example.com/');
15}

Loading certificate and key from embedded strings

To load the certificate and key from embedded strings, use this snippet. Note the use of template literals for multi-line strings):

⚠ These are just example keys

They're not real and were never used anywhere.

TLS client certificates from local certificate and key files
1import http from 'k6/http';
2

3const CERT = `-----BEGIN CERTIFICATE-----
4MIIFgTCCA2kCAQEwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlNFMRcwFQYD
5VQQIEw5TdG9ja2hvbG1zIExhbjESMBAGA1UEBxMJU3RvY2tob2xtMRcwFQYDVQQK
6...
7/n5QrTGhP51P9Q1THzRfn6cNCDwzSTMVEJr40QhuTJQWASe3miuFmZoG5ykmGqVm
8fWQRiQyM330s9vTwFy14J2Bxe4px6cyy7rVXvYL2LvfA4L0T7/x1nUULw+Mpqun1
9R3XRJWqGDjBKXr5q8VatdQO1QLgr
10-----END CERTIFICATE-----`;
11

12const KEY = `-----BEGIN RSA PRIVATE KEY-----
13KsZVVI1FTX+F959vqu1S02T+R1JM29PkIfJILIXapKQfb0FWrALU5xpipdPYBWp7
14j5iSp06/7H8ms87Uz9BrOA6rytoRSE0/wEe5WkWdBBgLLPpfOSWZsAA5RGCB2n+N
15...
16Dk+frzKuiErHFN7HOHAQannui4eLsY0ehYMByowgJIUGzIJyXR6O19hVhV7Py66u
17X7/Jy01JXn83LuWdpaPAKU+B42BLP0IGXt5CocPms07HOdtJ/wm2zwHTyfjn9vu+
18HO/dQr6a7DhRu2lLI9Sc983NwRqDKICZQQ/+gqWk8BgQZ1yI9O4AYkzywzAEk3py
19-----END RSA PRIVATE KEY-----`;
20

21export const options = {
22  tlsAuth: [
23    {
24      domains: ['example.com'],
25      cert: CERT,
26      key: KEY,
27    },
28  ],
29};
30

31export default function () {
32  http.get('https://example.com/');
33}
previousOnline Certificate Status Protocol (OCSP)