Usage client certificate *p12


I did not find any documentation about integration of client certificate into testsuite.
Is this possible or to implement in custom source?


Hi Marcus,

Thanks for your post!

That’s an interesting question. In order to give you a competent answer, I’d like to ask you what test approach your testsuite uses:

  • Browser emulation via HtmlUnit and XLT
  • Real browser tests via Selenium/WebDriver


Hi @harlt,

we have secured some environments with client certificates because basic auth isn’t difficult to remember and PKI will do the automation.

At this moment we wanna test with google chrome / webdriver and client certificate integration would be fine.
Yes, would be possible to create a chrome profile and reference it but “better integration in XLT” would be nice.

Unfortunately, there is no built-in support for SSL client certificates in XLT at the moment. This means that there is currently no way to specify a few properties in XLT’s confguration files and you’re set.

As you’ve already noted, a custom chrome profile may do the trick. And I agree, that a better integration into XLT would/should be desired. I’ll file a proper feature request in XLT’s issue tracker at GitHub.

Do you need some guidance on how to use a custom chrome profile with XLT or have you figured it out by yourself already?

Some proven snippet / guidance from your side would be fine. I started with but …
I trust on your practice :wink:

Hi Marcus,

I’ve spent several hours the last few days to find out how to get Chrome to use a custom SSL client certificate for my test site (never before we had such an use-case).

First, I had to figure out how to add the certificate at all. It seems that all major browsers use the underlying OS to manage client certificates. And that’s maybe also the reason why there is no easy way, e.g. by passing a command-line option, to add a custom SSL client certificate.

Once I figured out how to add the certificate for my OS, I struggled with the Certificate Selection dialog that opened each time I navigated to my test site. Even a manual selection of the certificate did not help (Chrome stores the time and outcome of the user selection in the used profile). The same dialog came up using the very same browser profile in my test case.

To be honest, the question on how to use a custom client certificate with XLT narrows down to how to do so for the desired target browser (when using the real browser test approach) and that’s clearly off-topic since XLT simply uses WebDriver/Selenium for browser automation. All restrictions that apply for WebDriver/Selenium also apply for XLT. And WebDriver/Selenium cannot support such a feature when the browser vendors don’t offer ways to do it.

There is one option left that might work for your use-case: setup a proxy that performs the required authorization and configure the browser to route all traffic through it. This definitely works for basic-auth and maybe also for auth via SSL client certificates.

As last resort, you might also consider to switch to browser emulation via HtmlUnit which offers an easy way to use custom client certificates. In case you want to run load tests with XLT, this approach is the recommended one anyway (I can’t neglect to mention that this approach has its own drawbacks).

Please pardon all these bad news but it seems that there isn’t much left we can do here.


Supplement to my answer

Chrome policies are the key to get Chrome/Chromium auto-select the installed client certificate as described on StackOverflow and
There is no need for custom browser profiles at all.

For your use-case, you can simply install a policy that allows all client certificates for all URLs:

  "AutoSelectCertificateForUrls": [ "{\"pattern\":\"*\",\"filter\":{}}" ]

In case you have more than one client certificate installed, you might have to configure more complex pattern/filter rules.

Please note that on Linux policies are expected to reside in /etc/opt/chrome/policies for Chrome and /etc/chromium/policies for Chromium.