Apache JMeter Root CA Secured Certificate

How to record JMeter script for a secured (https) application?

by

Before going to record any secured web application through JMeter, there is a requirement to add JMeter secured CA certificate in the browser. The secured web application can be recorded using the HTTP(S) Test Script Recorder in JMeter. The secured (HTTPS) connections use certificates to authenticate the connection between the browser and the web server. When connecting via HTTPS, the server presents the certificate to the browser. To authenticate the certificate, the browser checks that the server certificate is signed by a Certificate Authority (CA) that is linked to one of its in-built root CAs. JMeter needs to use its own certificate to enable a secured connection to intercept the HTTPS connection from the browser. Effectively JMeter has to pretend to be the target server.

How to install a JMeter certificate in different browsers?

You can follow the below steps to add the JMeter certificate in the respective browser:

Mozilla Firefox:

  1. Go to Firefox settings
  2. Search for the keyword ‘View Certificates’ or Go to the ‘Privacy & Security’ tab
  3. Go to the ‘Certificates’ section
  4. Click ‘View Certificates’
  5. Click ‘Authorities’
  6. Press ‘Import …’ button
  7. Browse ‘ApacheJMeterTemporaryRootCA.crt’ (available at apache-jmeter-X.X -> bin)
  8. Click Open
  9. Click ‘View’ and check that the certificate details agree with the ones displayed by the JMeter Test Script Recorder
  10. If OK, select ‘Trust this CA to identify websites’ and press OK
  11. Close dialogues by pressing OK as necessary

Google Chrome:

  1. Go to Chrome ‘Settings’
  2. Type ‘Certificate’ in the ‘Search Settings’ text box or Go to ‘Privacy and Security’
  3. Click ‘More’
  4. Click ‘Manage Certificates’
  5. Press ‘Imports…’ button
  6. ‘Certificate Import Wizard’ will open.
  7. Click ‘Next’
  8. Browser ‘ApacheJMeterTemporaryRootCA.crt’ (available at apache-jmeter-X.X -> bin)
  9. Click ‘Next’, ‘Next’ and ‘Finish’

Microsoft Edge:

  1. Go to Edge browser ‘Settings’
  2. Type ‘Certificate’ in ‘Search settings’ text box or Go to ‘Privacy and services’ and go to ‘Privacy’ section
  3. Under the ‘Privacy’ section you will get ‘Manage Certificates’, click on it.
  4. Goto
  5. Click ‘Manage Certificates’
  6. Press ‘Import…’ button
  7. ‘Certificate Import Wizard’ will open.
  8. Click ‘Next’
  9. Browser ‘ApacheJMeterTemporaryRootCA.crt’ (available at apache-jmeter-X.X -> bin)
  10. Click ‘Next’, ‘Next’ and ‘Finish’

Some Important Points regarding Apache JMeter Root CA Certificate:

  1. This certificate is created or updated automatically when you launch the JMeter for recording.
  2. The root CA certificate is used for recording the secured application or website. A non-secure application does not require this certificate.
  3. The validity of the root CA certificate is for 7 days from the date of generation.
  4. In case of expiration, you can delete the old certificate from the browser and import the newly generated certificate.
  5. JMeter root CA certificate is available in the /bin folder of Apache JMeter.

Leave a Comment