In this blog, I will guide you through the steps to generate auth token in JMeter using X509 client certificate.

Before getting started with, lets see how does X509 certificate authentication differs from the Client credentials authentication using client ID and client secret. In Client credentials authentication, the client secret is shared between the client and authorization server, so that client uses the same client secret in the request header which is sended to authorization server for auth token generation. In X509 certificate authentication, an encrypted digital certificate is shared with authorization server by the client.

X509 certificate authentication is more secure when compared with Client credentials authentication as it uses public-key cryptography.

Software Dependencies:

Please make sure that all the 3 below mentioned softwares are installed. After installing, set the “PATH” variable in environment settings. Setting up PATH variable for Apache JMeter is optional.

• Java 11
• Apache JMeter
• OpenSSL

Steps to generate authorization token:

1. Generate and keep the [certificate_file_name].pem and [key_file_name].pem files in same folder.
2. Either open the command prompt by typing cmd in the address bar of the folder where .pem files are located or open it from the start menu of the windows and navigate to the folder using cd command.
3. Type or copy paste the following command in command prompt – openssl pkcs12 -export -name [any_name] -in [certificate_file_name].pem -inkey [key_file_name].pem -out [output_file_name].p12 -passout pass:[password].
4. A new output file will be created based on the name provided for the –out switch in the same directory where [certificate_file_name].pem and [key_file_name].pem files reside.
5. Move the newly generated output file based on .p12 file type to bin folder of JMeter.
6. Open the system.properties file which you can find inside the bin folder of JMeter and search for javax.net.ssl.keyStore.
7. Uncomment the following two properties javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword by removing the hashtag in front of them, if they are commented out.
8. Assign the –out switch’s value as value of the javax.net.ssl.keyStore property and -passout pass:  switch’s value as value of the javax.net.ssl.keyStorePassword property. Save the file and restart the JMeter if it is already opened.
9. Open the .jmx script in JMeter and run it.
10. Post successful run, click on the log viewer panel icon at top right in JMeter to validate the keystore filename which is loaded at the time of script execution (refer below image).

You can capture the access_token or auth_token value by using JSON Extractor a post processor test element if the server’s response is in JSON format and pass it on the succeeding requests’ header.

Cheers, Happy Learning!!!