This topic describes how you can use LoadComplete to perform load, stress and scalability testing of web pages to which you connect through the HTTPS protocol. The explanation assumes that you are familiar with recording HTTP traffic, creating virtual users, modifying properties of the recorded request and with other operations that are described in the Load Testing With LoadComplete topic.
HTTPS is used to secure data sent from one computer to another via the Internet. For instance, an HTTPS connection is established when an e-shop asks the user for a credit card number.
Secure connections do not require any special maintenance. When a secure connection is established, the user will continue working with the web site in the same way as before. However, secure connections add more work to web browsers and web server, because they have to encrypt data sent between computers.
In addition, secure and non-secure connections work via different ports. The default port for HTTPS connections is 443, while the default port for HTTP connections is 80. When a secure connection is established, the web server and Internet browser change the port automatically.
LoadComplete can record and simulate traffic using the following protocols:
SSL 2 and 3
TLS 1.0, 1.1 and 1.2
LoadComplete automatically recognizes secured connections made in:
Internet Explorer (ver. 10 and later)
Firefox (ver. 7 and later)
Client applications that use the WinINet or WinHTTP technology
Firefox (ver. 23 and later)
Other browsers and web client applications
Recorded traffic may include both secured and non-secured requests. To view requests made through secured connections:
Open the recorded user scenario for editing. To do that, right-click the scenario in the Project Explorer and then click Edit.
In the Scenario editor, click Connections on the editor toolbar. LoadComplete will show requests grouped by connections in the request tree:
Secured connections have the icon. Ordinary (non-secured) connections have the icon.
Select the needed secured connection in the Scenario Explorer. The SSL property in the Operation Editor panel shows whether LoadComplete will simulate the connection as secured during the test run.
Usually, creating load tests for secured web applications does not differ from creating tests for ordinary (non-secured) web applications.
However, if LoadComplete is not able to recognize and record secured requests in your web browser or web client application, you can record HTTP requests using non-secured connections and then switch the recorded connections to the secured mode (see the instructions below).
Change settings of the tested web server so that it can provide access to the tested pages both via secure and non-secure connections. That is, you should specify the ports that will serve the secure and non-secure connections.
The actual procedure for this depends on the web server you use. You may need to consult with the administrator of the web server under test.
Record a scenario for HTTPS load testing in the usual way. For complete information on how to do this, see Recording New Scenario.
In the recorded scenario, change the connection parameters:
Open the recorded scenario in the Scenario editor.
Click Connections on the editor’s toolbar. LoadComplete will group the recorded requests by connections.
In the Scenario Explorer, select the connection whose requests must be secured.
In the Operation Editor panel, select the SSL check box.
Set the Port parameter to 443 (it is a default port for HTTPS connections).
Save the changes.
In the same way, change the properties of every connection that you want to work in secure mode.
Run the scenario in the usual way.
When you connect to a secured web site, your browser gets information about the web server’s security certificate. If there is a problem with the certificate or with the way the server uses it, it shows a notification message about the problem and asks your permission to continue working with the web site.
When you are testing a secured web site with LoadComplete, the test engine ignores the certification errors and always considers the certificate as valid.
If you record HTTPS traffic in Firefox, you may get the This Connection Is Untrusted message. This can happen because LoadComplete replaces the tested web site’s certificate with its own certificate and Firefox may not be able to validate that certificate.
To ignore the message and continue recording:
Click I Understand the Risks.
Then click Add Exception.
In the Add Security Exception dialog, click Confirm Security Exception.
|Remember to remove the connection from the exception list when the testing is over.|
As an alternative, record the needed traffic in another web browser.
If you record a scenario in Firefox for a web server that uses HSTS mechanics, the server may decline your requests due to security reasons. You will get the This Connection is Untrusted warning message with no I Understand the Risks button.
To avoid the issue:
Configure Firefox to use a Windows certificate store as described in Preparing Web Browsers and Web Applications.
Record your scenario in Firefox using the browser’s private mode.
As an alternative, you can record the needed scenario in another web browser.
LoadComplete posts information on authentication errors and their possible causes to the test log. If such an error occurs, examine the Details panel of the test results.
Starting from version 3.2, LoadComplete no longer supports Windows XP and Windows Server 2003. Starting from version 4.7, LoadComplete no longer supports Windows Vista. Starting from version 4.9, LoadComplete no longer supports Windows Server 2008. You cannot record scenarios and run load tests on these operating systems.