Menu

Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.

Documentationbreadcrumb arrow Grafana k6breadcrumb arrow Using k6breadcrumb arrow Protocolsbreadcrumb arrow SSL/TLSbreadcrumb arrow SSL/TLS client certificates
Open source

SSL/TLS client certificates

Discussion about TLS certificates is usually about how clients authenticate servers. However, both TLS and k6 also support the reverse process, in which servers authenticate clients.

To use client certificates, specify global configuration options that tell k6 how to map a public certificate and private key to the domains they are valid for. You can load the certificate and key from local files or embed them as strings in the script.

Loading a certificate and a key from local files

To load a certificate and a key from local files, use the builtin open(...) function:

JavaScript
import http from 'k6/http';

export const options = {
  tlsAuth: [
    {
      domains: ['example.com'],
      cert: open('./mycert.pem'),
      key: open('./mycert-key.pem'),
    },
  ],
};

export default function () {
  http.get('https://example.com/');
}

Loading certificate and key from embedded strings

To load the certificate and key from embedded strings, use this snippet. Note the use of template literals for multi-line strings):

Note

These are just example keys.
JavaScript
import http from 'k6/http';

const CERT = `-----BEGIN CERTIFICATE-----
MIIFgTCCA2kCAQEwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlNFMRcwFQYD
VQQIEw5TdG9ja2hvbG1zIExhbjESMBAGA1UEBxMJU3RvY2tob2xtMRcwFQYDVQQK
...
/n5QrTGhP51P9Q1THzRfn6cNCDwzSTMVEJr40QhuTJQWASe3miuFmZoG5ykmGqVm
fWQRiQyM330s9vTwFy14J2Bxe4px6cyy7rVXvYL2LvfA4L0T7/x1nUULw+Mpqun1
R3XRJWqGDjBKXr5q8VatdQO1QLgr
-----END CERTIFICATE-----`;

const KEY = `-----BEGIN RSA PRIVATE KEY-----
KsZVVI1FTX+F959vqu1S02T+R1JM29PkIfJILIXapKQfb0FWrALU5xpipdPYBWp7
j5iSp06/7H8ms87Uz9BrOA6rytoRSE0/wEe5WkWdBBgLLPpfOSWZsAA5RGCB2n+N
...
Dk+frzKuiErHFN7HOHAQannui4eLsY0ehYMByowgJIUGzIJyXR6O19hVhV7Py66u
X7/Jy01JXn83LuWdpaPAKU+B42BLP0IGXt5CocPms07HOdtJ/wm2zwHTyfjn9vu+
HO/dQr6a7DhRu2lLI9Sc983NwRqDKICZQQ/+gqWk8BgQZ1yI9O4AYkzywzAEk3py
-----END RSA PRIVATE KEY-----`;

export const options = {
  tlsAuth: [
    {
      domains: ['example.com'],
      cert: CERT,
      key: KEY,
    },
  ],
};

export default function () {
  http.get('https://example.com/');
}