Problems recording HTTPS with VuGen

Recently a client had an urgent request to monitor a HTTPS URL due to poor availability and performance. No problem, give me the URL and I’ll have the monitor set up and running in 10 minutes. However, a simple task turned into an investigation of Vugen certificates and Windows security patching.

For any HTTPS request Vugen would not show any events after code generation and the recording browser would show:

The recording environment was:

  • Vugen 11.04
  • Windows XP
  • Internet Explorer 7

As HTTPS requests worked from normal browsing the problem pointed towards a Certificate issue somewhere between Vugen and the requested site. Investigation discovered that a recent Windows Security patch (http://support.microsoft.com/kb/2661254) now blocks all RSA certificates less than 1024 bits long.

This is a problem for Vugen as it uses RSA private key of length 512 bits in files wplusCA.crt and wplusCAOnly_.crt.

Note: In Vugen 11.50 these files are called 1.wplusCA_Expiration_2020.crt and wplusCAOnly_Expiration_2020.crt.

You can find the Vugen certificates in the following directory:

<LoadRunner installation folder>\bin\certs\

Fortunately HP are aware of the problem and have issued the following critical updates to increase the private key length to 2048 bits:

Note you will need a valid HP Support account to download these patches.

7 comments

Currently I have a web/http protocol recording issue with Vugen 12.53 using IE 11 under Win7 Professional SP1.

In the recording option, I setup a port mapping entry for the secure url with “test ssl “correctly. When record the secure website, the browser is redirected to the non-secure website. However manually open the secure website, the browser works fine. Can anyone help me on this issue?

Daniel Spavin

Hi Steven,
Is there a specific reason you’re using port mapping? Can you simply record via the HTTPS URI? If you need to, you can set the SSL version to TLS1.1 or SSL2/3 under the port mapping options, which may let you record without issue.

Thank you all of you

The problem has been resolved by Robin’s Suggestion but now i am facing the redirection problem the authentication page does not exists from were i can get authentication. can any one help me for the same

Hi all,

TO: David and Robin,
Thank you very much for your very valuable information about Loadrunner.

TO: Justin Huang,
I had the same problems. But that problem was solved by Robin’s suggestion. try to record vugen scripts with “WinInet level”.
And I thank you too, Justin. Because without your comment, I had never tried the Robin’s method.

Best Regards,
Katsumi Osawa

Security certificates has always been a problem with vugen scripting. SSL certificates in https://www.. urls are known to be a major complicacy in any load testing tool. Lot of load testing tools don’t have the ability to handle the ssl security keys and corelate.

Hi David,
Thanks for the post, but I just came across with another issue.
After I installed the patch “LR_03160.exe” without installing “LRVUG_00045.EXE “, LoadRunner can thus visit and record secure websites. But during the recording, IE sometimes may quit unexpectedly, without any error messages prompted. The current versions of VuGen and LoadRunner are both 11.00. No previous patches got installed yet.
Could you help to investigate this issue? Any advice is much appreciated!
Regards

Doubt it is related but I had an issue not being able to record a specific intranet https website, errors in the vugen recording log showed:
[Net An. Error ( 980: dd4)] SSL_connect(ssl_id = 29744712 = 01C5DE48) Failed, ctx = 01C49C78, err = “SSLv2/v3 read server hello A”, err code = 5
[Network Analyzer ( 980: dd4)] (Sid: 6) Negotiate Proxy -> Server SSL Handshake (ssl:TLSv1, ciphers:(NONE))
[Network Analyzer ( 980: dd4)] (Sid: 6) Negotiate Client -> Proxy SSL Handshake (ssl:TLSv1, ciphers:AES128-SHA)

The solution was to switch to recording it using ‘WinINet level data’ instead of the default ‘Socket level data’ found under recording options > Network > Port Mapping. You can still playback using Sockets.

Leave a Reply