K6 pass CA cert without password in http post request

I am working on the load testing scenario where I need to pass the CA certificate in the post request. I am using K6 tool for the testing purpose using JavaScript.

The issue I am facing is that the CA certificate does not have any private key, and the only way I found from the documentation is using SSL/TLS client certificates.

It takes 3 parameters

  • Domain Name
  • Cert File
  • Key File

SSL-TLS code

I want to hit a request to an API and in its response I will be getting the certificate. Similarly another request will be executed for its private key. But for that I need to pass a CA certificate with it

So, Is there any way to pass the certificate without having the key file in K6?

I need to pass the CA certificate in the post request

I am very confused and don’t understand what exactly you aim to do, sorry. The tlsAuth option doesn’t have anything to do with CA certificates, it’s about client-authenticated TLS handshake. Please explain in more detail exactly what you’re trying to do.

Thank you for the response ned. I am basically trying to make a API load testing program. But the API I wanted to request require certificates. The client has designed the code in such a way that for getting client side certificate and key you need to request on 2 different APIs and in the response of those two APIs, I will get the (cert.pem and privateKey.pem) respectively. But the requirement is I need to pass the CA cert with these 2 requests. And the only way of sending certificate I found in k6 documentation was using TLS/SSL.

So, My question is there any way to implement this scenario?

By “CA cert” you mean a “certificate authority certificate”, right? So I assume tlsAuth isn’t the option you want to use for that, given that you’re not authenticating your requests with this CA certificate, you are just sending it as a file in a normal request, right? So something like this should work: https://k6.io/docs/examples/data-uploads

Unfortunately, even if the above advice helps you, you are unlikely to be able to make this work with only k6. tlsAuth is a global option that needs to be set before the test starts, and you can’t make any HTTP requests in the init context (https://k6.io/docs/using-k6/test-life-cycle). So, I suggest getting the cert.pem and privateKey.pem outside of k6, for example by having a shell script that uses cURL to retrieve them, and then saving them to some file names and using open() and tlsAuth with them in k6 (maybe passing the paths to them via k6’s environment variables).

Yes I was trying the alternative to resolve this issue outside the k6. Thank you for the clearifaction. :slight_smile: