Error: Cannot Set Key File for Certificate in LRE 24.3

Disclaimer: The information provided in this article is for general informational purposes only. The author and the publisher do not guarantee the accuracy, completeness, or reliability of the information. The techniques and suggestions mentioned may cause harm if not implemented correctly. The author and the publisher are not liable for any damages resulting from the use or misuse of the information. Use your own judgment and exercise caution when applying the suggestions in this article. Always consult official documentation and experts, and test changes in a controlled environment before applying them to production systems. By using this information, you agree to hold the author and the publisher harmless from any liability or claim.

Applies to:

1. LoadRunner Enterprise 24.1 and above

2. LoadRunner Professional 24.1 and above

   Earlier versions such as LR 2020 and LR 2022 R2 are not affected, as they use OpenSSL 1.1.1

Issue:

When running REST Web Service scripts in newer versions of load testing tools (such as LRE 24.1/24.3), an error occurs while setting the certificate key file (.pem). The error message typically appears as:

"Unable to set certificate file cert.pem. File format may be invalid (must be ASN1 or PEM). [MsgId: MERR-27767]"

This issue does not occur in older versions (e.g., LR 2020 or LR 2022 R2), where the same scripts work successfully.

Cause:

Older versions of the tool use OpenSSL 1.1.1 for encryption of key files. In newer versions (24.1 and above), OpenSSL 3.0+ is used, which deprecates certain algorithms and private key formats for security reasons. As a result, certificates or private key files generated with older or weaker algorithms may no longer be supported.

The root cause is typically:

1. Incorrect or incompatible PEM format.

2. Low security level of the private key in the .pem file that does not meet OpenSSL 3.0+ requirements.

    

Steps:

To resolve the issue, follow these steps:

1. Regenerate the certificate and private key file (.pem) using a stronger algorithm such as sha256, which is supported by OpenSSL 3.0+.
2. Ensure that the regenerated private key matches the certificate and is saved in proper PEM format.
3. Verify the certificate format before use to confirm it complies with OpenSSL 3.0+ standards.

Please Note:

1. Always use the correct PEM format when generating certificates.
2. Keys generated with older algorithms (e.g., MD5, SHA1, or weak ciphers) are not supported in newer versions using OpenSSL 3.0+.
3. Use sha256 or stronger algorithms when creating certificates.

4. If upgrading from older versions (e.g., LR 2020 or LR 2022 R2), existing certificates may need to be reissued.

    

We hope this article provided you with the assistance you needed. If you would like to find out more regarding the Services and Support Offerings we provide, please reach out to our Sales Team.