getting past untrusted HTTPS connections with selenium

A common problem many Selenium users run into is the untrusted connection warning.

This happens when an SSL certificate is unsigned, self-signed, or doesn’t match the domain name, a common scenario in test environments. In Firefox it used to be a popup modal dialog that needed dismissed by clicking “ok” or “so what” or something along those lines. More recent versions of Firefox (I have 3.5.8) bring up an intermediate page that says “This Connection is Untrusted” and looks like this:

What should you do?

  1. Click “I Understand the Risks”
  2. Click “Add Exception”
  3. Click “Get Certificate”
  4. Make sure “Permanently store this exception” is checked (it is by default)
  5. Click “Confirm Security Exception”

There, now don’t you feel safer for all that clicking.

Earlier releases of Firefox 3.5  had a bug that it wouldn’t “permanently” store the SSL Certificate, and there was even a plugin created to fix that.

Well, that’s all fine a dandy, but unless you want to click through that manually every time you run tests in Selenium, you’ve got a problem.  See, it’s not an actual page, which means there’s no DOM for javascript to access,  so you can’t use selenium to click through it.  And selenium starts fresh with a new profile every time.

But that’s only by default.  You can tell Selenium to use an existing profile as a template by passing the -firefoxProfileTempate flag like this:

java -jar selenium-server.jar -firefoxProfileTemplate  "c:\Documents and Settings\Aaron Evans\Application Data\Mozilla\Firefox\Profiles\5rdxety0.default"

If you’ve already dismissed the dire warnings manually with your existing profile, now Selenium will sail right through.  But only if you use Firefox.  I’ll tell you how to get past this problem with IE, Opera, Chrome, and Safari another day.

But first, let’s create a custom profile that doesn’t have all the junk you’ve loaded into Firefox (like vimperator and firebug) to make it run a bit quicker and cleaner.

  1. Close all your firefox windows down (don’t forget the quick launch if you have that)
  2. Launch firefox from the command line with
    firefox.exe -ProfileManager -no-remote
  3. Click “Create Profile”
  4. Click “Next” on the Create Profile Wizard” nonsense popup
  5. Create a name for your new profile — I think “Selenium” is pretty descriptive
  6. Click “Choose Folder”
  7. Pick something easy to find — like “C:\selenium\firefox_profile”
  8. Click Finish

Now click through and accept all the SSL certificates on the site you need to run Selenium tests on, repeating the process described above.

Finally, launch selenium-server and specify the profile you just created:

java -jar selenium-server.jar -firefoxProfileTemplate c:\selenium\firefox_profile

You can do a bunch of other cool stuff with your firefox profile for selenium, but we’ll talk about that later.  I’m eager to hear what others have done as well.

One thing I’d like to figure out is how to get rid of that update manager popup that shows up every time I run tests (but doesn’t interfere with them.)

About these ads

25 thoughts on “getting past untrusted HTTPS connections with selenium

  1. Would you tell me if I’m missing something. I did the following:
    1. created the profile as described above
    2. started the rc with the firefox_profile with no errors.
    3. executed the firefox test

    Odd things:
    1. the Add-on popup comes up with firefox
    2. the test fails with the following java error

    C:\Program Files\Mozilla Firefox>java -jar “C:\xampp\htdocs\app\webroot\testscri
    pts\OAA Smoke Test\jar\7.jar” 127.0.0.1 80 *firefox http://home:8080/ 12749876509407345 78
    May 28, 2010 11:15:42 AM bromine.brunit.Database getLogin
    SEVERE: null
    java.io.FileNotFoundException: ..\config\database.php (The system cannot find th
    e path specified)
    at java.io.FileInputStream.open(Native Method)
    at java.io.FileInputStream.(Unknown Source)
    at java.io.FileInputStream.(Unknown Source)
    at bromine.brunit.Database.getLogin(Database.java:59)
    at bromine.brunit.Database.(Database.java:39)
    at bromine.brunit.BRUnit.setUp(BRUnit.java:44)
    at TestNew.main(TestNew.java:46)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoa
    der.java:56)
    May 28, 2010 11:15:42 AM bromine.brunit.Database
    SEVERE: null
    java.sql.SQLException: The url cannot be null
    at java.sql.DriverManager.getConnection(Unknown Source)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at bromine.brunit.Database.(Database.java:41)
    at bromine.brunit.BRUnit.setUp(BRUnit.java:44)
    at TestNew.main(TestNew.java:46)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoa
    der.java:56)
    java.lang.NullPointerException
    at bromine.brunit.Database.sqlExecute(Database.java:128)
    at bromine.brunit.BRUnit.customCommand(BRUnit.java:211)
    at TestNew.main(TestNew.java:53)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoa
    der.java:56)

    C:\Program Files\Mozilla Firefox>java -version
    java version “1.6.0_20″
    Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
    Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)

  2. Frank-

    I can’t help you with the error message other than guessing it has something to do with Bromine.

    It looks like the add-on popup is an annoyance we’ll have to live with for now. It shouldn’t have any effect on the test execution.

    • I don’t, since there’s no equivalent to a firefox profile template. It may be that manually accepting the certs in IE will work if your IE settings are the same when launched by selenium. You might need to mess with your security settings in IE as well. IEHTA might have other issues.

  3. I am working on https:/ site and getting the following pop-up in IE versions and I am not able to run my script.
    ” This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?”

    Can you please elaborate the problem, I have done most of the settings for IE browser.

    • Jaideep-

      This sounds unrelated to the SSL certificate issue, and might be a cross-site scripting warning. I haven’t seen it before.

      Or it could be a version of the “This page contains secure and unsecure items” message which is usually an indication that it’s accessing static content (images, js, css, etc.) that is not HTTPs.

      “Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connections. which could compromise the security of the entire webpage.”

      What versions of IE and Selenium are you running?
      Do you have an example that I can try to duplicate?
      Does this page reproduce the problem?
      https://one-shore.com/secure-page-with-insecure-content.html

      A couple of command line options to starting selenium server you might try are:
      -trustAllSSLCertificates
      -proxyInjectionMode

      Unfortunately, selenium can’t access dialogs like that in IE the way it can to dismiss javascript alerts, prompts, and confirmations. I’m not sure, but webdriver (and Selenium 2 — just released!) might be able to do that.

  4. I implemented your workaround, but the selenium server cannot launch a browser anymore.
    It works fine with the default profile (but reports Untrusted Connection).

    Below is the exception.
    Any ideas how I can solve this?

    08:57:07.427 ERROR – Failed to start new browser session, shutdown browser and clear all session data
    java.lang.ClassCastException: java.io.File cannot be cast to java.lang.String
    at org.openqa.selenium.server.browserlaunchers.BrowserOptions.getFile(Br
    owserOptions.java:123)
    at org.openqa.selenium.server.browserlaunchers.FirefoxChromeLauncher.ini
    tProfileTemplate(FirefoxChromeLauncher.java:164)
    at org.openqa.selenium.server.browserlaunchers.FirefoxChromeLauncher.mak
    eCustomProfile(FirefoxChromeLauncher.java:215)
    at org.openqa.selenium.server.browserlaunchers.FirefoxChromeLauncher.lau
    nch(FirefoxChromeLauncher.java:83)
    at org.openqa.selenium.server.browserlaunchers.FirefoxChromeLauncher.lau
    nchRemoteSession(FirefoxChromeLauncher.java:413)
    at org.openqa.selenium.server.browserlaunchers.FirefoxLauncher.launchRem
    oteSession(FirefoxLauncher.java:110)
    at org.openqa.selenium.server.BrowserSessionFactory.createNewRemoteSessi
    on(BrowserSessionFactory.java:373)
    at org.openqa.selenium.server.BrowserSessionFactory.getNewBrowserSession
    (BrowserSessionFactory.java:125)
    at org.openqa.selenium.server.BrowserSessionFactory.getNewBrowserSession
    (BrowserSessionFactory.java:87)
    at org.openqa.selenium.server.SeleniumDriverResourceHandler.getNewBrowse
    rSession(SeleniumDriverResourceHandler.java:786)
    at org.openqa.selenium.server.SeleniumDriverResourceHandler.doCommand(Se
    leniumDriverResourceHandler.java:423)
    at org.openqa.selenium.server.SeleniumDriverResourceHandler.handleComman
    dRequest(SeleniumDriverResourceHandler.java:394)
    at org.openqa.selenium.server.SeleniumDriverResourceHandler.handle(Selen
    iumDriverResourceHandler.java:147)
    at org.openqa.jetty.http.HttpContext.handle(HttpContext.java:1530)
    at org.openqa.jetty.http.HttpContext.handle(HttpContext.java:1482)
    at org.openqa.jetty.http.HttpServer.service(HttpServer.java:909)
    at org.openqa.jetty.http.HttpConnection.service(HttpConnection.java:820)

    at org.openqa.jetty.http.HttpConnection.handleNext(HttpConnection.java:9
    86)
    at org.openqa.jetty.http.HttpConnection.handle(HttpConnection.java:837)
    at org.openqa.jetty.http.SocketListener.handleConnection(SocketListener.
    java:243)
    at org.openqa.jetty.util.ThreadedServer.handle(ThreadedServer.java:357)
    at org.openqa.jetty.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
    08:57:07.427 INFO – Got result: Failed to start new browser session: Error while
    launching browser on session null

  5. Hi,

    Could you let me know how to handle this SSL issue in IE7.0. When i replay the test steps in Selenium RC through eclipse in IE7.0, I’m getting the SSL error.

    Any help will be highly appreciated.

    Regards,
    Venkatesh

    • Can you give me some more details?
      IE has a way to accept untrusted certificates, but be because there are not profiles, and Selenium doesn’t have the capability to select a profile, this solution won’t affect IE7. If you’re still having trouble after manually accepting the certificate in IE, running “*iehta”, and lowering your security level, let me know and I’ll investigate further.

      • Hi Fiji,

        Thanks for your much help. It working fine now after changing the run mode to *iehta.

        Thanks very much.

  6. Hi Fiji,

    Greetings. I found your site very informative.

    Currently I am doing a POC using WebDrive to automate our web applicaiton. I have a situation here, during login I am getting Untrusted Connection popup thing. I googled/searched a lot but could not find a solution. I tried in Selenium using your approach and able to go through the page (Still getting a popup ‘Secure Connection Failed’ which I am cancelling manually). Do you have any solution for WebDrive?

    Appreciate your time and help.

    Thanks & Regards
    Madan

  7. Hey —

    Hope all is well in Fiji !! In the old days (before kids) we used to do some diving in cayman … our diving pals spent some time in Fiji – very beatiful we heard …

    back to work :-)

    I’m working with selenium WebDriver and trying to cure the SSL certificate issue. Your article demonstates how to create a custom firefix profile that is used with Firefox …

    Now I am trying to implement the code below – You see below that it is requesting my ‘custom firefox profile name’ … This is java code that is part of my test case. I am working on Ubuntu … how do I create a custom firefox profile using firefox on ubuntu?

    The bin is here
    /usr/lib/firefox-3.6.23$/

    Other question would be – what is ‘custom firefox profile name’ – would this be a folder name as it seems to be on windows ??

    ProfilesIni allProfiles = new ProfilesIni();
    System.setProperty(“webdriver.firefox.profile”,”your custom firefox profile name”);
    String browserProfile = System.getProperty(“webdriver.firefox.profile”);
    FirefoxProfile profile = allProfiles.getProfile(browserProfile);
    profile.setAcceptUntrustedCertificates(true);
    webdriver = new FirefoxDriver(profile);

    Any tips are appreciated.
    Thanks
    Ciao
    Chris


    Chris Macgowan
    Cotheniusstr. 1
    10407 Berlin
    Germany

    t: +49 30 695 4000 4
    m: +49 0170 642 7608
    chris@macgowan.com

    http://www.macgowan.com

    http://www.mfilm.com

    • I’m actually in Seattle these days, but moving to Ecuador in January.

      “your custom firefox profile name” is either the name of the profile (you can see the names in the Firefox Profile Manager — the default profile is called “default”

      I’m not actually sure how to get webdriver using the firefox profile myself. I’ve seen SSL problems myself and have another friend who’s been asking about it. I’ll check it out.

  8. Hi
    You said ” I’ll tell you how to get past this problem with IE, Opera, Chrome, and Safari another day.”, I was just wondering if you had done this as I would love to know how to do it with Opera.

  9. Pingback: Untrusted HTTPS connections with selenium |Software Testing Software Quality Assurance

  10. hi, Even after following ur above steps I am getting this error,Can you please let me know what can be wrong? any help is much appreciated

    HTTP ERROR: 400

    Could not proxy https://XXXX:7002/console
    java.lang.RuntimeException: Couldn’t establish SSL handshake. Try using trustAllSSLCertificates.
    sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    RequestURI=/console

    Powered by Jetty://

  11. HI FIJI,
    great suggestion by you, but my request i am working on Opera browser i am getting that SSL certificate error while launching the Browser through Selenium RC, could you please suggest me the way to get out of it.
    your help is highly appreciated.

  12. I am using selenium 2.28.0 rc server.
    I am using comodo dragon as my browser.
    I am using java to launch selenium.

    I am sharing code snippet i am using

    RemoteControlConfiguration rcc = new RemoteControlConfiguration ();
    rcc.setTrustAllSSLCertificates(true);

    seleniumServer = new SeleniumServer(rcc);

    seleniumServer.start();

    String comodoPath = “*googlechrome C:/Users/”+ System.getProperty(“user.name”)+ “/AppData/Local/Comodo_Dragon/dragon.exe”;

    selenium = new DefaultSelenium(
    “localhost”,
    4444,
    comodoPath,
    “myTargetDomain”);

    selenium.start();
    selenium.setSpeed(“5000″);
    selenium.open(“myTargetAppcontext”);
    selenium.windowMaximize();

    I have also installed cybervillainsCA.cer in trusted root certification authority from comodo dragon browser.

    I alos tried same on firefox with *firefox mode, but getting same error

    I am badly stuck at this stage. Any help or pointer would be of great help.
    kindly let me know what i am missing .

    • I want to run selenium tests on secured site.

      But i am getting exception while trying to open the target url :

      Could not proxy https://
      java.lang.RuntimeException: Couldn’t establish SSL handshake. Try using trustAllSSLCertificates.
      sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      I am using selenium 2.28.0 rc server.
      I am using comodo dragon as my browser.
      I am using java to launch selenium.

      I am sharing code snippet i am using

      RemoteControlConfiguration rcc = new RemoteControlConfiguration ();
      rcc.setTrustAllSSLCertificates(true);

      seleniumServer = new SeleniumServer(rcc);

      seleniumServer.start();

      String comodoPath = “*googlechrome C:/Users/”+ System.getProperty(“user.name”)+ “/AppData/Local/Comodo_Dragon/dragon.exe”;

      selenium = new DefaultSelenium(
      “localhost”,
      4444,
      comodoPath,
      “myTargetDomain”);

      selenium.start();
      selenium.setSpeed(“5000″);
      selenium.open(“myTargetAppcontext”);
      selenium.windowMaximize();

      I have also installed cybervillainsCA.cer in trusted root certification authority from comodo dragon browser.

      I alos tried same on firefox with *firefox mode, but getting same error

      I am badly stuck at this stage. Any help or pointer would be of great help.
      kindly let me know what i am missing .

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s