Skip to main content

Handling Untrusted SSL certificates in Firefox browser

Firstly, WHAT IS SSL CERTIFICATE ?

SSL is used to keep sensitive information which is sent across the Internet encrypted so that only the intended recipient understand it. This is important because, the information that we send on the internet is passed from one system to other system to the destination server.
If it is not encrypted with an SSL certificate, any computer in between you and the destination server can see your private information such as credit card numbers, usernames, passwords and other sensitive information.
When an SSL certificate is used, the information will be encrypted and it will ensure that you are sending information to the right server and not to a criminal’s server.

WHEN DO WE GET UNTRUSTED CONNECTION ERROR

When ever you try to visit a website whose web address starts with https, your communication with this site is encrypted to ensure your privacy. Before starting the encrypted communication the website, you will be presented with a "certificate" to identify itself.
The certificate helps to determine whether the site you are visiting is actually the site that it claims to be. If there is any problem with the certificate, you will see an alert saying 'This Connection Is Untrusted'. What it means is that browser (Firefox/Chrome etc) isn't able to verify the identity of the website, there cab be several problems which can cause browser to reject a certificate.
This is how the error looks like :
handle SSL certificates with selenium
The below are the common errors that we see :

1. Certificate will not be valid until (date)

Error code: sec_error_expired_issuer_certificate
This error can occur if our system clock has the wrong date, check error message which will be in the past. We can fix this problem, by setting system clock to current date.

2. Certificate expired on (date)

Error code: sec_error_expired_certificate
This error occurs when a website identity certification has expired. This can also occur if system clock has the wrong date. We can fix this problem, by setting system clock to current date.

3. Certificate is only valid for (site name)

Error code: ssl_error_bad_cert_domain
This error says that the identification sent to you by the site is actually for another site. While anything you send would be safe from eavesdroppers , the recipient may not be the same who you think it is.
The above listed errors are the common errors, you may come across other errors which actually depends on the websites that you access.
Now Let us see how to handle SSL Untrusted Connection and Accept with Selenium webdriver. Let me try to do with Firefox browser first and then we will go with other browsers.
We will create new firefox profile and set 'setAcceptUntrustedCertificates' as true and setAssumeUntrustedCertificateIssuer as false.
package com.example;

import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.firefox.FirefoxProfile;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

public class SSLExample {
 
 private WebDriver driver;

 @BeforeClass
 public void setUp() {
  //Creating new Firefox profile
  FirefoxProfile profile = new FirefoxProfile();
  profile.setAcceptUntrustedCertificates(true); 
  profile.setAssumeUntrustedCertificateIssuer(false);
  driver = new FirefoxDriver(profile); 
  driver.manage().window().maximize();
 }
 
 @Test
 public void openApplication() {
  System.out.println("Navigating application");
  driver.get("https://cacert.org/");
  WebElement headingEle = driver.findElement(By.cssSelector(".story h3"));
  //Validate heading after accepting untrusted connection
  String expectedHeading = "Are you new to CAcert?";
  Assert.assertEquals(headingEle.getText(), expectedHeading);
 }
 
 @AfterClass
 public void tearDown() {
  if(driver!=null) 
   driver.quit();
 }
 
}
Done. You have now accepted the SSL Certificate with Selenium webdriver.
Labels:

Comments

Post a Comment

Popular posts from this blog

Performance Testing in the Cloud with JMeter & AWS

JMeter is a wonderful tool  to stress test your website and  your application architecture , however if you are trying to simulate many users (>1000) one JMeter instance (=pc) will not be sufficient. You will have to set up a JMeter cluster with multiple machines. JMeter is capable or running  distributed tests , but it comes with limitations. Since most of us don’t have multiple servers laying around somewhere, we usually go to cloud service providers like  AWS , spin up a couple of  EC2 instances  and turn them off whenever we’re done. Here is the problem, JMeter uses  Java RMI (Remote Method Invocation)  to communicate to its slaves, but these connections require all machines to be on the same subnet and this is not feasible with EC2 instances. Below, I explain how to get around this problem using a 3 node configuration in AWS to execute tests. I assume that you have a written the test already and have the .jmx file r...
Post a Comment
Read more

JMeter Exceeded Maximum Number of Redirects Error Solution

While running performance test, JMeter allows maximum 5 redirects by default. However, if your system demands more than 5 redirects, it may result in JMeter exceeded maximum number of redirects error. In this post, we have listed down steps to overcome this error. Actual error in JMeter: Response code: “Non HTTP response code: java.io.IOException” Response message: “Non HTTP response message: Exceeded maximum number of redirects: 5” This error is noticed because  JMeter  allows maximum 5 redirects by default and your system may be using more than 5 redirects. You need to increase this count to more than 5 in jmeter.properties file. Follow below steps to achieve this. Navigate to /bin directory of your JMeter installation. Locate jmeter.properties file and open it in any editor. Search for “httpsampler.max_redirects” property in opened file. Uncomment the above property by removing # before it. Change to value to more than 5 Eg. 20. Save the file and restart JMet...
Post a Comment
Read more

SSO with SAML login scenario in JMeter

SAML(Security Assertion Markup Language) is increasingly being used to perform single sign-on(SSO) operations. As WikiPedia puts it, SAML is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. With the rise in use of SAML in web applications, we may need to handle this in JMeter. This step-by-step tutorial shows SAML JMeter scenario to perform login operation. First request from JMeter is a GET request to fetch Login page. We need to fetch two values ‘SAMLRequest’ and ‘RelayState’ from the Login page response data. We can do this by using  Regular Expression Extractor . These two values need to be sent in POST request to service provider. Refer below image to see how to do this. We will get an HTML login page as a response to the request sent in 1st step. We need to fetch values of some hidden elements to pass it in the next request. We...
Post a Comment
Read more