Interacting with insecure SSL pages (eg. self-signed) in an automated test written for Selenium is an important feature. Especially when tests are getting run against locally served test pages. Under those circumstances you might never get fully secured websites served to the browser instance under test. To still allow running your tests with a successful test result, Selenium can instruct the browser to ignore the validity check, which will simply browse to the specified site without bringing up the SSL error page.
Since the default driver for Firefox was switched in Selenium 3.0 to Marionette by default, this feature was broken for a while, unless you explicitly opted-out from using it. The reason is that Marionette, which is the automation driver for Mozilla’s Gecko engine, hasn’t implement it yet. But now with bug 1103196 fixed, the feature is available starting with the upcoming Firefox 52.0 release, which will soon be available as Beta build.
Given that a couple of people have problems to get it working correctly, I wrote a basic Selenium test for Firefox by using the Python’s unittest framework. I hope that it helps you to figure out the remaining issues. But please keep in mind that you need at least a Firefox 52.0 build.
Here the code:
import unittest from selenium import webdriver from selenium.webdriver.common.desired_capabilities import DesiredCapabilities class InsecureSSLTestCase(unittest.TestCase): def setUp(self): self.test_url = 'https://self-signed.badssl.com/' capabilities = DesiredCapabilities.FIREFOX.copy() self.driver = webdriver.Firefox(capabilities=capabilities, firefox_binary='/path/to/firefox/binary') self.addCleanup(self.driver.quit) def test_page(self): self.driver.get(self.test_url) self.assertEqual(self.driver.current_url, self.test_url) if __name__ == '__main__': unittest.main(verbosity=2)
By using DesiredCapabilities.FIREFOX the default capabilities for Firefox will be retrieved and used. Those will also include “marionette: True“, which is necessary to enable webdriver for Firefox in Selenium 3. If not present the old FirefoxDriver will be utilized.
To actually enable accepting insecure SSL pages, the capabilities have to be updated with “acceptInsecureCerts: True“, and then passed into the Firefox’s Webdriver constructor.
That’s all. So enjoy!
Update: The capability for acceptInsecureCerts is set automatically when DesiredCapabilities.FIREFOX is used.
How is this done i C#. I cannot do DesiredCapabilities.FIREFOX.copy() nor have I any constructor matching webdriver.Firefox(capabilities=capabilities,
firefox_binary=’/path/to/firefox/binary’)
I’m not a use of C# but a quick look at the API documentation showed me the following: https://github.com/SeleniumHQ/selenium/blob/master/dotnet/src/webdriver/Firefox/FirefoxDriver.cs#L119-L128. Using the capabilities as parameter for the constructor is marked as obsolete. You should use FirefoxOptions instead.
Hi Henrik
Please share a sample selenium java code to handle SSL certificate.
Hi Satyanarayan, I’m not a Java expert and don’t know about the Selenium Java bindings at all. I’m sure while scanning the example code you might be able to figure out what to use for Java. Best, Henrik.
Hi
Thanks for your reply..
As per my understanding i am using below java code. But its not working.
System.setProperty("webdriver.marionette.driver","C:\\Program Files\\AFTv1.4\\Selenium\\geckodriver.exe");
ProfilesIni profile = new ProfilesIni();
FirefoxProfile myProfile = profile.getProfile("default");
myProfile.setAcceptUntrustedCertificates(true);
myProfile.setAssumeUntrustedCertificateIssuer(false);
WebDriver driver = new FirefoxDriver(myProfile);
driver.get("https://l4dridap1273:8446/web/retirement4x/login");
driver.close();
When i read https://seleniumhq.github.io/selenium/docs/api/java/org/openqa/selenium/firefox/FirefoxDriver.html correctly, those methods you are using here are marked as deprecated. You will have to use the desiredCapabilities or requiredCapabilities for the FirefoxDriver constructor.
Hey
As per your suggestion i am using desired capabilities now.
Still no luck here
DesiredCapabilities capabilities = DesiredCapabilities.firefox();
capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
capabilities.setJavascriptEnabled(true);
capabilities.setCapability("marionette", true);
System.setProperty("webdriver.marionette.driver","C:\\Program Files\\AFTv1.4\\Selenium\\geckodriver.exe");
WebDriver driver = new FirefoxDriver(capabilities);
driver.get("https://l4dridap1273:8446/web/retirement4x/login");
driver.close();
Sorry but I don’t know how the Java bindings are mapping the GeckoDriver capabilities as described here: https://github.com/mozilla/geckodriver/#webdriver-capabilities. It’s best to ask in the appropriate Selenium related channel.
Hey…
Now its working.
Thanks for your help and support.
Satyanarayan,
Could you share your working Java code for this issue? i have same issue. Thanks!
package demo1;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.remote.DesiredCapabilities;
public class Executer2 {
public static void main(String[] args){DesiredCapabilities capabilities = DesiredCapabilities.firefox();
capabilities.setCapability("acceptInsecureCerts", true);
capabilities.setJavascriptEnabled(true);
capabilities.setCapability("marionette", true);
WebDriver driver = new FirefoxDriver(capabilities);
System.setProperty("webdriver.gecko.driver", System.getProperty("user.dir") + "/geckodriver.exe");
driver.get("http://www.google.com");
driver.close();
}
}
Hello Henrik Skupin,
Could you share robotframework version of this solution? Thanks.
Sorry but I cannot provide solutions for all Selenium bindings. I just gave one for Python, and we got another one from Satyanarayan for Java – which is great. I don’t think that it will be too complicated for you to adapt those for the Robotframework.
First of all Big Big thanks to Henrlk for explaining this is so beautifully. I am able to bypass SSL Certificate issue with Selenium Webdriver 3..3.1 and FireFox 52.0.(Binding with Java)
All you need to do is
DesiredCapabilities capabilities = new DesiredCapabilities();
capabilities.setCapability(“acceptInsecureCerts”, true);
WebDriver wd = new FirefoxDriver(capabilities);
Thanks,
-Manoj
Hello,
This is the RobotFramework version as below:
${ffdc} Evaluate sys.modules[‘selenium.webdriver.common.desired_capabilities’].DesiredCapabilities().FIREFOX.copy() sys, selenium.webdriver
Set To Dictionary ${ffdc} acceptInsecureCerts=${True}
${BROWSER_ID} Selenium2Library.Create Webdriver Firefox capabilities=${ffdc}
Go to https://self-signed.badssl.com/
Hi Henrik,
I am still encountering issues with this. I am using Python, with Selenium 3.3.1, GeckoDriver 0.15.0 and FireFox 52.0.1. With the following code snippet:
caps = DesiredCapabilities.FIREFOX.copy()
caps[‘acceptInsecureCerts’] = True
self.DRIVER = webdriver.Firefox(executable_path=self.GECKODRIVER,
capabilities=caps)
But I now get a horrid error from webdriver:
File “/Users/dmankellow/git/ssc-product/mgmt/appliances/rbt_ssc/src/test/baxter/env/lib/python2.7/site-packages/selenium/webdriver/remote/webdriver.py”, line 727, in set_page_load_timeout
‘pageLoad’: int(float(time_to_wait) * 1000)})
File “/Users/dmankellow/git/ssc-product/mgmt/appliances/rbt_ssc/src/test/baxter/env/lib/python2.7/site-packages/selenium/webdriver/remote/webdriver.py”, line 238, in execute
self.error_handler.check_response(response)
File “/Users/dmankellow/git/ssc-product/mgmt/appliances/rbt_ssc/src/test/baxter/env/lib/python2.7/site-packages/selenium/webdriver/remote/errorhandler.py”, line 193, in check_response
raise exception_class(message, screen, stacktrace)
WebDriverException: Message: Message:
Sorry for the crude stacktraces. Any known bugs at all?
The following bug sounds related:
https://bugzilla.mozilla.org/show_bug.cgi?id=1342162
We will have to check that. Thank you for the report!
So this is actually a bug in the Python bindings of Selenium, which also has been fixed meanwhile. But it lacks a new release of the package.
OK, i’ll keep an eye out for that. Thanks for looking into it for me.
There’s tons of firefox related fixes in the Python bindings:
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/py/CHANGES
But it looks like the fix for my current issue is to be in the currently unreleased Firefox 53 (https://bugzilla.mozilla.org/show_bug.cgi?id=1342162). Fingers crossed for that.
Great write up, I can get your sample code to work but for my setup I need to use a specific firefox profile to utilize some certs I have already imported. Do you know how I can force it to use a specific profile as well?
There is a
profileproperty under the capabilities which can be used for that. Here you can find an example: https://github.com/mozilla/geckodriver/#capabilities-examplesFIY for ruby and geckodriver 1.8 the accept certs option is not set automatically. I have to do: