How to Handle SSL Certificates in Selenium

Welcome to our blog where we’ll explore how to handle SSL certificate issues while performing automation testing with Selenium. As automation testers, we often encounter SSL certificate problems while accessing secure websites during our test scenarios. This issue can be challenging, especially for beginners, but worry not! We’ll walk you through the process step-by-step to ensure a smooth testing experience.

What is SSL Certificate?
Types of SSL Certificates?
Common SSL Certificate Issues in Automation Testing
Bypassing SSL Certificate Errors in Selenium:
Handling SSL Certificate Errors with WebDriver
Handling SSL Certificate Issues in Headless Mode
Best Practices for Handling SSL Certificate Issues
Conclusion

What is SSL Certificate?

SSL (Secure Sockets Layer) certificates are digital certificates that establish a secure and encrypted connection between a web server and a browser. They ensure that data transmitted between the server and the browser remains confidential and protected from unauthorized access. SSL certificates are crucial for websites handling sensitive data such as login credentials, payment information, etc.

Types of SSL Certificates?

There are three main types of SSL certificates:

The root certificate is the most trusted certificate in the chain. It is issued by a trusted third party called a certificate authority (CA). The root certificate is used to verify the authenticity of the intermediate certificates.
The intermediate certificate is issued by a CA that is trusted by the root certificate. The intermediate certificate is used to verify the authenticity of the server certificate.
The server certificate is issued by a CA that is trusted by the intermediate certificate. The server certificate contains the website’s domain name and a public key that is used to encrypt data sent between the browser and the server.

Common SSL Certificate Issues in Automation Testing

While performing automation testing, SSL certificate issues may arise when accessing HTTPS websites. The most common SSL related problems are:

Expired Certificates: The SSL certificate has passed its validity period.
Self-Signed Certificates: Certificates signed by an individual or organization, rather than a trusted Certificate Authority (CA).
Domain Mismatch: The certificate is issued for a different domain than the one being accessed.
Untrusted Root Certificates: The certificate chain is not recognized by the browser or system.
Mixed Content: Loading insecure content (HTTP) on a secure page (HTTPS).
Revoked Certificates: The certificate has been invalidated before its expiration date.

Bypassing SSL Certificate Errors in Selenium:

To handle SSL certificate issues, we need to instruct the WebDriver to ignore or bypass the certificate errors. We can achieve this in two ways:

I. Using Desired Capabilities

DesiredCapabilities caps = new DesiredCapabilities();
caps.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
WebDriver driver = new FirefoxDriver(caps); // For Firefox browser

Here is an explanation of what the code does:

The first line creates a new DesiredCapabilities object.
The second line sets the acceptSslCerts capability to true. This tells the browser to accept all SSL certificates, even if they are not trusted by a CA.
The third line creates a new FirefoxDriver object and passes the DesiredCapabilities object as a parameter. This tells the WebDriver to use the DesiredCapabilities object when it opens the browser.

II. Using Browser Options

ChromeOptions options = new ChromeOptions();
options.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
WebDriver driver = new ChromeDriver(options); // For Chrome browser

Here is an explanation of what the code does:

The first line creates a new ChromeOptions object.
The second line sets the acceptSslCerts capability to true. This tells the browser to accept all SSL certificates, even if they are not trusted by a CA.
The third line creates a new ChromeDriver object and passes the ChromeOptions object as a parameter. This tells the WebDriver to use the ChromeOptions object when it opens the browser.

The acceptSslCerts capability is a boolean value that can be set to either true or false. If the value is set to true, the browser will accept all SSL certificates, regardless of whether they are trusted by a CA. If the value is set to false, the browser will only accept SSL certificates that are trusted by a CA.

The acceptSslCerts capability is available for all browsers that support Selenium WebDriver. To set the acceptSslCerts capability for a different browser, you would use the same code, but you would replace the ChromeDriver class with the class for the other browser.

Handling SSL Certificate Errors with WebDriver

Each browser’s WebDriver has specific methods to handle SSL certificate errors, let’s have a look at it:

I. Firefox WebDriver

FirefoxProfile profile = new FirefoxProfile();
profile.setAcceptUntrustedCertificates(true);
profile.setAssumeUntrustedCertificateIssuer(false);
WebDriver driver = new FirefoxDriver(profile);

Here is an explanation of what the above code does:

The first line creates a new FirefoxProfile object.
The second line sets the acceptUntrustedCertificates property to true. This tells the browser to accept all SSL certificates, even if they are not trusted by a CA.
The third line sets the assumeUntrustedCertificateIssuer property to false. This tells the browser not to assume that the issuer of a certificate is trusted, even if the certificate is not trusted by a CA.
The fourth line creates a new WebDriver object and passes the FirefoxProfile object as a parameter. This tells the WebDriver to use the FirefoxProfile object when it opens the browser.

II. Chrome WebDriver

ChromeOptions options = new ChromeOptions();
options.setAcceptInsecureCerts(true);
WebDriver driver = new ChromeDriver(options);

Here is an explanation of what the code does:

The first line creates a new ChromeOptions object.
The second line sets the setAcceptInsecureCerts property to true. This tells the browser to accept all SSL certificates, even if they are not trusted by a CA.
The third line creates a new WebDriver object and passes the ChromeOptions object as a parameter. This tells the WebDriver to use the ChromeOptions object when it opens the browser.

III. Edge WebDriver

EdgeOptions options = new EdgeOptions();
options.setAcceptInsecureCerts(true);
WebDriver driver = new EdgeDriver(options);

Working of above code is same as chrome webdriver code.

Handling SSL Certificate Issues in Headless Mode

Headless mode allows running tests without opening a browser window. To handle SSL certificate issues in headless mode use following code:

ChromeOptions options = new ChromeOptions();
options.setAcceptInsecureCerts(true);
options.addArguments("--headless");
WebDriver driver = new ChromeDriver(options);

Best Practices for Handling SSL Certificate Issues

Following are some of the best practices for handling SSL Certificate issues:

Always try to use the latest version of the WebDriver and browsers to ensure better SSL support.
Avoid using browser-specific features for SSL handling to keep your tests browser-independent.
Regularly update your browser’s Certificate Authorities list.
When encountering SSL issues, communicate with your development team to ensure they are aware of the problem.

Conclusion

In this blog, we’ve covered SSL certificate issues faced during automation testing with Selenium. By using the appropriate WebDriver capabilities and options, you can handle SSL certificate problems and run your tests smoothly. Remember to implement best practices and maintain clear communication with your team for a successful testing journey.