Handling of SSL Certificates in Selenium WebDriver

What is an SSL Certificate?

SSL (Secure Sockets Layer) is an essential security protocol designed to create a secure, encrypted connection between a web server and a browser, ensuring safe data transmission. SSL certificates play a vital role by verifying a website’s authenticity, allowing sensitive information like login credentials, payment details, and personal data to be exchanged securely.

Beyond encryption, an SSL certificate adds a level of credibility to the website, protecting visitors from phishing threats by confirming that the site is genuine. This encryption shields all shared information from unauthorized access, safeguarding data integrity and privacy in online interactions.

What is an untrusted certificate?

When users attempt to access a website with an SSL certificate installed, the certificate acts as a digital verification tool, assuring them that the site they are visiting is indeed authentic and not a deceptive imitation. If there’s an issue with the certificate such as it being expired, untrusted, or mismatched the browser will display a warning message, often stating, “This Connection is Untrusted.”

This alert signals to users that their connection may not be secure and advises them to proceed with caution or avoid sharing sensitive information on the site. By providing this warning, SSL certificates help users make informed choices about their online security, protecting them from potential risks such as phishing or data breaches.

Benefits of SSL Certificate

• One can easily increase their users’ and customers’ trust by enhancing business growth rapidly.
• An SSL certificate creates a secure online transactions and customers information like usernames, passwords, credit card numbers, debit card information.
• Keep hackers from spying the information.
• Boosts in ranking and increase brand value. In Google website gets better ranking if it is SSL Certificates is valid.
• Secure payments to experience safe shopping.

SSL-Certificate websites start with https:// where you can see a lock icon or green address bar if the connection is secure.

For example, through net banking, if you want to do some transaction or want to purchase any item through e-commerce sites such as Myntra or Amazon

What happens between the Web Browser and the Server?

1. The browser will request the webserver to identify by itself and it tries to connect with a website secured with SSL. 
2. To the browser, the server will send a copy of its SSL certificate.
3. The browser will verify whether the SSL certificates is valid. If yes, it will send a message to the server
4. To start an SSL encrypted session the server will send back a digitally signed acknowledgment and between the server and the browser, the encrypted data is shared.

In doing so, you need to send out sensitive information such as credit or debit card details or login credentials and that has to send out securely so that it cannot be hacked by hackers.

For Example

1. Type https://www.amazon.com/
2. Click Enter.
3. You will see an address bar in the browser as below:-

Types of SSL Certificates

Using the SSL Certificate mechanism the browser and server can establish a secure connection. This connection havs three types of certificates.

• Root
• Intermediate
• Server Certificate

Process of getting an SSL Certificate

The process of getting an SSL certificate follow below steps:-

1. First, you need to create a CSR (Certificate Signing Request) request.
2. CSR request will create a CSR data file, which is sent to the SSL certificate issue i.e CA (Certificate Authority).
3. The Certificate Authority will use the CSR data files to create an SSL certificate for your server.
4. You have to install it on your server once after receiving the SSL certificate.
5. You also need to install an intermediate certificate which ties your SSL certificate with CA’s root certificate.

Types of SSL Certificate Errors

Suppose in the web-browser you type some website URL request and get a message as “This connection is Untrusted” or the “The site’s security certificate is not trusted” based on the browser you are using. Then such error leads to an SSL certificate error.

Now, with the requested certificate if the browser is unable to establish a connection, then the browser will throw an “Untrusted Connection” exception.

The certificate errors you see in different browsers are

1. Firefox – This connection is untrusted
2. Google Chrome -This site security is not trusted
3. Internet Explorer ( IE) – This security certificate presented by this website was not trusted by a trusted certificate authority (CA)

How to Handle SSL Certificate Error in Firefox browser?

In the Firefox browser sometimes we get the SSL certificate error because the Firefox profile doesn’t have the certificate, so to overcome this issue, we manually create a Firefox profile, and we use the same profile with our Selenium webdriver. We follow the below steps to resolve this:

• Create a firefox Profile
• Now we need to set the setAcceptUntrustedCertificates() method to true and in the Firefox profile set the method setAssumeUntrustedCertificateIssuer() to false 

Selenium Automation Script for Firefox:

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.firefox.FirefoxProfile;
 
public class SSLCertificateHandleFirefox
{
public static void main(String[] args)
{
//Creation of firefox profile
FirefoxProfile profile=new FirefoxProfile();
 
// It set the value to true
profile.setAcceptUntrustedCertificates(true);
 
// It will open the firefox browser through above created profile
WebDriver driver=new FirefoxDriver(profile);
driver.get("pass the URL of the browser");
 
}
 
}

Handling of SSL Certificate Error in Chrome & IE browser?

With the help of a firefox profile in the Firefox browser, we handle SSL certificate errors, but for the chrome & IE browser, to get and accept the SSL certificate error on run time we take the help of desired capabilities. 

How to Test an SSL Certificate?

In this guide, we’ll explore how to manage SSL Security Certificate errors across different browsers, including Chrome, Internet Explorer (IE), and Firefox. SSL errors can occur when a site’s security certificate is untrusted, expired, or improperly configured, often leading to warning messages that disrupt access to the site.

Understanding how to handle these errors is essential for testers and users alike, as it allows continued testing or browsing without compromising security.

Each browser employs distinct configurations and settings to manage SSL Security Certificate issues, as these errors can prevent users from accessing websites securely. Understanding how to bypass or resolve SSL certificate errors across popular browsers such as Chrome, Internet Explorer (IE), and Firefox is especially beneficial for testers and users alike.

Each browser may display different warning messages or blocking screens when an SSL certificate is untrusted, expired, or misconfigured. By learning specific steps for handling these SSL errors, users can continue browsing safely, while testers can maintain smooth test execution without interruptions.

In the following guide, we’ll delve into the particular approaches for addressing SSL Security Certificate errors in Chrome, IE, and Firefox, allowing both testers and end-users to work effectively and navigate secure web pages without unnecessary delays or disruptions.

Steps for Chrome Browser:

• For Desiredcpabilities class create the object
• Set the ACCEPT_SSL_CERTS as true
• With the capability open the chrome browser

// Create the object of DesiredCapabilities class using chrome
DesiredCapabilities capability=DesiredCapabilities.chrome();
 
// Set ACCEPT_SSL_CERTS variable to true
capability.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
 
 
// Set the chrome driver path
System.setProperty("webdriver.chrome.driver","Path of the Chrome driver");
  System.setProperty("webdriver.chrome.driver", "C:\\Users\\chromedriver_win32\\chromedriver.exe");
 
 
// Open the browser
WebDriver driver=new ChromeDriver(capability);
        driver.manage().timeouts().implicitlyWait(10, TimeUnit.SECONDS);
//Enter the site URL where you are facing SSL error.
  driver.get("Enter site URL");

Steps for IE Browser:

We follow the same process as we follow for the Chrome browser in the IE browser to handle the certificate issue.

// Create object of DesiredCapabilities class for IE browser
DesiredCapabilities capabilities=DesiredCapabilities.internetExplorer();
 
// Set ACCEPT_SSL_CERTS variable to true
capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
 
// Set the driver path
System.setProperty("webdriver.ie.driver","Path of the IE driver ");
System.setProperty("webdriver.chrome.driver", "C:\\Users\iedriver_win32\\internetexplorerdriver.exe");
 
 
 
// Open browser with capability
WebDriver driver=newInternetExplorerDriver(capabilities);
driver.manage().timeouts().implicitlyWait(10, TimeUnit.SECONDS);
 
//Enter the site URL where you are facing SSL error.
driver.get("Enter site URL");

Conclusion:

In summary, SSL (Secure Sockets Layer) is a foundational security protocol designed to create an encrypted connection between a client (such as a browser) and a server, ensuring safe data transmission across the web.

This protocol is made possible through the use of an SSL Certificate, which serves as a digital authentication tool to verify the legitimacy of the website and encrypt the data exchanged.

However, when a secure connection fails, SSL certificate errors may arise, alerting users that their connection to the site is potentially insecure. These errors can occur for various reasons and impact the trustworthiness of the site.

Key points about SSL and SSL Certificate errors:

• SSL (Secure Sockets Layer) is a standard security protocol will establish a secure connection between the client and the server
• To establish a secure connection the browser and the server use the SSL Certificate mechanism.
• SSL certificate error will occur when a secure connection is not established between the client and the server.

Call to Action

In Selenium WebDriver, handling SSL Certificate errors is essential for smooth, uninterrupted test execution, especially when testing secure applications. SSL errors can disrupt automated tests by blocking access to secure sites. Selenium WebDriver provides options to bypass these certificate warnings, enabling tests to proceed seamlessly on browsers like Chrome, Firefox, and Internet Explorer.

For those interested in mastering Selenium automation, including SSL error handling, H2K Infosys offers a comprehensive Selenium training program. With hands-on projects, real-world scenarios, and expert-led instruction, this course covers essential skills to make you proficient in web automation.

Ready to excel in Selenium automation testing? Join H2K Infosys and get equipped with in-demand skills to handle SSL errors and much more. Enroll today and take the first step towards becoming a skilled automation tester!