What is SSL Certificate
SSL (Secure Sockets Layer) is a standard security protocol for establishing a secure connection between the server and the client which is a browser.
There are number of benefits of using SSL certificate like,
- One can increase their users' and customer's trust in order to enhance the business' growth rapidly
- These certificates help to secure online transactions and customers sensitive information like credit-card/debit-card data, etc.
- Signing certificate tends to get a maximum number of downloads and good reviews from users.
SSL-secured websites begin with https:// and you can see a lock icon or green address bar if the connection is securely established.
For example, if you want to do some transaction via net banking or want to purchase a Mobile phone through e-commerce site such as Flipkart or Amazon.
What happens between the Web Browser and Server
- A browser tries to connect with a website secured with SSL. The browser requests the webserver to identify itself
- The server sends the browser a copy of its SSL certificate
- The browser verifies whether the SSL certificate is genuine. If so, it sends a message to the server
- The server sends back a digitally signed acknowledgment to start an SSL encrypted session
- The encrypted data is shared between the server and the browser
In doing so, you need to transmit sensitive information such as credit card numbers or login credentials and that has to transmit securely so that it cannot be hacked or intercept.
For example
- Type https://netbanking.hdfcbank.com/netbanking/ .
- Hit Enter.
- You will see a green address bar in the browser as below :-
How Does the SSL Certificate Create a Secure Connection
- Browser sends HTTPS request to the server.
- Now Server must provide some identification to Browser to prove that it is trusted. This can be done by sending a copy of its SSL certificate to the browser.
- Each Browser has its own list of Trusted CA's. Browser checks the certificate root against its list of trusted CAs and that the certificate is unexpired, unrevoked, and that the common name is valid for the website that it is connecting to.
- If the browser trusts the certificate, an encrypted session is created between the server and the browser.
- Server and Browser can send encrypted messages
Types of SSL Certificates
Browser and the server use SSL Certificate mechanism to be able to establish a secure connection. This connection involves verification of three types of certificates.
- Root
- Intermediate
- Server Certificate
Process of getting SSL Certificate
The process of getting SSL certificate includes below steps:-
- First, you must create CSR (create a Certificate Signing Request) request.
- CSR request creates CSR data file, which is sent to SSL certificate issuer known as CA (Certificate Authority).
- The CA uses the CSR data files to create SSL certificate for your server.
- After receiving the SSL certificate, you have to install it on your server.
- An intermediate certificate is also needed to be installed which ties yours SSL certificate with CA's root certificate.
The below image represent all the three certificate- Root, Intermediate, and Server Certificate.
How SSL certificates are verified
SSL works through a combination of programs and encryption/decryption routine that exist on the web server computer and web server browser.
SSL certificate basically contains below information.
- Subject which is the identity of the website owner.
- Validity information- a public and a private key.
The Private and public key are two uniquely related cryptographic keys (numbers). Whatever is encrypted by a public key may only be decrypted by a private key.
When a secure connection is not established between the server and client due to the certificate, following SSL certificate error will be manifested.
Types of SSL Certificate Error
Suppose you type some https request in the browser and get a message such as "This connection is Untrusted" or the "The site's security certificate is not trusted" depending upon the browser you are using. Then such error is subject to SSL certificate error.
Now, if the browser is unable to establish a secured connection with the requested certificate, then the browser will throw "Untrusted Connection" exception as below and ask the user to take appropriate action.
The types of error you likely to see due to certificate in different browsers may be somewhat like this
- FireFox - This connection is untrusted
- Google Chrome -This site security is not trusted
- Internet Explorer ( IE) - This security certificate presented by this website was not trusted by a trusted certificate authority (CA)
How to handle SSL Certificate Error using Selenium Webdriver
Suppose we have written some test scripts and while executing the script, we caught in the situation as "Untrusted Connection" above then how do we handle the exception purely through automation.
In such case, we have to adjust our script in such a way that it will take care of SSL Exception by itself.
The scripts need to be modified according to the type of browser instance we are using. These when desired capabilities comes in picture.
Desired Capabilities is used to configure the driver instance of Selenium Webdriver. Through Desired Capabilities, one can configure all driver instance like ChromeDriver, FirefoxDriver, and Internet Explorer.
As of now we don't have any specific URL to create the above scenario, but I am providing steps that we can add in the Selenium Script to handle the above situation "Untrusted Connection."
SSL Certificate Error Handling in Firefox
For handling SSL certificate error in Firefox, we need to use desired capabilities of Selenium Webdriver and follow the following steps.
Step 1): First we need to create a new firefox profile say "myProfile". You can refer google to learn "How to create" firefox profile. It is simple and easy.
Step 2): Now access myProfile in the script as below and create the FirefoxProfile object.
ProfilesIni prof = new ProfilesIni() FirefoxProfile ffProfile= prof.getProfile ("myProfile")
Step 3): Now we need to set "setAcceptUntrustedCertificates" and "setAssumeUntrustedCertificateIssuer" properties in the Fire Fox profile.
ffProfile.setAcceptUntrustedCertificates(true) ffProfile.setAssumeUntrustedCertificateIssuer(false)
Step 4): Now use the FireFox profile in the FireFox driver object.
WebDriver driver = new FirefoxDriver (ffProfile)
Note: "setAcceptUntrustedCertificates" and "setAssumeUntrustedCertificateIssuer" are capabilities to handle the certificate errors in web browsers.
SSL Certificate Error Handling in Chrome
For handling SSL error in Chrome, we need to use desired capabilities of Selenium Webdriver. The below code will help to accept all the SSL certificate in chrome, and the user will not receive any SSL certificate related error using this code.
We need to create instance of DesiredCapabilities class as below:-
DesiredCapabilities handlSSLErr = DesiredCapabilities.chrome () handlSSLErr.setCapability (CapabilityType.ACCEPT_SSL_CERTS, true) WebDriver driver = new ChromeDriver (handlSSLErr);
SSL Certificate Error Handling in IE
Unlike handling SSL certificates in Chrome browser and Firefox, in IE, you may have to handle it using javascript.
To handle SSL certificate in IE, you can handle this situation in two ways,
- In this, you will click the link "Continue to this website (not recommended)". In the following we will see how to handle SSL error in IE.
Observe SSL certificate error in IE browser you will find "Continue to this website (not recommended)" link.This link has ID "override link".You can view the ID in HTML mode using F12.
Click on the link using driver.navigate() method with JavaScript as below :-
driver.navigate ().to ("javascript:document.getElementById('overridelink').click()");
- The second method is quite similar to chrome SSL Handling code
DesiredCapabilities capabilities = new DesiredCapabilities(); capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true); System.setProperty("webdriver.ie.driver","IEDriverServer.exe"); WebDriver driver = new InternetExplorerDriver(capabilities);
The above code will help to handle SSL certificate error in IE.
No comments:
Post a Comment