Selenium and SSL Certificates


Selenium is a very efficient tool for testing web sites. The Selenium-IDE, that comes as a plugin to Firefox, makes it easy to record the required steps of a test. And to achieve real test automation Selenium is often integrated with some agile testing tool like the Robot Framework that comes with its own implementation of the Selenium API.

But the automated testing of web sites is thwarted heavily once a page is opened that is signed with SSL, but where the certificate has not been authorized properly. The browser slams on the brakes and opens a dialogue asking the user to accept the certificate. This is of course not a desirable behaviour for an automated test.

And at the same time this is the first pitfall, because on first sight it seems the problem can be solved easily by accepting the certificate permanently during the first test execution. But already the next test run will show that this is not the case as the dialogue will show up again. The reason for this is originated in the fact that Selenium is creating a new temporary profile for Firefox on every startup. This has the advantage that deadlock situations are avoided and there are no (potentially strange) plugins used that might have impact on the test results. But how to solve now our problem with the certificates?

Luckily the solution is quite simple and is as well based on profiles. First of all a new profile has to be created and then Firefox must be launched using this new profile. Then the SSL-signed web sites must be opened and the certificates accepted parmanently. Afterwards all files should be deleted from the directory storing the profile with the exception of those files containing the information on the accepted certificates. Now it is possible to lauch the selenium server using this new profile as a kind of template, which means that files in this profile are overriding the corresponding files in the temporary directory. With this kind of configuration tests for the SSL-signed web sites should pass without any problems (and nasty dialogues). Of course it is now possible to start Firefox with this profile at any time to accept additional certificates. But it should be ensured that afterwards the newly created additional files are again removed from the profile directory.

The profile that is created this way should not be used to daily work but really only for testing. This ensures that the “test-profile” is kept clean. Once work (accepting certificates) is done using this profile one should switch back to ones original (default) profile.

In the following the concrete steps are listed to achieve the required configuration.

1. Create a new Firefox profile
For this Firefox must be started from the command line using the “-P” option. Under windows with a default installation this would be:
“C:\Program Files\Mozilla Firefox\firefox.exe” -P

In the dialogue that shows up a new profil needs to be created. The chosen name does not matter, but it should be ensured that the name of the chosen directory does not contain any spaces to avoid problems later on. Furthermore it might be a good idea to create the directory within the test project and put it under version control as well. An example for a proper name would be: C:\Subversion\Project\FF_Profile

It is really highly recommended to put those files under version control. This has the advantage that not every developer need to accept all the required certificates individually. Furthermore this enables an administrator to perform the required steps on the official test-server running selenium without the help of a developer by just creating a new profile and copy the files into the proper profile directory.

2. Accept certificates
Now Firefox can be started with the new profile. Then one has to browse to the required web sites to accept the certificates their permanently.

3. Cleaning the Profile
Now one must remove all files from the new profile directory but cert8.db and cert_override.txt.

4. Start Selenium-Server with profil template
Now the Selenium-Server can be started utilizing the new profile template:
java -jar selenium-server.jar -firefoxProfileTemplate

Or using the directory from the example above:
java -jar selenium-server.jar -firefoxProfileTemplate C:\Subversion\Project\FF_Profile

Of course all project-specific options should be set still when starting the Selenium-Server.

Long-term experience in agile software projects using
Java enterprise technologies. Interested in test automation tools and concepts.


  • tony

    I tried your solution and it worked for a while but now when my site comes up I get a 400 page error that reads:

    Could not proxy
    java.lang.RuntimeException: Couldn’t establish SSL handshake. Try using trustAllSSLCertificates. No subject alternative DNS name matching found.

  • Shalini

    Thanks a lot for the solution. I was struggling to run the RC because of this.

  • Rizwan

    7. August 2012 von Rizwan

    Hey can you tell me how can i do the same for chrome??
    I have tried everything but with chrome, even when i have a self signed certificate which works fine, with testing the same certificate shows issued by CyberVillans and somehow i can’t make it work. Please help

  • mun

    Hi Thomas,

    Thanks for your article. I tried the steps provided (step 1-4) but i still couldn’t get the trusted SSL page working. It still keep prompt me the “This Connection is Untrusted” page 🙁

    Below is the list of tools version that i’m using:
    – Robot Framework 2.8.1
    – Selenium Library 2.9.1
    – Firefox 28.0

    I tried also replacing the default selenium server from the selenium library to version 2.41.0 but still the SSL problem is still happening.

    May be you guys can help to look what’s wrong with my problem?


Your email address will not be published. Required fields are marked *