Twistpublic

General Discussion

General discussion on using Twist including questions and tips

This is a public Discussion Area  publicRSS

Post

    James O'Sullivan
    Secure Connection Failed
    Post posted October 1, 2008 by James O'Sullivan
    3321 Views, 5 Comment
    Topic:
    Secure Connection Failed
    Body:
    I’ve been trialing Twist and I’ve impressed so far. My Java experience is limited, but my primary language (C#) is enough like it for me to get up and running quickly. My initial Twist project is using Selenium and Firefox and I’ve just switched over one of my tests from using HTTP to HTTPS, but I’m now getting the following issue: [my server name] uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired. (Error code: sec_error_expired_issuer_certificate) When I try to add an exception, the certificate that it’s trying to use isn’t the correct certificate. It appears to be signed by CyberVillainsCA. Note: I’m using a self signed certificate. Any ideas? Thanks

    Comment

    • Vivek Prahlad
      posted October 2, 2008 by Vivek Prahlad

      James, thanks for trying out Twist!

      Under the covers, Selenium uses javascript to control the browser, and that means that for every web page served, the HTTP response has to be modified in order to inject Selenium’s javascript code.

      Now HTTPS is designed to prevent the response from being modifed in any way, so the Selenium server generates dummy certificates. The Cybervillains certificate is actually bundled with Selenium. When Selenium is run in proxy injection mode, all HTTP / HTTPS requests are routed via the Selenium proxy server.

      Basically, it is down to two choices:
      a. If you’re using proxy injection mode, then the CyberVillains certificate will need to be imported, or, (the downside is that this is a potential security risk, do take a look at this page from the Selenium documentation).
      b. If you’re not using proxy injection mode, then the Chrome option (which essentailly launches Firefox with elevated security privileges) should work.

      (BTW, in case you’re using Twist’s recorder, the recorder currently works with Firefox in proxy injection mode)

      Hope this helps!

    • James O'Sullivan
      posted October 3, 2008 by James O'Sullivan

      Thanks for the explanation Vivek. We are going to be using the recorder in part, so I’ll check out the certificate work around.

      Out of interest are there plans to make the recorder work with Chrome?

    • Ketan Padegaonkar
      posted October 7, 2008 by Ketan Padegaonkar

      James,

      As of now, there are no plans to add recording support for more browsers.

      Just out of curiosity, why do you wish to record using chrome? Selenium does allow you to run the recorded code on multiple browsers. Am I missing something here ?

    • James O'Sullivan
      posted October 15, 2008 by James O'Sullivan

      Ketan,
      The thought of using Chrome for recording was based on the information Vivek supplied about the potential security risk of importing the CyberVillians certificate.

      For the time-being we’ve chosen not to test over HTTPS.

      With regards to using multiple browsers, I definitely would like to be able to do that. I didn’t see a way to set that up in Twist.

    • Ketan Padegaonkar
      posted October 15, 2008 by Ketan Padegaonkar

      James,

      Using a different browser would involve changing the properties in the file “twist.properties”. This should be visible in the source directory.

      We’re working on making this more usable in the future releases.