Top Rounds
[Hide Navigation]

HTTPS/SSL sites ·

Sahi supports HTTPS out of the box. Sahi Pro eases the pain by automatically accepting SSL certificates. Sahi ships with a root certificate and all other certificates will be signed by this root certificate, making SSL testing absolutely smooth.
But, for some reason if the browser reports a certificate error as shown below, then you will need to import the root certificate to the “Trusted Root Certificate Authorities” store.

error message

To import the root certificate, click on the “SSL” link on dashboard.

  1. Sahi first tries to import the certificate with “certutil” command available on Windows.

  2. If Step 1 fails, Sahi then tries to import the certificate through Java. At this point you should be able to see this screen

    security warning

    Click “Yes” to import the certificate.

  3. If Step 2 fails, Sahi will then try a direct import. Follow these steps.
    direct import

    import wizard

    import location

    completing import

    Security Warning

    This should import the certificate successfully.

    Once done, you should be able to access your HTTPS/SSL site.

  4. For Sahi Open Source

    • Make sure that your browser is using Sahi as its proxy for “Secure” or “SSL Proxy” too.
    • Look at “Is keytool available” under “Java” section on the “Info” tab of the Controller. If you are unable to get the Controller up on an HTTPS site, go to an HTTP site and bring up the Controller.
    • If “Is keytool available” is false, add <java>/bin to your PATH variable. (Details on adding Java/bin to Path), or specify the full path to keytool.exe in <sahi>/config/ keytool.exe is present in the <java_home>/bin directory

    For eg. you could do

    PATH=C:\Java\bin;%PATH% start_sahi.bat

    to add java\bin to the path before you start Sahi.

    Sahi Controller - Recorder tab

    • Navigate to the HTTPS site. If the above instructions have been followed, you will get a page which warns you that the certifcate is incorrect. On Firefox , click on “Add Exception” and then “Confirm Security Exception”. The web site will then be displayed.

    • At this point, the website which has been displayed may not work properly if it fetches css and javascript files from another https domain or sub-domain. The Controller will also not come up with ALT-DblClick.

    Sahi Controller - Recorder tab

    • You will now see a list of domains that Sahi has created certificates for. Some of them will be red and some green. Click on the red ones, and you will get the same certificate dialog which you would need to accept. Once you have accepted the required certificates on the browser, you should be able to navigate properly to the web page.

    NOTE: It is possible that there are some domains/subdomains that are “hidden”. They may be used to fetch css, javascript and other artefacts. These certificates also need to be accepted via the SSLManager if your site has to work well. If your browser hangs, or the web page looks different than normal, or shows javascript errors, it may be because of these unaccepted certificates.

    Follow the steps in these video for accepting SSL certificates on
    Internet Explorer 8, 9
    Internet Explorer 7 or before.

    HTTPS sites hang during record or playback (OLD – for Forefox 2 only)

    This may happen if there are multiple certificate dialogs being opened by the browser at the same time. When trying to automate HTTPS sites, first do a dry pass of the site with the proxy on, but without bringing up the controller. Only bring up the controller for record/playback after all certificates have been accepted. This used to happen on Firefox 2.

    Creating certificates manually:


    If the certificates do not get created in sahi/userdata/certs folder, you can follow these instructions to manually create the certificates. These instructions will appear on the Sahi proxy console if there was some problem in creating certificates.

    ——————————HTTPS/SSL START——————————

    Sahi is trying to create a certificate for domain:
    If you are unable to connect to this https site, do the following:
    Check on your filesystem to see if a file like
    has been created.
    If not, then create it by running the command below on a command prompt.
    Note that you need ‘keytool’ to be in your path.
    keytool comes with the JDK by default and is present in <JAVA_HOME>/bin.
    Once you create that file, ssl/https should work properly for that site.

    ———-COMMAND START———-

    keytool -genkey -alias -keypass sahipassword -storepass sahipassword -keyalg RSA -keystore D:\sahitest\sahi\certs\sahi_example_com -dname ", OU=Sahi, O=Sahi, L=Bangalore, S=Karnataka, C=IN"

    ———-COMMAND END———-

    The files in certs can be copied over to other systems to make ssl/https work there.

    ——————————HTTPS/SSL END——————————


    Since 2008, we changed the dummy domain name that sahi uses to If SSL used to work properly but has now started becoming slow, clear the files in <sahi_dir>/certs directory, and let Sahi make new ones again, by accessing those sites.

    Some trivia about domains.


Top Rounds