Securing Sahi for Enterprise
sahi.example.com. This is a dummy domain which is understood only by the Sahi proxy.
Sometimes, for adhering to security policies of an organization, one may need to change this domain to an internal one like
To do this:
- Open userdata.properties file by either clicking on Sahi Dashboard -> Configure -> userdata.properties, or by opening
sahi/userdata/config/userdata.propertiesin a text editor.
- Restart Sahi, clear browser cache.
Now the start page, Controller etc. should be using
Sahi comes with its own SSL root certificate, with which all other website certificates are signed. When the browser sees these certificates, it accepts them because we have already accepted the root certificate once.
This may be a security risk in rare cases of DNS poisoning or if the machine has been hijacked. One way to preempt this is to create your own local root certificate and provide it to Sahi.
- Open a command prompt, cd to
sahi_pro/certgenand run create_root.bat. It will ask for a few prompts, you can either just press enter and accept the defaults or change the parameters.C:\> cd C:\sahi_pro\certgen C:\sahi_pro\certgen> create_root.bat...Country Name (2 letter code) [IN]: US State or Province Name (full name) [Karnataka]: Georgia Bangalore : Atlanta Sahi [Sahi]: MyCompany Organizational Unit Name (eg, section) : Marketing Sahi : MyCompany CA email@example.com : firstname.lastname@example.org
This will create 2 files
sahi_pro/certgen/X509CA/ca/new_ca.crt sahi_pro/certgen/X509CA/ca/new_ca.derinfo Accepting defaults will make it easier to deploy the solution on other machines.
sahi_pro/userdata/certgenfolder. On the next start of Sahi, this folder will be recreated.warning Delete
If you change any of the default properties in step 1, search for
-dname "CN=$DOMAIN_NAME, OU=Sahi, O=Sahi, L=Bangalore, S=Karnataka, C=IN"
sahi_pro/certgen/create_certificate.shand modify it accordingly.
Eg. for the values provided in Step 1, we need to use
-dname "CN=$DOMAIN_NAME, OU=Marketing, O=MyCompany, L=Atlanta, S=Georgia, C=US"
Restart Sahi. The
sahi_pro/userdata/certgenwill be recreated. Now Sahi is ready with the new root certificate.
sahi_pro/config/ff_profile_templateas a template. To configure Firefox with the new root certificate, do
- Delete all folders in
- Restart Sahi Pro
- Launch a Firefox instance from the Dashboard.
This will launch Firefox with profile
- Import the newly created root certificate into firefox. Now this particular Firefox profile has the root certificate installed.
To make this certificate work for all profiles, we need to copy the relevant modified files into the template profile.
(Take a backup of the older files and overwrite)
- Again delete all folders in
- Restart Sahi. Firefox profiles will be recreated.
Copy the following folders and files:
sahi_pro/certgen/X509CA/ca/ sahi_pro/certgen/create_certificate.bat sahi_pro/certgen/create_certificate.sh sahi_pro/config/ff_profile_template/
- Restart Sahi Pro. The Sahi Pro installation should now be using the custom root certificate.