4

I have tried and searched almost everything but still didn't find an answer to import a root CA into chromedriver while running my Selenium test.

Small background info: I am running regression tests with Selenium and chromedriver. My goal is to let these functional tests pass through Zed Attack Proxy. Since the webapplication uses https I need the Zed Attack proxy certificate imported in the chromedriver so it would trust Zed Attack Proxy to decrypt requests passing by.

FYI, this problem cannot be solved by ignoring-certificate-errors because this won't decrypt the requests but simply ignore it.

Any help is appreciated!

Selenium Noob
  • 41
  • 1
  • 2

1 Answers1

0

The only documentation I know of is https://github.com/SeleniumHQ/selenium/wiki/Untrusted-SSL-Certificates but that only covers firefox :/ I believe you can specify existing Firefox profiles with Selenium, so maybe you can do the same with Chromium ones? If so can you import the cert into a new profile 'manually' and then use that for your testing?

Update, I've also found this: https://unix.stackexchange.com/questions/122753/chrome-certificate :)

Community
  • 1
  • 1
Simon Bennetts
  • 5,479
  • 1
  • 14
  • 26
  • Thanks Simon, i will try to manually import the cert in a Firefox profile. I'll let you know if it worked out. – Selenium Noob Jan 13 '16 at 19:12
  • I think I'm quite close to the solution. I've added the zap root CA to the database of the default firefox profile on my Ubuntu. I have also set the proxy settings of ZAP in the prefs.js file in this default profile. When I start Selenium I am loading up this profile. This works fine, the profile is loaded and the HTTP request are passed through my ZAP instance. But however, I still can't see any HTTPS requests. :(. Is there maybe anything I am missing? FYI I am using Firefox instead of Chrome now for testing. – Selenium Noob Jan 14 '16 at 11:16
  • FYI I can confirm that the correct default profile is loaded when I start Selenium since the correct proxy settings are loaded. But somehow it doesn't use the certificate of ZAP to decrypt the HTTPS requests. – Selenium Noob Jan 14 '16 at 11:20
  • Have you set the ZAP cert as a Certificate Authority? If not you'll need to do that, its not enough to just be in the cert db. – Simon Bennetts Jan 14 '16 at 11:25
  • Yes i believe I did, i've used following command: sudo certutil -A -t "CT,C,C" -n "OWASP Zed Attack Proxy Root CA - OWASP Root CA" -i owasp_zap_root_ca.cer -d .mozilla/firefox/pc6r9ki5.default – Selenium Noob Jan 14 '16 at 11:26
  • I've also tried with -t TC. And FYI i've double checked that i'm importing the correct root CA. I've tried it multiple times with newly generated certs. – Selenium Noob Jan 14 '16 at 11:29
  • No idea then :( Try asking on one of these maybe? http://www.seleniumhq.org/support/ – Simon Bennetts Jan 14 '16 at 11:34
  • I will try thanks. The source of the problem is that firefox isn't using this certificate store. – Selenium Noob Jan 14 '16 at 11:36
  • I think I finally know what the problem is. I see that before the regression test starts Firefox makes a request to ocsp.digicert.com to validate the Root CA's status. And therefore the OWASP cert fails probably. I need to find a way to disable this request. – Selenium Noob Jan 14 '16 at 12:24
  • Simon, i've got it working!! I am a complete noob, i didn't set network.ssl.proxy host and port, only http :(:(! Rly stupid, but rly happy it is working! – Selenium Noob Jan 14 '16 at 13:02