SAHI - HTTPS/SSL sites

Sahi supports HTTPS out of the box. Sahi Pro eases the pain by automatically accepting SSL certificates. Sahi ships with a root certificate and all other certificates will be signed by this root certificate, making SSL testing absolutely smooth.
But, for some reason if the browser reports a certificate error as shown below, then you will need to import the root certificate to the “Trusted Root Certificate Authorities” store.

To import the root certificate, click on the “SSL” link on dashboard.

1. Sahi first tries to import the certificate with “certutil” command available on Windows.


2. If Step 1 fails, Sahi then tries to import the certificate through Java. At this point you should be able to see this screen
   
   Click “Yes” to import the certificate.


3. If Step 2 fails, Sahi will then try a direct import. Follow these steps.
   
   
   
   
   
   This should import the certificate successfully.
   Once done, you should be able to access your HTTPS/SSL site.

In other cases:

• Make sure that your browser is using Sahi as its proxy for “Secure” or “SSL Proxy” too.
• Look at “Is keytool available” under “Java” section on the “Info” tab of the Controller. If you are unable to get the Controller up on an HTTPS site, go to an HTTP site and bring up the Controller.
• If “Is keytool available” is false, add <java>/bin to your PATH variable. (Details on adding Java/bin to Path), or specify the full path to keytool.exe in <sahi>/config/sahi.properties. keytool.exe is present in the <java_home>/bin directory
For eg. you could do
PATH=C:\Java\bin;%PATH% start_sahi.bat
to add java\bin to the path before you start Sahi.

• Navigate to the HTTPS site. If the above instructions have been followed, you will get a page which warns you that the certifcate is incorrect. On Firefox , click on “Add Exception” and then “Confirm Security Exception”. The web site will then be displayed.


• At this point, the website which has been displayed may not work properly if it fetches css and javascript files from another https domain or sub-domain. The Controller will also not come up with ALT-DblClick.

• Open another tab, and navigate to https://sahi.example.com/_s_/dyn/SSLManager . A similar SSL warning will appear. Accept it like before. The SSLManager page should now be visible.


• You will now see a list of domains that Sahi has created certificates for. Some of them will be red and some green. Click on the red ones, and you will get the same certificate dialog which you would need to accept. Once you have accepted the required certificates on the browser, you should be able to navigate properly to the web page.
NOTE: It is possible that there are some domains/subdomains that are “hidden”. They may be used to fetch css, javascript and other artefacts. These certificates also need to be accepted via the SSLManager if your site has to work well. If your browser hangs, or the web page looks different than normal, or shows javascript errors, it may be because of these unaccepted certificates.
Follow the steps in these video for accepting SSL certificates on
Internet Explorer 8, 9
Internet Explorer 7 or before.

• For auto acceptance of certificates, have a look at this forum post