Tuesday, October 15, 2013

SlimerJS: getting it to work with self-signed HTTPS

SlimerJS (as of 0.8.3) lacks the commandline options of PhantomJS to say "relax about bad certificates". Unfortunately the self-signed SSL certificate, that developers typically use during development, counts as a bad certificate.

Here are the steps needed to handle this:

1. slimerjs --createprofile AllowSSL
  Make a note of the directory it has created.
  (You can call your new profile anything, "AllowSSL" is just for example.)

2. Go to normal desktop Firefox, browse to the URL in question, see the complaint, add it as a security exception.
  Chances are, if you have been testing your website already, that you've already done this and you can skip this step.

3. Go to your Firefox profile, and look for the file called "cert_override.txt". Copy that to the directory you created in step 1.

4. Have a look at the copy you just made of "cert_override.txt".
  If it only has the entry you added in step 2, you are done.
  Otherwise, remove the entries you don't want.
  (The file format is easy: one certificate per line.)

5. Now when you need to run slimerjs you must run it with the "-P AcceptSSL" commandline parameter.
  E.g. "slimerjs -P AcceptSSL httpstest.js"

If you are using SlimerJS with CasperJS (requires CasperJS 1.1 or later), do the same, e.g.
   casperjs test --engine=slimerjs -P AcceptSSL tests_involving_https.js


Roger Qiu said...

What's inside the certificate override text file? Is it just a list of urls? I don't have a site with self signed ssl available to test.

Darren Cook said...

I couldn't reliably tell you the format: it is tab-separated, the first is IP address, the 3rd looks like the SSL cert fingerprint, but I don't know that the other 4 fields are.

But, anyway, if you don't have the certificate override file (after browsing the site manually with Firefox), then you don't need to do anything (i.e. SlimerJS should be working without complaint). (?)

SwCharlie said...

The problem is, the website in question doesn't provide an option to add as an exception, when visiting it manually from my computer. Also, it is not already an exception in the cert_override.txt file.

CasperJS/SlimerJS is installed on a VPS where I cannot directly access Firefox as a normal user. When trying to visit the site via the VPS command line (via CasperJS), then only does it give an option to add exception, but when doing so, it says "You should not add an exception if you are using an internet connection that you do not trust completely or if you are not used to seeing a warning for this server. If you still wish to add an exception for this site, you can do so in your advanced encryption settings". How do I access these setting via a VPS?

Darren Cook said...

+SwCharlie I don't know off-hand. It might be worth asking your question on StackOverflow, with the slimerjs tag.
My best idea at the moment is to install exactly the same distro as your VPS on a local machine so that you can get the same error as on your VPS, but are also able to run Firefox.