Insecure certificate

Jump to:

The insecure certificate error is a WebDriver error that occurs when the remotely controlled browser hits a certificate warning of any kind. This is usually the result of navigating to a website with an expired or invalid TLS certificate. Examples of invalid certificates include self-signed, revoked, and cryptographically insecure certificates.

Web browsers prevent and block traffic to domains with broken certificates since the communication with the server would be compromised. It is strongly recommended to fix the certificate situation instead of disabling certificate checks, even in test environments.

WebDriver does offer an acceptInsecureCerts capability for disabling certificate checks for the length of the session’s duration, but it is important to emphasize that its use is highly discouraged and that using it is widely considered a weakness of the test environment.

Example

This is what will happen when navigating to a domain that has a self-signed TLS certificate using the Python client:

from selenium import webdriver
from selenium.common import exceptions

session = webdriver.Firefox()
try:
    session.get("https://self-signed.badssl.com/")
except exceptions.InsecureCertificateException as e:
    print("Hit insecure cert on {}".format(session.current_url)

Output:

Hit an insecure cert on https://self-signed.badssl.com/

See also

Document Tags and Contributors

 Contributors to this page: ato
 Last updated by: ato,