HTTPS Selenium with Glassfish SocialSite for FireFox Browser

It took me ~4 days to figure out how to configure and run Glassfish  and  Socialsite  with HTTPS port so I think I'd better share my experience


Problem I had encountered
1. Glassfish V2 has a certificate alias name as s1as, not as localhost or machine-name!
2. SocialSite by default is installed as localhost, not machine name (eg, https://localhost:8181 not https://provence:8181)
3. The instruction to install CyberVillains CA and to run with "\*chrome" for firefox browser was not well written. There is not a single document to list a complete steps to configure and run Firefox browser with http and https interchangeable


Software Verions (I used selenium java with testng harness)
1. jdk 1.6
2. selenium-server-0.9.2-20070427.222534-49-standalone.jar
3. selenium RC 1.0 Beta1 for selenium-java-client-driver and selenium-java-client-driver-tests
4. testng 5-5-jdk1.5.jar
5. junit4.4
6. Browser FireFox 2.x (I'm having a problem to run with 3.x version so I recommend the 2.x)  My test was run fine on both Solaris and winXP platforms


Steps to Configure SocialSite Glassfish V2 to run with https
1. Download the latest selenium core server. Unpack the file and copy file selenium-server-0.9.2-20070427.222534-49-standalone.jar to your lib directory
2. Open the FireFox browser > go to Tool > Option > Encryption > View Certificates > Web Sites > click Import to import CyberVillianCA.cer file from the recently download selenium core server file
     Also, make sure Certificates option set to "Select one automatically"
3. Download the selenium remote control Beta1 version. Unzip the file and copy files selenium-java-client-driver and selenium-java-client-driver-tests to your lib directory
(Assume you already have Glassfish V2 and Socialsite software installed with machine-name, not localhost name)
4. Change certificate alias name from s1as to machine-name
        Run:  keytool  -changealias  -keystore  ...\\domain1\\config\\keystore.jks   -destalias    <machine-name>  -keypass  changeit   -alias   s1as
5. Replace all s1as entry in domain.xml file to <machine-name>
    (restart the server)
6. If your machine has a static IP, open hosts file, add a line with "IP address <machine-name>" (eg, 129.145.132.61   provence)
7. Start stand alone Selenium Server with firefoxProfileTemplate option
    Window:
          java -jar selenium-server-0.9.2-20070427.222534-49-standalone.jar   -firefoxProfileTemplate "C:\\Documents and Settings\\<userName>\\Application Data\\Mozilla\\Firefox\\Profiles\\<....>.default"
    Solaris:
          java -jar selenium-server-0.9.2-20070427.222534-49-standalone.jar   -firefoxProfileTemplate "/<userName>/.mozilla/firefox/<....>.default


Note:
    If you run your selenium with IE, it'd better to do the installation steps below:
         From Control Panel >  Internet Options > Content > Certificate > Trusted Root Certification Authorities > Import the CyberVillianCA.cer file



Comments:

Hmm, I did not have to do these steps because the common name (hostname) on SSL certificate and my test application hostname match. It is good that you are able to figure out how to resolve this problem.

Posted by Brian on September 24, 2008 at 04:12 AM PDT #

good job Davis, thanks for sharing your experience :-)

Posted by judy on October 14, 2008 at 11:03 AM PDT #

Davis,

Nice post. But I am a bit confused about why it is not acceptable to "alias" this certificate as "s1as". What GlassFish server calls it is irrelevant. I don't understand why the alias name of the cert must be same as the machine name. Note that the default cert that gets generated during GlassFish V2 domain creation process already has the CN (common name) same as the FQDN of the host.

Regards,
Kedar

Posted by Kedar Mhaswade on October 14, 2008 at 11:50 AM PDT #

Thanks for your comment, Kedar.
Even the CN has host name, as long as the key alias is different than the host name, when access to port 8181 from a browser, it's always asked me to confirm the authorization.

The Selenium test framework does not have a utility to by pass that Authority Confirmation dialog (automatically click at the OK button) so I have to change the alias to hostname.

Posted by Davis Nguyen on October 15, 2008 at 10:43 AM PDT #

how does one change the alias to hostname?
could you elaborate a bit on this?

Thanks..

Posted by Jatin Vij on October 17, 2008 at 04:55 AM PDT #

Hi Jatin,

Thanks for your comment.
I assumed you're using Glassfish V2 server. The certificate s1as alias is stored under the file ..\\<glassfish-install>\\domain1\\config\\keystore.jks

Use JDK 1.6 version command "keytool" to change it
Here is the syntax:
keytool -changealias -keystore ...\\domain1\\config\\keystore.jks -destalias <machine-name> -keypass changeit -alias s1as

Enter keystore password: changeit

-You can use the command below to verify the alias name before and after updated:
keytool -list -keystore ..\\<glassfish-install>\\domain1\\config\\keystore.jks

Posted by Davis Nguyen on October 17, 2008 at 05:23 AM PDT #

I'm using Selenium 1.0 beta 2. I tried everything reported on this post, and I couldn't get tests working on Glassfih using the certificate provided by Selenium. The only way is entering previously the tests to be run, and open the browser (in the case Mozilla Firefox) adding the certificate sent by Glassfish as security exception.
I'd like to run the tests (accessing HTTPS protected URLs) directly: just download the code, build, deploy, and test. Without needing entering Firefox to setup it to run selenium tests for those protected app resources.

I had the idea to share a Firefox profile folder that had already the security permissions set up. But as each GF installation has its own default certificate, it's impossible to share a unique profile that is already set up to enter diferent certificate protected app resources.

Then I thought this Selenium provided certificate would save my life. But I tried lots of things, and never could prepare Selenium/
Firefox/Glassfish to work this way.

Am I doing something wrong? Am I thinking wrongly?

Thank you for some response.

Posted by Marcus Pereira on May 29, 2009 at 07:08 AM PDT #

Marcus, Are you using GlassFish V2 server?
You don't have a problem to install CyberVillianCA.cer on the firefox browser? No expiration message?

Posted by Davis Nguyen on May 29, 2009 at 08:08 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

davisn

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today