This week in our support email, firstname.lastname@example.org, we've seen a considerable number of cases of problems with Firefox and the Invalid Certificate warning thrown when a development environment is using the production's certificate for HTTPS URLs, which causes the browser to wonder about the website's identity.
If you do much browser-based testing, you have surely dealt with this situation more than once. In the manual testing world, you just tell your browser to add an exception for that certificate and ignore further errors, and you can forget about seeing that annoying warning anymore. But when you move on to automation in the Selenium world, things are not always that simple. In most browsers, adding a certificate exception will work, as Selenium shares the same session as the user and will find the exception as you do. In Firefox, though, Selenium RC creates a special profile each time the browser is started and there's no trail of the user settings in it. The workaround for this problem is to create your own Firefox profile, with the specific certificate added on it by hand, and then tell Selenium to launch the browser based on that profile. Another interesting approach, the one we take at Sauce Labs, where we can't do this kind of trick, because we just don't know which certificate the user will need before their test starts, is the use of RCE (Remember Certificate Exception), which is a plugin that will automatically detect the warning and make the browser go through it, returning the control to Selenium after 4 or 5 seconds. Notice that if you use this approach, you will need to make sure your tests will tolerate this 5 secs additional delay to open the page. Note: We currently support RCE in our Firefox 3.0 machines, and will be porting this extension to Firefox 3.5 soon. You can find more info about RCE on its plugin page or in the author's blog post. Update: Adam Goucher, one of the big minds in the testing world just wrote a blog post that we couldn't have written better ourselves about the first and most important advice regarding HTTPS and testing: Do yourself a favour and don’t test using HTTPS