Some sites customers are testing do not have valid SSL certificates. To combat this, Sauce Connect will automatically replace all SSL certificates with its own, trusted certificate. This is called SSL Bumping.
This occasionally causes problems for some sites, so it's possible to disable this feature for some or all domains. To begin with, Sauce Support will often suggest you turn it off entirely, by adding `-B all` to your Sauce Connect start up command.
This solves the problem of valid sites not working, but now the original problem might re-occur for any sites without a valid certificate.
Disabling SSL Bumping for a known list only
Sauce Connect lets you disable SSL Bumping for only the sites you want. You can do this by passing a list of domain names to the -B option. This list has no spaces and is separated by commas. For instance, if you wanted to disable SSL Bumping for first.com and second.com:
bin/sc -B first.com.second.com
Disabling SSL Bumping for all subdomains
The -B option allows you to disable SSL Bumping for any subdomain of a domain. You do this by placing * in place of the subdomain. For instance, if you want to disable bumping for alpha.company.com, beta.company.com and elsewhere.com:
bin/sc -B *.company.com,elsewhere.com
Finding the right list to disable
It is very common to use resources from third parties as part of web development. Because of this, you can't assume that the problematic sites under test are just those you're trying to test directly.
It is possible to find out experimentally, what sites Android is experiencing problems with when SSL Bumping. This is a tedious process, but is not difficult.
- Start Sauce Connect without the -B option
- Open a manual session for the site you're testing
- Click 'View Certificate' once you receive the certificate warning
- Check the domain name of the site the certificate is for in the displayed details and make note of it
- Close the warning and click 'Continue' once only
- If it seems like nothing happened, there's probably another certificate causing issues. Repeat steps 3 through 6 until the dialog disappears
- Stop the manual test
- Shut Sauce Connect down
Once you have a list of domains, you can pass them to the -B option as displayed above. Do not also add 'all' to this list.
You can then try your test again with your new list of bumped domains
- Start Sauce Connect with your new list passed to -B
- Repeat steps 2 to 8 above
If you experience more certificate problems, add those certificates to the list and repeat.
Now you should be ready to run automated tests through the Sauce Connect tunnel without certificate problems. If you find that later parts of your test are experiencing errors, you can use the same process to check what certificates are being problematic.
Is there an easier way?
Yes. If your site under test and all embedded resources use a properly installed, valid SSL certificate from a trusted certificate provider (Not self-signed) and are served correctly, you should be able to fully disable SSL Bumping.
Can Sauce Labs do this for me?
Sauce Labs can provide support for Bumping problems and advice, but is unable to construct the list of resources needing bumping. We are also unable to create or install a valid certificate for your site under test.
Why don't you install my SSL certificate in your environment?
Sauce Labs sessions are freshly cloned from base images intended to match a typical customer environment as closely as possible. We do not dedicate machines to customers, nor do we create custom environments.
in addition, while your development and test environment may have an invalid or self-signed certificate trusted, a typical customer's machine would not. To be as faithful as possible to 'real customer' experience, our machines operate the same way.