Browsers Won't Load Page, or Display "Bad Gateway" or Security Warning for an HTTPS Site

Avatar
Permanently deleted user
  • Updated

The Problem

When you run tests against a HTTPS site, the browser shows "Bad Gateway", or a security warning, or just won't load the page you wanted.  This only happens for HTTPS sites or single page apps served over HTTPS.

The Reason

Many browsers, in their default state, reject traffic from sites with self-signed or invalid SSL certificates.  These kinds of certificates are quite common in test environments, but they're problematic for Selenium as they often cause a security warning which can't be dismissed by Selenium, blocking tests.

To circumvent this, Sauce Connect re-signs all HTTPS traffic with a certificate Sauce Labs has installed on every browser on its VMs.  In most cases, this allows customers to continue to test without generating warnings.

However, some HTTPS protected servers and sites reject the certificate Sauce Labs uses to sign traffic.  This prevents Sauce Labs browsers from navigating to the site.

The Solution/s

Both of the solutions to this problem rely on changing the command line options you pass to Sauce Connect when you start it running.  If you don't have the ability to change how Sauce Connect is run, you'll need to reach out to the team or department in your organisation who can make changes and ask them for assistance.

If the site is publicly accessible

The best way to avoid Sauce Connect re-signing traffic for publicly accessible sites, is to avoid Sauce Connect entirely.  You can pass a comma-separated list of domains to the '--direct-domains' flag, and any request for one of those domains will go straight through the internet, avoiding Sauce Connect.  This also has the bonus of slightly speeding up your tests!

For example, to avoid Sauce Connect for the domain dancepants.com, any subdomain of kittenswithmittens.com, and www.theinternet.com, you'd add the following to the rest of your Sauce Connect startup command:

--direct-domains dancepants.com,*.kittenswithmittens.com,www.theinternet.com

If the site is not publicly accessible

You can pass a comma-separated list of domains to the '--no-ssl-bump-domains' flag, and any request for one of those domains will be passed directly through Sauce Connect without being re-signed.

For example, to avoid Sauce Connect re-signing the domain dancepants.com, any subdomain of kittenswithmittens.com, and www.theinternet.com, you'd add the following to the rest of your Sauce Connect startup command:

--no-ssl-bump-domains dancepants.com,*.kittenswithmittens.com,www.theinternet.com

 

Products

Global Tools

Set Up And Integrate

Resources

Company

© 2023 Sauce Labs Inc., all rights reserved. SAUCE and SAUCE LABS are registered trademarks owned by Sauce Labs Inc. in the United States, EU, and may be registered in other jurisdictions.