Q18 of 37 · Selenium
How do you handle SSL certificate errors in tests?
Short answer
Short answer: Set browser options to accept insecure certs: `ChromeOptions.setAcceptInsecureCerts(true)` (or the Firefox equivalent). This bypasses the 'your connection is not private' interstitial. Use it only against test environments, never against production.
Detail
When a browser hits an HTTPS page with a self-signed or otherwise invalid certificate, it shows the "Your connection is not private" interstitial — Selenium can't click through it without help.
The fix is a browser capability:
ChromeOptions options = new ChromeOptions();
options.setAcceptInsecureCerts(true);
WebDriver driver = new ChromeDriver(options);
acceptInsecureCerts is a W3C-standard capability — Firefox and Edge use the same flag. The browser bypasses the interstitial silently for the entire session.
When you'd need this:
- Local dev environments with self-signed certs (
https://localhost). - Staging environments that share certs with prod and have hostname mismatches.
- Test environments behind a corporate proxy that rewrites TLS.
When you should NOT use it:
- Against production. If the cert is genuinely invalid in prod, you want the test to fail loudly — that's a real bug.
- As a default. Set it conditionally based on environment so a misconfigured prod test doesn't silently accept a bad cert.
A cleaner alternative for local dev: install a trusted root CA via mkcert and use a properly issued local certificate. Tests run against valid HTTPS, and you avoid the dependency on acceptInsecureCerts entirely. acceptInsecureCerts is the quick fix; mkcert is the right one for long-running local setups.
// EXAMPLE
ChromeOptions options = new ChromeOptions();
// Conditional: only bypass certs in non-prod environments
if (!System.getenv("ENV").equals("prod")) {
options.setAcceptInsecureCerts(true);
}
WebDriver driver = new ChromeDriver(options);