06-08-2012 06:56 AM
Using Webinspect 9.20
Attempting to record a login marco for an internal site using an SSL certificate signed by our internal CA.
"domainIamscanning.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown."
If I click "add an exception" and check "permanently store this exceptioin" it doesn't stick.
I have also installed our Root and Intermediate certificates into the respective Windows Certificate Store and restarted WebInspect. It still refuses to trust the cert.
06-08-2012 07:33 AM
Update: I've also tried adding the root and intermediate certificates by launched the browser in the HP hive. It doesn't seem to carry over while in WebInspect...which seems odd.
04-17-2013 08:34 AM
WebInspect does not use the IE browser, but its own internal-yet-equivalent one, and this includes the acceptance of certificates. In actual use, the scanner simply accepts all certs and moves on, as its aim is to scan and not be a safe browser.
The complication here may be in the Macro Recorder and the replay of your Macro. I would record the macro, but then mark any certificate acceptance sessions as "Optional". With this edit, those sessions can either be present or not during the actual replay of the Macro during the live scan, and it will not affect the replay.
-- Habeas Data