Michael Yin

Michael Yin

I'm a passionate Python developer from China and write about Wagtail/Django and Scrapy. I am also available to be hired for remote jobs. Read more about me.

PhantomJS fail to open HTTPS site

Last updated on by michaelyin

Intro

When I develop automation tool based on phantomjs, it can not open some https website, so I spend some time to figure out how to solve this strange problem.

Solution 1

You can use the command option --ignore-ssl-errors=true of phantomjs to make it ignore the ssl error, so it can load the page

Solution 2

Solution 1 can indeed solve the problem but it can not make sure the https connection is secure, so if you care about the securety problem you need another way to get it done.

There are some points you need to know here:

1 Https is on top of the SSL/TLS protocol, which adding the security capabilities of SSL/TLS to standard HTTP communications

2 If a ca is trusted by a user, then the website which signatured by the ca will also be trusted

3 Not all program share the single one location which manage ca certificate, so in some cases, some websites displayed well in your web browser, but can not work well in your system tool such as curl, that is because the curl use the system ca locatioin, but the web browser usually manage ca certificate on its own.

Here is an simple example, try to open https://www.renrendai.com/loginPage.action in your browser, and try to open it by shell command curl https://www.renrendai.com/loginPage.action, you can see curl will raise an error because the ca certificate is not in you ca location.

Phantomjs doc have said it will use system ca certificate by default. So we now have two option. One is import the ca certificate into the system location, the other is use --ssl-certificates-path= change the location used by Phantomjs. I will choose first one.

Export ca certificate

Now we need to get the ca certificate first, open your browser, type in the https address, and click the address and a window popup just like this

Click the certificate infomation to see the detail about the certificate

Click detail, and you can see the Certificate Hierarchy, You need to export the every certificate in the Certificate Hierarchy, so in this example you need to export 4 file

Open the exported file with text editor, you can see the first line and last line is -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- and the content is base64 coded, in some relevent doc this format is called .crt(certificate)

Import the crt to system

every system has its own way to manage system certificate, in my ubuntu, here is what I do

#/usr/share/ca-certificates/ is the system location for ca certificate
sudo mkdir /usr/share/ca-certificates/extra

#copy the exported crt file to the system location
sudo cp ./ /usr/share/ca-certificates/extra/

#choose what you want to add and enter and ubuntu will update the relevent file
sudo dpkg-reconfigure ca-certificates
Simple test now!

Use curl to make a quick simple test if cert is added successfully then you will see the html output.

Reference:

Adding CAcert root certificate to Debian/Ubuntu - properly

Installing a root/CA Certificate

Send Me Message

Tell me more about your project and see if I can help you.

Contact Me