> Why not set yourself up with a little CA, and issue all your certs from > it?
I should have qualified my query with more info. We are testing Juniper SSL VPN box, which can be configured via browser only - hence "web testing" automation in our case. So these daily builds are presented to us as a single package. And when you install a new build, a new self-signed cert is generated. If you need to install a real cert, you have to browse to the relevant admin page & install this cert. But all of this happens on https, that means you have to accept the self-signed cert atleast once before you can install the real cert. And in case of selenium the battle is already lost and hence this whole exercise. Most of our test bed is virtualized with Vmware Lab Manager - that means all the client machines images are deployed at runtime. We could probably circumvent this issue by sticking with a single vpn box and single client machine and run all our tests with incremental builds. But that'd defeat a very important goal of our automation framework - a dynamic test bed. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security