Recording SSL

How it works

When browsing SSL sites your browser encrypts the information sent to the server where it is decrypted. Normally, if a proxy is used by the browser, the proxy does not encrypt/decrypt the transactions - it simply passes the encrypted information through. In order for Analyzer to record the transactions, the internal recording proxy works differently - it decrypts/encrypts the transactions.

 

To make this work, Analyzer generates a "fake" certificate and presents it to the browser as the certificate for the server. In normal situations, this is considered a security hazard -- so when the browser detects this situation, it will display a warning message stating that it cannot verify the identity of the server. This is a good thing! If it didn't, then other programs might do what Analyzer does in order to steal your personal information.

 

To proceed with recording, you can simply accept the certificate and continue with the recording. This will not adversely affect Analyzer's ability to record your session, but it might produce recordings with response times that are significantly longer than a normal user would see (because of the time it takes you to dismiss the warning dialog). If a site uses multiple servers (such as most large banking and e-commerce sites), the security warning may be displayed multiple times.

 

How to suppress the warning messages

Analyzer generates an internal root certificate that is used to sign all of the "fake" server certificates. This root certificate may be imported into your browser as a "trusted root certificate authority". This will allow your browser to automatically accept the certificates that are presented by Analyzer without displaying a warning message. Note that the internally generated root certificate is unique to your computer - this ensures that the certificate could not be used in a server-spoofing security breach (unless the attacker had already gained access to your computer and stolen the certificate).

 

To suppress the warning messages, two steps are required:

  1. Export the root certificate
  2. Import the root certificate into your browser

Exporting the root certificate

The root certificate may be exported in two different formats: CER or PEM. Most browsers will accept the CER format, so try it first.

 

  1. Start a recording
  2. When the Welcome Page appears, click the test your SSL configuration link
  3. Click the appropriate link to download the certificate in either CER or PEM format
  4. Save the certificate somewhere you can remember (e.g. your desktop)
  5. Follow the instructions for your browser on importing the certificate. We have included instructions for a few of the most popular browsers below. If your browser is not listed here, check the documentation for your browser.

 

note: the CER and PEM certificate files may be copied directly from the following folder (where <user> is your windows username) if the download links do not work:

C:\Documents and Settings\<user>\.webperformance

Internet Explorer 6.0

  1. Select Tools->Internet Options from the IE menu
  2. Select the Content tab
  3. Push the Certificates button
  4. Select the Trusted Root Certificate Authorities tab
  5. Push the Import... button to start the Certificate Import wizard
  6. Push the Next button
  7. Push the Browse... button and locate the certificate file where you saved it
  8. Then follow the Wizard to completion

 

After installing the certificate, you will see it listed under the name Web Performance. The certificate will expire in 10 years.

Firefox 1.5

  1. Select Tools->Options from the Firefox menu
  2. Select the Advanced icon
  3. Select the Security tab
  4. Push the View Certificates button
  5. Select the Authorities tab
  6. Push the Import button and locate the certificate file where you saved it
  7. Select the "Trust this CA to identify web sites" option
  8. Push the OK button

 

After installing the certificate, you will see it listed under the name Web Performance. The certificate will expire in 10 years.