Can I use this package to validate the testing website has a valid certificate?

[xiangcong]

Hi,

Just want to confirm if I can use this plugin to test if the testing website has a valid certificate? We encountered into a case where our certificate is not valid, while cypress didn't detect that

Thanks

[bjowes]

In principle yes, even though using this plugin only for that seems a bit overkill. Cypress has disabled the certificate validation by default, just as you have experienced. The plugin has not disabled certificate validation, so the connection will fail unless the target site has a valid certificate.

[xiangcong]

Thanks for sharing the info. Is it possible to enable the certificate validation in cypress? otherwise do you have any suggestion? Since you mentioned this plugin for certification validation purpose only maybe a bit overkill, appreciate if you can share more info. Thanks!

[bjowes]

I think it would be quite simple to validate the cert outside cypress. Doing it inside cypress is probably complex, I believe that cypress is designed on the assumption that cert validation is disabled. When cypress accesses a https site it is actually a MITM proxy, similar to what this plugin does. This means it has to fake certificates for the https sites. To avoid the complexity of generating "valid" fake certs, cypress disables the cert validation in the browser.

Outside cypress, you could for instance use curl, or a Node package like axios, to perform a request against the site you want to validate. The request will fail if the cert check fails.

[xiangcong]

Awesome! Super professional and helpful, thanks a lot!