- Public Certificates: (Virtual Cloud Only) There is a new Sauce Connect command-line argument that allows users to require that Sauce Labs internal tunneling infrastructure uses Certificates signed by a Certificate Authority (CA) rather than self-signed certificates.
- The new option is as follows: "--tunnel-cert public" (without the quotes).
- The Operating System on which SC runs needs to have its certificate store set up correctly. Here are some details per Operating System:
- OpenSSL stores CA certificates, which are accessed by the Sauce Connect Client
- The default OpenSSL certificates directory can be found using: openssl version -d
- Set the SSL_CERT_DIR environment variable to this folder or another containing certificates in PEM format
- You can also set the SSL_CERT_FILE environment variable to a file of certificates in PEM format
- The command line to update certificates is: update-ca-certificates
- Certificates will be read from the MacOS Keychain Access automatically
- Alternatively, if the Homebrew OpenSSL package is installed, the default cert.pem file can be used: `--tunnel-cainfo /usr/local/etc/openssl/cert.pem`
- Public Certificate Support for Real Device Cloud and Headless Cloud are coming soon!
- Note that Sauce Labs has never considered using self-signed certs on our internal tunneling infrastructure to be a security risk because our public signing key is pinned inside of Sauce Connect client. However, some customers' security scans flag the internal self-signed certs, and we are doing this to satisfy these customers and as a best practice.
- The characters used in Tunnel identifiers must now be only ASCII, so that the Sauce Labs WebUI will work correctly
- We removed the ANSII color codes from the Sauce Connect log, for readability reasons