The Sauce Labs Cookbook

Sauce Headless

Front End Performance Testing


External Resources

More Info

Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

The security of Sauce Connect Proxy communication to both the Sauce Labs API and the virtual machine hosting your tests in the Sauce Labs cloud is managed through public key certificates.

For connection to the API, Sauce Connect Proxy uses certificates issued by certificate authorities, which are are integrated into the operating system of the machine where Sauce Connect Proxy is running.

For connection to the Sauce Labs virtual machines, Sauce Connect Proxy uses a self-signed certificate that is part of the application itself.

See the following sections for more information:

Table of Contents

Setting Revocation Information for SSL Certificate Verification

When securing Sauce Connect, be sure to whitelist these sites so that the Sauce Connect SSL certificates can be verified:


In addition to whitelisting these sites, you should consult the list of domains at the RapidSSL website and add them to your whitelist as well to make sure that Sauce Connect can connect to all appropriate certificate-issuing authorities.

Connecting to the Sauce Labs REST API

Connections to the Sauce Labs API go through The way in which Sauce Connect is able to access the certificates to secure the connection depends on the operating system of the machine where Sauce Connect is installed.


On Linux machines, Sauce Connect will look for the directory where the certificate bundle is installed, typically something like /etc/ssl/certs. If it can't find the directory, it will generate an error when trying to connect to the Sauce Labs API. 


On Windows machines, certificates are managed through the Security Support Provider Interface API over SChannel, which requires access to the OCSP and CRL URLs to verify certificates. If you have set up highly restrictive firewalls or proxies on the machine where Sauce Connect is running and it can't connect to these URLs, you'll get an error when attempting to connect to the Sauce Labs API. 


On OS X machines, certificates are pre-installed as part of the Trust Store and are accessible through the Keychain. If Sauce Connect is installed on an OS X machine, no troubleshooting should be necessary as long as it can access the Keychain. 

Tunnel Connection to the Sauce Labs Virtual Machine over SSL/TLS

Connections from Sauce Connect to the virtual machine that run your tests on browsers in the Sauce Labs cloud are managed through the SSL/TLS protocol, and a Sauce Labs self-signed certificate that is included in the application. If you would like Sauce Connect to use public certificates, you must use Sauce Connect client version 4.5.4 or higher, and use the tunnel_cert: public command line option. 

More Information