powered by Jive Software

I want to disable HSTS for Admin Console

My certificate has expired so I would like to renew it but I can’t get in to the web interface to do so - HSTS is enabled …somewhere… and this seems to be something that neither Firefox nor Chrome will allow me to work around [because they know better than me]. I have managed to do this by firing up an old XP VM with an ancient Firefox in that doesn’t care about HSTS.

It took me ages to work out what’s going on here - Firefox and Chrome both stubbornly redirect http://server:9090 to https://server:9090 [which can’t work], yet wget was fine.

So, can I disable HSTS for the admin console?

Openfire doesn’t do HSTS at all, as far as I know. Maybe this is a local policy, or a proxy server of sorts that’s messing with your requests?

Hmm. No proxy between me and the server. No “local policies” that I know of - I manage my laptop myself and HSTS just isn’t something that it would make sense to arbitrarily impose on a website. I look after hundreds of embedded devices with untrusted certs on for management so unilaterally deciding to use HSTS on my part would make my job impossible.

A bit more testing has revealed that visiting https://server:9091 is the “trigger” here - If I create a new profile in the browser I can use https://server:9090 just fine, until I use hxxps://server:9091, then :9090 is unusable as it keeps “correcting” http to https.
[have to use hxxps instead of https as I’m new]