powered by Jive Software

Lynx --source and Openfire ssl

Way back I was trying to add users via a script and came across the User Service plugin where I can add users via an http URL. I’m only allowing https access (on port 9091) using a self-signed certificate to the Openfire server and am having issues with lynx or curl accessing openfire.

If I use lynx --source http://example.com:9090/plugins/userService/userservice?type=add&secret=bigsecre t&username=kafka&password=drowssap&name=franz&email=franz@kafka.combigsecret&username=kafka&password=drowssap&name=franz&email=franz@kafka.com as in the example for the User Service plugin I get this back.

Looking up example:9091
Making HTTPS connection to example.com:9091
Retrying connection without TLS.
Looking up example.com:9091
Making HTTPS connection to example.com:9091
Alert!: Unable to make secure connection to remote host.
lynx: Can’t access startfile https://example.com:9091/plugins/userService/userservice?type=add
Of course I’m using my own domain instead of example.com

So I figured it must be a problem with Lynx not wanting to except the certificates so I went into /etc/lynx.cfg and changed FORCE_SSL_PROMPT:prompt to FORCE_SSL_PROMPT:yes so it will allow me to connect to sites with self-signed certificates. My error with Lynx stays the same. With curl -k I get this.

<result>RequestNotAuthorised</result>

At least that’s a proper XML response. What do I need to do to call this URL using curl or lynx? If I use Firefox and don’t accept the certificate I get the RequestNotAuthorised response so I’m thinking that my cli web browsers aren’t accepting the certificate?

Grant

Oh yeah, this method worked great before I decided to be smart and only allow SSL traffic to it. It also worked with the Registration plugin using lynx --source.

Grant

Hi Grant,

you may try options like “wget --no-check-certificate …” or “curl --insecure …” - lynx may have similar options.

LG

Ok thanks, I just backed it off to run non-SSL for now. I’m just finishing up a contract and want it to work so I can get on to a new project. If they want it to run SSL they can fix it later.

Grant