SSL connection to admin console not logging in

Barber · January 9, 2008, 9:54am

I have just upgraded to openfire 3.4.3 from wildfire 3.0.1 (via 3.2.0) and everything appears to work, apart from logging into the HTTPS admin console. The login page is display prompting for username/password, but upon entering these the page just hangs.

Strangly, I can authenticate via plain HTTP.

My jabber connections to the server work fine.

Openfire is running on RHEL4 via Sun’s JRE 1.5.0_09. My user accounts are specified via LDAP (over SSL) as are the admin accounts. I imported my SSL certificate from my wildfire install, which did only contain the public/private keypair provided by my registrar, as well as the rest of the certificate chain to get to their root CA. The keystore doesn’t contain the CA for the LDAP though (but either Openfire does validate the cert chain for that anyhow, or I haven’t switched it on).

Attempts to log into the admin console via HTTPS don’t show up in the LDAP access log, but those from HTTP/jabber do.

I tested with before upgrading with jdk1.5.0_13, and this appeared to work fine (although it was on a different machine so may not be the only difference).

I have seen this post:

http://www.igniterealtime.org/community/message/160012#160012

but am not sure if it’s the same issue.

Could this be a JVM issue?

Regards

Michael_Puskar · January 10, 2008, 2:52am

I have the same problem. Strangely, it seems that if you login with http, you can then switch to https and everything will work find. It narrows it down to something in the login process. Also, I do not get this behavior when using Safari (on a Mac, obviously). I can login with no problem whatsoever.

Alin_FAUR · January 10, 2008, 8:34am

Hi,

I encountered the same error, and the solution I found was that I needed to edit the openfire.xml config file, according to the below example:

After that I was able to login through https.

Hope this helps.

Alin F.

Barber · January 10, 2008, 9:34am

Those are the exact symptoms I see.

After your suggestion I switched from Firefox 1.5.0.12 (Centos) and Konquerer (3.5.4-13.6.el5.centos) to trying Opera 9.23 (linux) and that handled the https login fine.

Trying IE6 on Windows works okay as well. So I guess it’s a client browser issue.

Barber · January 10, 2008, 10:24am

I already have the users specified in the tag and can authenticate via HTTP, so I don’t think you saw the same issues.

Cheers.

Alin_FAUR · January 10, 2008, 10:43am

I also had the “admin” user specified, but I added another one, and I could log in with the second user.

I cannot find any explanation, since:

I have 2 identical Openfire servers, and I only encountered the problem on one of them;
I got it from IE and Opera (both on Windows);
after a non-defined period of time, I was able to log in also with the admin user, and that is still possible.

That’s the most I can help you with

Andrew_Loughran · January 18, 2008, 2:54am

I’m having the same issue.

I just upgraded to Openfire 3.4.4 from 3.4.2 (this was done by moving the old /opt/openfire directory to /opt/oldopenfire and then untarring the new one into /opt/openfire (so that all the startup scripts point to the same place).

I then copied the old openfire.xml into the conf directory of the new install.

I use openLDAP to authenticate.

I have no problem authenticating the users via http for the admin console (and do this via a ssh tunnel to keep it secure) - but via https it just doesn’t want to work.

I am using gentoo on client and server. SSL connections work for the jabber client (in my case pidgin).

Has anyone else had any joy with this?

Andrew_Loughran · January 18, 2008, 3:02am

I just tested it with Opera, and I logged in fine. I’ll just test some other browsers…

Firefox - NO

Opera - YES

Seamonkey - NO

Epiphany - NO

IE7 - YES

I think the previous shows it may not be an ‘ignite realtime’ problem… but a problem all the same. Let me know if you’ve had any more joy.

Ray2 · January 29, 2008, 9:06pm

I have recently upgraded from wildfire 3.1.1 to openfire 3.4.3. I have experienced these exact same symptoms.

I don’t necessarily agree that this is a client issue as I was using firefox 2.0, and connecting fine to the SSL-

enabled wildfire admin console, and am using the exact same firefox 2.0, on the exact same client, but get the

SSL admin console hanging until ultimately a blank page is displayed. My client browser has not changed.

I can use safari to get to the SSL admin console but use firefox for everything else.

I’d really like to see IgniteRealTime present some fix or at least an explanation. For some of us using the

non-encrypted admin console is not an option.

Thanks,

Ray Spence