HTTPS bug?
  • I'm having a problem connecting to a private wordpress blog running under https.

    This RPC url works:

    http://myblog.com/xmlrpc.php


    This RPC url fails with a MarsEdit error saying that the server didn't respond. The RPC log is empty for the response portion:

    https://myblog.com/xmlrpc.php

    I can browse to https://myblog.com/xmlrpc.php and get the WP message about POST, so I know the page is can be reached.

    The problem is that I need to disable http access on this site for security, but then I'll lose MarsEdit access.

    Are there any known problems with https access in MarsEdit?

    BTW - This is an unmodified WordPress 2.2.1 install on Dreamhost.

    Thanks,
    Willis Morse
  • Hi Willis - I haven't personally done testing with HTTPS weblogs - it's something on my TODO list. But I do have customers who are successfully doing it. The problems have tended to come down to certificate issues. Can you recall if, when you navigate via the browser, you've had to do anything like confirm an untrusted certificate?

    If you don't mind, perhaps you could send me (direct via email if you like) the URL of the blog in question. Then I could try to connect to it from my end and see how it goes. I don't need the password or anything, because just getting to "password rejected" would mean that I had gotten through the HTTPS.

    Daniel
  • Whoops I forgot the important part: it's a self-signed certificate.

    I'll email the link to you directly.

    - Will
  • Will: a customer in a similar situation found that the problems went away as long as the self-signed certificate was added to the Keychain. Basically if you can get it so that a web browser doesn't complain when navigating there, then it should work in MarsEdit.

    Daniel
  • Thanks, I'll futz around with that.

    Safari wasn't giving me the warning for a while, but it just started again.

    So https should probably work with a signed certificate? That may be the final straw that forces me to shell out the money for a certificate so I can be a real site :-)

    Thanks,
    Will
  • No - it should work even with a SELF-signed certificate... so as long as you train Keychain about your certificate, it should work.
  • Ah, you're right. I didn't realize that I had to expicitly add the cert to my keychain, or that I even could. Safari's mechanism for doing this should probably be a little more in your face :-)

    Works now, thanks.

    - Will
  • Great! Glad it all worked out.
Start a New Discussion

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!