LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Getting SSL onto PORT 443 (https://www.linuxquestions.org/questions/linux-software-2/getting-ssl-onto-port-443-a-155657/)

kuso 03-09-2004 09:55 PM
Getting SSL onto PORT 443
 
Hello,

I just set up SSL and it works if I set my virtual host to a number greater than 1024

https://www.myhost.com:1025 -- works

However, i'd like to get this on 443

https://www.myhost.com -- does not work


My initial httpd process is running as root and I verified this with ps -A -f

My port is open on 443 and I verified this with nmap -sS -O myhost.com


Any clue what could be going on?

Thanks in advance,

billy

jtshaw 03-09-2004 10:04 PM
The way I do it is something like this:

NameVirtualHost <ip>:443
<VirtualHost <ip>:443>
DocumentRoot /home/httpd/secure
ServerName <servername>
ServerPath /

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:+EXP:+eNU
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key

<Directory />
Options FollowSymLinks
AllowOverride Options FileInfo
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
DirectoryIndex index.html index.php index.php4
</VirtualHost>

Btw, it might not be in your best interest to run apache as root..... most people agree it is a better idea to run apache under it's own user.

kuso 03-09-2004 10:09 PM
got all that ....it works fine for ports > 1024 ...just not < 1024

jtshaw 03-09-2004 10:15 PM
That is wierd, you have iptables blocking it or something?

kuso 03-09-2004 10:36 PM
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- clock.redhat.com anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- clock.redhat.com anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- 192.168.0.1 anywhere udp spt:domain dpts:
1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:S
YN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:S
YN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp spts:bootps:boot
pc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:boot
pc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flag
s:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SY
N,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reje
ct-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-w
ith icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 fl
ags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SY
N,RST,ACK/SYN reject-with icmp-port-unreachable

kuso 03-10-2004 12:20 AM
To make this weirder ...443 works on the server if I browse the website on the actual server. Only outside users cannot hit 443. Right now, I am testing, so my test computer and my server are both on the same router and I turned my firewall off. Still no luck.

This is hair-pulling material.

-billy

kuso 03-10-2004 11:41 PM
It was IPTABLES! as a general rule, I have to remember that firewalls are the root of all evil in unpredictability

Thanks for the help


All times are GMT -5. The time now is 07:32 PM.