Need help in running my website using secure connection (HTTPS)
 

Hello:

I have the following details on my system:
- CentOS
- RHEL 5
- WebWare for Python

We have an exisiting website written in Python and was developed by other entities and now being maintained by us. We want to run the website using secure connection (HTTPS), I tried reading this article and successfully executed every instructions but still failed to run the website using HTTPS.

http://www.flatmtn.com/article/setti...e-certificates

The way we run the website is using port 8080, e.g. http://<ip_address>:8080/

I am sure I am missing something here, first, I am still looking on where does the port 8080 comes from since I've checked the httpd.config and it wasn't there.

Any thoughts?


Thanks in advance.

Is it CentOS or RHEL5? Normally there isn't a difference in the CentOS [5] and RHEL 5, but knowing which you have is a very important thing for YOU to know.

While performing steps from the link:

1. What steps have you performed?
2. Of the steps performed what errors (if any) were received?

And I really didn't understand your exact question...

Is it you need help getting the site running? Or is it you want to know where/why it is using port 8080?

Depends what you mean by 'failed to run website'. Need specific example with exact cmds/msgs.
Note also that the un-encrypted http is normally on port 80, https(!) is on 443.
These are the defaults unless you edit the httpd.conf/ssl.conf settings and adjust your firewall appropriately.

You can test https from the cmd line:

openssl s_client -connect server1.example.com:443

Sorry for the confusion but my main question would be:

How would I run our website using HTTPS?

I did the exact commands given on that article without any errors encountered but found out that I was lacking the ssl.key and ssl.crt and so I install mod_ssl using:

sudo yum install mod_ssl


I am new to Linux but I see during start up these details...

Booting CentOS 2.6.18-128.e15
...
CentOS release 5.3(Final)
Kernel 2.6.18-128.e15 on an i686

So I am guessing its is CentOS.



I just mentioned about looking on where the port 8080 was specified because it might lead me to something just a wild presumption though because I have read that HTTPS is on 443 and HTTP normally runs on port 80 by default as mentioned also by chrism01. The only way that I know they can define to which port to run a website is through the Virtual Host of httpd config but it was NOT there.


Thank you guys for your time and help.

I tried running the command:

openssl s_client - connect <ip_address>:443


and gave some certificate information that says something:


CONNECTED(00000003)
---
Certificate chain 0 s:/C=--/ST=SomeState/L=SomeCity/0....
....
---
Server certificate
-----BEGIN CERTIFICATE------
(Then some encrypted information here)
-----END CERTIFICATE-----
subject=/C=--/ST....
...
---
No client certificate CA names sent
---
SSL handshake has read 1606 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol: TLSv1
Cipher : DHE-RSA-AES256-SHA
....
Timout: 300 (sec)
Verify return code: 18 (self signed certificate)
----

Can you show us your httpd.conf & ssl.conf files?
Test shows you've got https running on 443; that's a good/std start.

I am sure this is just a typo but better re-check that. "http://<ip_address>:8080/" Should be https://ip:port

Chris - Please see attached files for my httpd.conf and ssl.conf files. The file location on our system are the ones in bold below.

I tried to "find / -name httpd.conf", its giving me 3 results:
/usr/local/apache2/conf/httpd.conf
/usr/local/apache2/conf/original/httpd.conf
/etc/httpd/conf/httpd.conf

And I tried to "find / -name ssl.conf", it gives this result:
/etc/httpd/conf.d/ssl.conf



I already tried accessing the website using "https://<ip_address>:8080" before I posted any help here, I am just getting this:

Internet Explorer cannot display the webpage


Thanks!

Try it locally?

Like I said in post #7; your test shows you've got https running on port 443 (the std port). There's no point trying to connect to port 8080 for https.

Chris - But how do I port our website to run using HTTPS then? what configuration should I edit to achieve this?

since I tried running https://<ip_address> and it doesn't display anything except for "The browser" cannot display the webpage

Apache is your webserver; it serves your websites.
Apache is listening on port 80 (http) and serving websites in a non-encrypted format. See httpd.conf
Apache is ALSO listening on port 443 (https) and serving websites in an encrypted format. See ssl.conf.

Please please understand the above. Its the standard/default setup for Apache.
Forget about port 8080....

Please read Chap 21 http://www.linuxtopia.org/online_boo...ion/index.html
See also http://httpd.apache.org/docs/2.2/

Okay Chris, thanks for your time. I'll figure this out. And thanks for the online books, seems a good reference to read.

Thanks!

Also make an entry in ur ssl.conf file regarding cacert file & key