Problem Connecting via https Over Network and Internet

I have Red Hat v 7.3 Professional installed with Apache 1.3.23 and mod_ssl
2.8.7. I have made a test certificate per the Red Hat manual instructions.
I can access the https web pages with Netscape on the server itself, but I
am unable to connect to the https pages over the internal network or over
the network. I also have a Win2k server running that also uses SSL, and
have no problems connecting to that server via https using Netscape. Any
suggestions?

Alicia Cherry
Systems Administrator
RiverStone Counseling
cherryal@riverstone.halifaxnc.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Problem Connecting via https Over Network and Internet

you haven't reported any detail about Netscape error, so it's hard to help u;
without knowing anything related your probem, i suggest you to create a cert
issued not to localhot.localdomain; but for the ServerName u are using.
It's self-signed, of course; but netscape deny access to a server presenting a
cert intitled to something already visited.
maybe u have another cert for localhos.localdomain.
the only way to get help is provide details.

-- maumar

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

Thanks for responding. The certificate was issued to the ip address of my
server (not localhost or 127.0.0.1). Netscape just returns the message
that the connection was not able to be established. I also get the error
message in IE, "Cannot Find Server or DNS Error". There is not much
information in the error message that is returned by the browsers.

Alicia Cherry

-----Original Message-----
From: Maurizio Marini [SMTP:maumar@datalogica.com]
Sent: Monday, August 05, 2002 3:31 PM
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet

you haven't reported any detail about Netscape error, so it's hard to help
u;
without knowing anything related your probem, i suggest you to create a
cert
issued not to localhot.localdomain; but for the ServerName u are using.
It's self-signed, of course; but netscape deny access to a server
presenting a
cert intitled to something already visited.
maybe u have another cert for localhos.localdomain.
the only way to get help is provide details.

-- maumar

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

first, your apache and ssl source looks old, upgrade, there are security
reasons for the upgrade need.

"Cannot Find Server or DNS Error", is usually related to DNS issues, means
you prolly do not have DNS setup correctly, ot that you have not
registered the domain in question, the short 'testing' workabout is to try
the IP address in question, not the domain name.

Thanks,

Ron DuFresne

On Mon, 5 Aug 2002, Alicianiah Cherry wrote:

> Thanks for responding. The certificate was issued to the ip address of my
> server (not localhost or 127.0.0.1). Netscape just returns the message
> that the connection was not able to be established. I also get the error
> message in IE, "Cannot Find Server or DNS Error". There is not much
> information in the error message that is returned by the browsers.
>
> Alicia Cherry
>
> -----Original Message-----
> From: Maurizio Marini [SMTP:maumar@datalogica.com]
> Sent: Monday, August 05, 2002 3:31 PM
> To: modssl-users@modssl.org
> Subject: Re: Problem Connecting via https Over Network and Internet
>
> you haven't reported any detail about Netscape error, so it's hard to help
> u;
> without knowing anything related your probem, i suggest you to create a
> cert
> issued not to localhot.localdomain; but for the ServerName u are using.
> It's self-signed, of course; but netscape deny access to a server
> presenting a
> cert intitled to something already visited.
> maybe u have another cert for localhos.localdomain.
> the only way to get help is provide details.
>
> -- maumar
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

Http connections work fine. It's just the https connections that are not
working. I am entering the actual ip address of the server to access the
pages, as I do not have the ip address registered. If it were a DNS issue,
would not the http connections be effected as well? By the way, the exact
message from Netscape is "There was no response. The server could be down or
is not responding."

Thanks,

Alicia

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of R. DuFresne
Sent: Monday, August 05, 2002 4:24 PM
To: Alicianiah Cherry
Cc: 'modssl-users@modssl.org'
Subject: RE: Problem Connecting via https Over Network and Internet



first, your apache and ssl source looks old, upgrade, there are security
reasons for the upgrade need.

"Cannot Find Server or DNS Error", is usually related to DNS issues, means
you prolly do not have DNS setup correctly, ot that you have not
registered the domain in question, the short 'testing' workabout is to try
the IP address in question, not the domain name.

Thanks,

Ron DuFresne

On Mon, 5 Aug 2002, Alicianiah Cherry wrote:

> Thanks for responding. The certificate was issued to the ip address of my
> server (not localhost or 127.0.0.1). Netscape just returns the message
> that the connection was not able to be established. I also get the error
> message in IE, "Cannot Find Server or DNS Error". There is not much
> information in the error message that is returned by the browsers.
>
> Alicia Cherry
>
> -----Original Message-----
> From: Maurizio Marini [SMTP:maumar@datalogica.com]
> Sent: Monday, August 05, 2002 3:31 PM
> To: modssl-users@modssl.org
> Subject: Re: Problem Connecting via https Over Network and Internet
>
> you haven't reported any detail about Netscape error, so it's hard to
help
> u;
> without knowing anything related your probem, i suggest you to create a
> cert
> issued not to localhot.localdomain; but for the ServerName u are using.
> It's self-signed, of course; but netscape deny access to a server
> presenting a
> cert intitled to something already visited.
> maybe u have another cert for localhos.localdomain.
> the only way to get help is provide details.
>
> -- maumar
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Problem Connecting via https Over Network and Internet

"There was no response. The server could be down
> or is not responding."

firewall?
-- maumar

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

I have the listen entry as LISTEN 443. I tried the netstat command and the
output is as follows:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN

It appears to me that port 443 is not listening (I'm new at Linux). Also,
when I tried to telnet to port 443, the connection failed. Do I need to
specifically open port 443 in some manner other than editing the httpd.conf
file? If so, how?

Alicia

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Peter Viertel
Sent: Monday, August 05, 2002 4:41 PM
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet


sorry if this is a little obvious but maybe you are not listening on all
interfaces as a result of your config file... check you have a Listen
443 rather than Listen hostname:443 - when apache is running see if
somethings LISTENing by doing:

netstat -an |grep LISTEN|grep 443

and make sure you're either listening on *:443 or {yourip}:443 not
127.0.0.1:443


for diagnosis i find it helps to bypass the weirdness of the browsers
and use something more simple to check connectivity - no harm in
telnetting to port 443 directly and hitting enter a couple of times -
see the error log output after you do this to confirm you've got the
right server process listening on that port. Next step is to check SSL
with a SSL enabled curl, or even the openssl command is capable of
connecting you to a https server (see openssl FAQ).

with curl you can display the certificate details returned which can be
quite helpful in testing scripts - one thing is for sure though, it
doesnt matter a jot what common name the cert was made for, SSL should
still be able to complete negotiations..

also go into IE 'advanced settings' and turn of that stooopid 'show
friendly HTTP error messages' tickbox - this will at least stop most of
the 'DNS' error messages, at least if you are getting an error from the
webserver you will see it then.... that message is second only to the
talking paperclip in my M$ hate-list .

Alicianiah Cherry wrote:

>Thanks for responding. The certificate was issued to the ip address of my
>server (not localhost or 127.0.0.1). Netscape just returns the message
>that the connection was not able to be established. I also get the error
>message in IE, "Cannot Find Server or DNS Error". There is not much
>information in the error message that is returned by the browsers.
>
>Alicia Cherry
>
>-----Original Message-----
>From: Maurizio Marini [SMTP:maumar@datalogica.com]
>Sent: Monday, August 05, 2002 3:31 PM
>To: modssl-users@modssl.org
>Subject: Re: Problem Connecting via https Over Network and Internet
>
>you haven't reported any detail about Netscape error, so it's hard to help
>u;
>without knowing anything related your probem, i suggest you to create a
>cert
>issued not to localhot.localdomain; but for the ServerName u are using.
>It's self-signed, of course; but netscape deny access to a server
>presenting a
>cert intitled to something already visited.
>maybe u have another cert for localhos.localdomain.
>the only way to get help is provide details.
>
>-- maumar
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
>
>I have Red Hat v 7.3 Professional installed with Apache 1.3.23 and mod_ssl
>2.8.7. I have made a test certificate per the Red Hat manual instructions.
> I can access the https web pages with Netscape on the server itself, but I
>am unable to connect to the https pages over the internal network or over
>the network. I also have a Win2k server running that also uses SSL, and
>have no problems connecting to that server via https using Netscape. Any
>suggestions?
>
>Alicia Cherry
>Systems Administrator
>RiverStone Counseling
>cherryal@riverstone.halifaxnc.com
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

I am able to access a Win2K server using ssl. Also, I am not able to access
the server over the internal network, negating a firewall issue, I would
think. However, it was suggested to me that I try the netstat command, and
the output is as follows:
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN

Seems like port 443 is not listening. I have the LISTEN entry in httpd.conf
as LISTEN 443. Is there something else I need to do open 443 and make it
listen?

Thanks,

Alicia



-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Maurizio Marini
Sent: Monday, August 05, 2002 6:02 PM
To: modssl-users@modssl.org
Subject: Re: Problem Connecting via https Over Network and Internet


"There was no response. The server could be down
> or is not responding."

firewall?
-- maumar

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:

> tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
>
> Seems like port 443 is not listening.

Actually the presence of that line in the netstat output means exactly the
opposite... it *is* listening. The 0.0.0.0 means it's listening on all
interfaces. LISTEN tells you that the socket is in the listening state.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

Why would a telnet connection to port 443 be refused? Any suggestions?

Thanks,

Alicia

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Cliff Woolley
Sent: Monday, August 05, 2002 6:15 PM
To: modssl-users@modssl.org
Subject: RE: Problem Connecting via https Over Network and Internet


On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:

> tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
>
> Seems like port 443 is not listening.

Actually the presence of that line in the netstat output means exactly the
opposite... it *is* listening. The 0.0.0.0 means it's listening on all
interfaces. LISTEN tells you that the socket is in the listening state.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Problem Connecting via https Over Network and Internet

Ah! we have seen this before with redhat - when you install it, you get
the option to configure a firewall with iptables, and maybe it seemed
like a good idea at the time - its got to be the problem - your netstat
shows the LISTEN and some unixes do show 0.0.0.0 instead of the * that
I'm used to on Suns so there *is* something listening but the telnet
shows its not visible from the outside of the network stack...

I'm not a redhat sorta guy, but millions are - anyone else know where
the redhat iptables config files are?

Alicianiah L. Cherry wrote:

>Why would a telnet connection to port 443 be refused? Any suggestions?
>
>Thanks,
>
>Alicia
>
>-----Original Message-----
>From: owner-modssl-users@modssl.org
>[mailto:owner-modssl-users@modssl.org]On Behalf Of Cliff Woolley
>Sent: Monday, August 05, 2002 6:15 PM
>To: modssl-users@modssl.org
>Subject: RE: Problem Connecting via https Over Network and Internet
>
>
>On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:
>
>
>
>>tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
>>
>>Seems like port 443 is not listening.
>>
>>
>
>Actually the presence of that line in the netstat output means exactly the
>opposite... it *is* listening. The 0.0.0.0 means it's listening on all
>interfaces. LISTEN tells you that the socket is in the listening state.
>
>--Cliff
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

Yes, then it does not sound like a DNS issue like you posted before. It
appears https is not actually running on the server. This might well be
due to missing or incorrect config info in the httpd.conf file. Do you
have a listen statement for the ip:443 port combo in the file?

Thanks,

Ron DuFresne

On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:

> Http connections work fine. It's just the https connections that are not
> working. I am entering the actual ip address of the server to access the
> pages, as I do not have the ip address registered. If it were a DNS issue,
> would not the http connections be effected as well? By the way, the exact
> message from Netscape is "There was no response. The server could be down or
> is not responding."
>
> Thanks,
>
> Alicia
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of R. DuFresne
> Sent: Monday, August 05, 2002 4:24 PM
> To: Alicianiah Cherry
> Cc: 'modssl-users@modssl.org'
> Subject: RE: Problem Connecting via https Over Network and Internet
>
>
>
> first, your apache and ssl source looks old, upgrade, there are security
> reasons for the upgrade need.
>
> "Cannot Find Server or DNS Error", is usually related to DNS issues, means
> you prolly do not have DNS setup correctly, ot that you have not
> registered the domain in question, the short 'testing' workabout is to try
> the IP address in question, not the domain name.
>
> Thanks,
>
> Ron DuFresne
>
> On Mon, 5 Aug 2002, Alicianiah Cherry wrote:
>
> > Thanks for responding. The certificate was issued to the ip address of my
> > server (not localhost or 127.0.0.1). Netscape just returns the message
> > that the connection was not able to be established. I also get the error
> > message in IE, "Cannot Find Server or DNS Error". There is not much
> > information in the error message that is returned by the browsers.
> >
> > Alicia Cherry
> >
> > -----Original Message-----
> > From: Maurizio Marini [SMTP:maumar@datalogica.com]
> > Sent: Monday, August 05, 2002 3:31 PM
> > To: modssl-users@modssl.org
> > Subject: Re: Problem Connecting via https Over Network and Internet
> >
> > you haven't reported any detail about Netscape error, so it's hard to
> help
> > u;
> > without knowing anything related your probem, i suggest you to create a
> > cert
> > issued not to localhot.localdomain; but for the ServerName u are using.
> > It's self-signed, of course; but netscape deny access to a server
> > presenting a
> > cert intitled to something already visited.
> > maybe u have another cert for localhos.localdomain.
> > the only way to get help is provide details.
> >
> > -- maumar
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

Yes, then it does not sound like a DNS issue like you posted before. It
appears https is not actually running on the server. This might well be
due to missing or incorrect config info in the httpd.conf file. Do you
have a listen statement for the ip:443 port combo in the file?

Thanks,

Ron DuFresne

On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:

> Http connections work fine. It's just the https connections that are not
> working. I am entering the actual ip address of the server to access the
> pages, as I do not have the ip address registered. If it were a DNS issue,
> would not the http connections be effected as well? By the way, the exact
> message from Netscape is "There was no response. The server could be down or
> is not responding."
>
> Thanks,
>
> Alicia
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of R. DuFresne
> Sent: Monday, August 05, 2002 4:24 PM
> To: Alicianiah Cherry
> Cc: 'modssl-users@modssl.org'
> Subject: RE: Problem Connecting via https Over Network and Internet
>
>
>
> first, your apache and ssl source looks old, upgrade, there are security
> reasons for the upgrade need.
>
> "Cannot Find Server or DNS Error", is usually related to DNS issues, means
> you prolly do not have DNS setup correctly, ot that you have not
> registered the domain in question, the short 'testing' workabout is to try
> the IP address in question, not the domain name.
>
> Thanks,
>
> Ron DuFresne
>
> On Mon, 5 Aug 2002, Alicianiah Cherry wrote:
>
> > Thanks for responding. The certificate was issued to the ip address of my
> > server (not localhost or 127.0.0.1). Netscape just returns the message
> > that the connection was not able to be established. I also get the error
> > message in IE, "Cannot Find Server or DNS Error". There is not much
> > information in the error message that is returned by the browsers.
> >
> > Alicia Cherry
> >
> > -----Original Message-----
> > From: Maurizio Marini [SMTP:maumar@datalogica.com]
> > Sent: Monday, August 05, 2002 3:31 PM
> > To: modssl-users@modssl.org
> > Subject: Re: Problem Connecting via https Over Network and Internet
> >
> > you haven't reported any detail about Netscape error, so it's hard to
> help
> > u;
> > without knowing anything related your probem, i suggest you to create a
> > cert
> > issued not to localhot.localdomain; but for the ServerName u are using.
> > It's self-signed, of course; but netscape deny access to a server
> > presenting a
> > cert intitled to something already visited.
> > maybe u have another cert for localhos.localdomain.
> > the only way to get help is provide details.
> >
> > -- maumar
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

I should work, but only if you do https://localhost, you seen to have 443
open on the loopback port. Did you try changing this to the IP address
for the system?

Thanks,

Ron DuFresne

On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:

> I have the listen entry as LISTEN 443. I tried the netstat command and the
> output is as follows:
>
> tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
>
> It appears to me that port 443 is not listening (I'm new at Linux). Also,
> when I tried to telnet to port 443, the connection failed. Do I need to
> specifically open port 443 in some manner other than editing the httpd.conf
> file? If so, how?
>
> Alicia
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Peter Viertel
> Sent: Monday, August 05, 2002 4:41 PM
> To: modssl-users@modssl.org
> Subject: Re: Problem Connecting via https Over Network and Internet
>
>
> sorry if this is a little obvious but maybe you are not listening on all
> interfaces as a result of your config file... check you have a Listen
> 443 rather than Listen hostname:443 - when apache is running see if
> somethings LISTENing by doing:
>
> netstat -an |grep LISTEN|grep 443
>
> and make sure you're either listening on *:443 or {yourip}:443 not
> 127.0.0.1:443
>
>
> for diagnosis i find it helps to bypass the weirdness of the browsers
> and use something more simple to check connectivity - no harm in
> telnetting to port 443 directly and hitting enter a couple of times -
> see the error log output after you do this to confirm you've got the
> right server process listening on that port. Next step is to check SSL
> with a SSL enabled curl, or even the openssl command is capable of
> connecting you to a https server (see openssl FAQ).
>
> with curl you can display the certificate details returned which can be
> quite helpful in testing scripts - one thing is for sure though, it
> doesnt matter a jot what common name the cert was made for, SSL should
> still be able to complete negotiations..
>
> also go into IE 'advanced settings' and turn of that stooopid 'show
> friendly HTTP error messages' tickbox - this will at least stop most of
> the 'DNS' error messages, at least if you are getting an error from the
> webserver you will see it then.... that message is second only to the
> talking paperclip in my M$ hate-list .
>
> Alicianiah Cherry wrote:
>
> >Thanks for responding. The certificate was issued to the ip address of my
> >server (not localhost or 127.0.0.1). Netscape just returns the message
> >that the connection was not able to be established. I also get the error
> >message in IE, "Cannot Find Server or DNS Error". There is not much
> >information in the error message that is returned by the browsers.
> >
> >Alicia Cherry
> >
> >-----Original Message-----
> >From: Maurizio Marini [SMTP:maumar@datalogica.com]
> >Sent: Monday, August 05, 2002 3:31 PM
> >To: modssl-users@modssl.org
> >Subject: Re: Problem Connecting via https Over Network and Internet
> >
> >you haven't reported any detail about Netscape error, so it's hard to help
> >u;
> >without knowing anything related your probem, i suggest you to create a
> >cert
> >issued not to localhot.localdomain; but for the ServerName u are using.
> >It's self-signed, of course; but netscape deny access to a server
> >presenting a
> >cert intitled to something already visited.
> >maybe u have another cert for localhos.localdomain.
> >the only way to get help is provide details.
> >
> >-- maumar
> >
> >___________________________________________________________ ___________
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List modssl-users@modssl.org
> >Automated List Manager majordomo@modssl.org
> >___________________________________________________________ ___________
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List modssl-users@modssl.org
> >Automated List Manager majordomo@modssl.org
> >
> >
> >I have Red Hat v 7.3 Professional installed with Apache 1.3.23 and mod_ssl
> >2.8.7. I have made a test certificate per the Red Hat manual instructions.
> > I can access the https web pages with Netscape on the server itself, but I
> >am unable to connect to the https pages over the internal network or over
> >the network. I also have a Win2k server running that also uses SSL, and
> >have no problems connecting to that server via https using Netscape. Any
> >suggestions?
> >
> >Alicia Cherry
> >Systems Administrator
> >RiverStone Counseling
> >cherryal@riverstone.halifaxnc.com
> >
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Problem Connecting via https Over Network and Internet

I believe they are located under the /etc/initd or /etc/rc directories as
the firewall is uppped on boot.

Thanks,

Ron DuFresne

On Tue, 6 Aug 2002, Peter Viertel wrote:

> Ah! we have seen this before with redhat - when you install it, you get
> the option to configure a firewall with iptables, and maybe it seemed
> like a good idea at the time - its got to be the problem - your netstat
> shows the LISTEN and some unixes do show 0.0.0.0 instead of the * that
> I'm used to on Suns so there *is* something listening but the telnet
> shows its not visible from the outside of the network stack...
>
> I'm not a redhat sorta guy, but millions are - anyone else know where
> the redhat iptables config files are?
>
> Alicianiah L. Cherry wrote:
>
> >Why would a telnet connection to port 443 be refused? Any suggestions?
> >
> >Thanks,
> >
> >Alicia
> >
> >-----Original Message-----
> >From: owner-modssl-users@modssl.org
> >[mailto:owner-modssl-users@modssl.org]On Behalf Of Cliff Woolley
> >Sent: Monday, August 05, 2002 6:15 PM
> >To: modssl-users@modssl.org
> >Subject: RE: Problem Connecting via https Over Network and Internet
> >
> >
> >On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:
> >
> >
> >
> >>tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
> >>
> >>Seems like port 443 is not listening.
> >>
> >>
> >
> >Actually the presence of that line in the netstat output means exactly the
> >opposite... it *is* listening. The 0.0.0.0 means it's listening on all
> >interfaces. LISTEN tells you that the socket is in the listening state.
> >
> >--Cliff
> >
> >___________________________________________________________ ___________
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List modssl-users@modssl.org
> >Automated List Manager majordomo@modssl.org
> >___________________________________________________________ ___________
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List modssl-users@modssl.org
> >Automated List Manager majordomo@modssl.org
> >
> >
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Problem Connecting via https Over Network and Internet

> negating a firewall issue, I would think.

why do u thik this? have you tried to clear your firewall rules, before to say
this? if not, do it issuing as root: # ipchains -F input
by default RedHat 7.3 install ipchains
in any case, send us output of ipchains -L -n (or the output of iptables -L
-n if u have configured iptables in your box)


-- maumar

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Problem Connecting via https Over Network and Internet

On Tuesday 06 August 2002 03:18 am, R. DuFresne wrote:
> I believe they are located under the /etc/initd or /etc/rc directories as
> the firewall is uppped on boot.

/etc/sysconfig/ipchains or /etc/sysconfig/iptables
-- maumar

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Problem Connecting via https Over Network and Internet

On Tue, 6 Aug 2002, Maurizio Marini wrote:

> On Tuesday 06 August 2002 03:18 am, R. DuFresne wrote:
> > I believe they are located under the /etc/initd or /etc/rc directories as
> > the firewall is uppped on boot.
>
> /etc/sysconfig/ipchains or /etc/sysconfig/iptables

thanks for the pointer, it's been awhile since I played on a redhat
system, never can keep track of how things are moved about on them boxen
.

Thanks,

Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problem Connecting via https Over Network and Internet

Easier still, use "setup" on RedHat and select the second option "Firewall
Configuration". This gives you a more user friendly configuration tool. You
can even turn the firewall off this way!

-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

Is the statement 'There is no such thing as truth' true?


> -----Original Message-----
> From: R. DuFresne [mailto:dufresne@sysinfo.com]
> Sent: 06 August 2002 02:19
> To: Peter Viertel
> Cc: modssl-users@modssl.org
> Subject: Re: Problem Connecting via https Over Network and Internet
>
>
>
> I believe they are located under the /etc/initd or /etc/rc
> directories as
> the firewall is uppped on boot.
>
> Thanks,
>
> Ron DuFresne
>
> On Tue, 6 Aug 2002, Peter Viertel wrote:
>
> > Ah! we have seen this before with redhat - when you install
> it, you get
> > the option to configure a firewall with iptables, and maybe
> it seemed
> > like a good idea at the time - its got to be the problem -
> your netstat
> > shows the LISTEN and some unixes do show 0.0.0.0 instead of
> the * that
> > I'm used to on Suns so there *is* something listening but
> the telnet
> > shows its not visible from the outside of the network stack...
> >
> > I'm not a redhat sorta guy, but millions are - anyone else
> know where
> > the redhat iptables config files are?
> >
> > Alicianiah L. Cherry wrote:
> >
> > >Why would a telnet connection to port 443 be refused? Any
> suggestions?
> > >
> > >Thanks,
> > >
> > >Alicia
> > >
> > >-----Original Message-----
> > >From: owner-modssl-users@modssl.org
> > >[mailto:owner-modssl-users@modssl.org]On Behalf Of Cliff Woolley
> > >Sent: Monday, August 05, 2002 6:15 PM
> > >To: modssl-users@modssl.org
> > >Subject: RE: Problem Connecting via https Over Network and Internet
> > >
> > >
> > >On Mon, 5 Aug 2002, Alicianiah L. Cherry wrote:
> > >
> > >
> > >
> > >>tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
> > >>
> > >>Seems like port 443 is not listening.
> > >>
> > >>
> > >
> > >Actually the presence of that line in the netstat output
> means exactly the
> > >opposite... it *is* listening. The 0.0.0.0 means it's
> listening on all
> > >interfaces. LISTEN tells you that the socket is in the
> listening state.
> > >
> > >--Cliff
> > >
> >
> >___________________________________________________________ __
> _________
> > >Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > >User Support Mailing List
> modssl-users@modssl.org
> > >Automated List Manager
> majordomo@modssl.org
> >
> >___________________________________________________________ __
> _________
> > >Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > >User Support Mailing List
> modssl-users@modssl.org
> > >Automated List Manager
> majordomo@modssl.org
> > >
> > >
> >
> >
> >
> ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org