Forum OpenACS Q&A: Trouble getting SSL to work on port 8443

Collapse
1: Trouble getting SSL to work on port 8443
Posted by Janine Ohmer on 03/25/04 08:55 PM
I have a site with a self-signed certificate.  It works fine as long as the secure port is set to the standard 443.  But if I try to use port 8443, with everything else exactly the same, it does not work.  Safari can't connect, and neither can telnet:

GET /dotlrn HTTP/1.1
Connection closed by foreign host.

I've never seen nsopenssl be so picky about the port number before.  We know the certificate is good since it works on port 443.  So what else could be wrong?

This is using the AOLserver 3.3 that the installation instructions have you download from uptime.openacs.org.

Collapse
2: Re: Trouble getting SSL to work on port 8443 (response to 1)
Posted by Janine Ohmer on 03/30/04 09:34 PM
Ok, since apparently no-on else has any ideas either, let me rephrase the question.  Has anyone been able to get nsopenssl to work on port 8443 with a self-signed certificate?  I've never tried it before, so I might be trying to make something work that never has.
Collapse
3: Re: Trouble getting SSL to work on port 8443 (response to 2)
Posted by Bart Teeuwisse on 03/30/04 09:48 PM
Janine,

the certificate doesn't care about ports one way or another. I've used (self-signed) certificate with a number of different ports.

/Bart

Collapse
4: Re: Trouble getting SSL to work on port 8443 (response to 1)
Posted by Janine Ohmer on 03/30/04 10:01 PM
I was thinking it might be nsopenssl, rather than the certificate itself, that was giving me trouble.  All I know is that it was not working on port 8443, and when we changed it to port 443 in the config file, it worked, with no other changes.  So what sort of misconfiguration (still assuming this is something I did wrong) could that indicate???
Collapse
5: Re: Trouble getting SSL to work on port 8443 (response to 4)
Posted by Bart Teeuwisse on 03/30/04 10:07 PM
Which version of nsopenssl are you using? Version 2.x w/ AOLserver 3.x? Or the newer 3.x w/ AOLserver 4.x? The configuration of these versions are rather different.

/Bart

Collapse
6: Re: Trouble getting SSL to work on port 8443 (response to 2)
Posted by Bruno Mattarollo on 03/30/04 10:14 PM
Janine,

I am running AOLServer 4.1, nsopenssl 3.0 beta 17, RHEL 3.0 and I tried port 8443 and it works fine for me with a self-signed certificate. Just thought I would let you know. I agree with Bart that the certificate and the port have no relationship ... But maybe it's a question of the configuration .. even though, this sounds strange indeed...

Just my 2 cents

/B

Collapse
7: Re: Trouble getting SSL to work on port 8443 (response to 1)
Posted by Torben Brosten on 03/30/04 11:05 PM
Janine, yes to your question.

Have you tried setting the nsopenssl *Trace parameters  (in the nsd.tcl file) to true? They may provide helpful feedback in the log.

Collapse
8: Re: Trouble getting SSL to work on port 8443 (response to 1)
Posted by Simos Gabrielidis on 03/30/04 11:08 PM
Could it be that some firewall is blocking port 8443?
Collapse
9: Re: Trouble getting SSL to work on port 8443 (response to 1)
Posted by Dirk Gomez on 03/30/04 11:21 PM
nsopenssl 2.1 works fine here on a non-privileged port!

I have another question regarding nsopenssl and this thread may be a good place to ask. What is the cause of this error message:

NsOpenSSLCreateConn failed

Collapse
10: Re: Trouble getting SSL to work on port 8443 (response to 9)
Posted by Efi Sealman on 10/17/06 07:16 PM
This is relevant to the previous problem. In theory, you can use port 8443 in order to run SSL, but in the real life it makes problems. So don't try to use any port except port 443 in order to run SSL.

Efi

Collapse
11: Re: Trouble getting SSL to work on port 8443 (response to 10)
Posted by Andrew Piskorski on 10/18/06 12:44 PM
Efi, to what problems are you referring? I've used OpenACS and SSL, with nsopenssl and a self-signed certificate, on both port 8443 and other non-privileged ports. It works fine.
Collapse
12: Re: Trouble getting SSL to work on port 8443 (response to 11)
Posted by Efi Sealman on 10/25/06 08:39 PM
Sorry, wrong respond number. I respond to 1. Anyway I didn't say that you cannot run it on different ports.
-Efi