Forum OpenACS Q&A: Trouble getting SSL to work on port 8443

I have a site with a self-signed certificate.  It works fine as long as the secure port is set to the standard 443.  But if I try to use port 8443, with everything else exactly the same, it does not work.  Safari can't connect, and neither can telnet:

GET /dotlrn HTTP/1.1
Connection closed by foreign host.

I've never seen nsopenssl be so picky about the port number before.  We know the certificate is good since it works on port 443.  So what else could be wrong?

This is using the AOLserver 3.3 that the installation instructions have you download from uptime.openacs.org.

Collapse
Posted by Janine Ohmer on
Ok, since apparently no-on else has any ideas either, let me rephrase the question.  Has anyone been able to get nsopenssl to work on port 8443 with a self-signed certificate?  I've never tried it before, so I might be trying to make something work that never has.
Collapse
Posted by Bart Teeuwisse on
Janine,

the certificate doesn't care about ports one way or another. I've used (self-signed) certificate with a number of different ports.

/Bart

Collapse
Posted by Janine Ohmer on
I was thinking it might be nsopenssl, rather than the certificate itself, that was giving me trouble.  All I know is that it was not working on port 8443, and when we changed it to port 443 in the config file, it worked, with no other changes.  So what sort of misconfiguration (still assuming this is something I did wrong) could that indicate???
Collapse
Posted by Bart Teeuwisse on
Which version of nsopenssl are you using? Version 2.x w/ AOLserver 3.x? Or the newer 3.x w/ AOLserver 4.x? The configuration of these versions are rather different.

/Bart

Collapse
Posted by Bruno Mattarollo on
Janine,

I am running AOLServer 4.1, nsopenssl 3.0 beta 17, RHEL 3.0 and I tried port 8443 and it works fine for me with a self-signed certificate. Just thought I would let you know. I agree with Bart that the certificate and the port have no relationship ... But maybe it's a question of the configuration .. even though, this sounds strange indeed...

Just my 2 cents

/B

Collapse
Posted by Torben Brosten on
Janine, yes to your question.

Have you tried setting the nsopenssl *Trace parameters  (in the nsd.tcl file) to true? They may provide helpful feedback in the log.

Collapse
Posted by Simos Gabrielidis on
Could it be that some firewall is blocking port 8443?
Collapse
Posted by Dirk Gomez on
nsopenssl 2.1 works fine here on a non-privileged port!

I have another question regarding nsopenssl and this thread may be a good place to ask. What is the cause of this error message:

NsOpenSSLCreateConn failed

Collapse
Posted by Efi Sealman on
This is relevant to the previous problem. In theory, you can use port 8443 in order to run SSL, but in the real life it makes problems. So don't try to use any port except port 443 in order to run SSL.

Efi

Collapse
Posted by Andrew Piskorski on
Efi, to what problems are you referring? I've used OpenACS and SSL, with nsopenssl and a self-signed certificate, on both port 8443 and other non-privileged ports. It works fine.
Collapse
Posted by Efi Sealman on
Sorry, wrong respond number. I respond to 1. Anyway I didn't say that you cannot run it on different ports.
-Efi