getting ssl to work, rp7410 11i apache 2.0.52

Printable View

10-07-2007, 03:05 PM
unix

getting ssl to work, rp7410 11i apache 2.0.52

I am trying to get ssl working on our rp7410 server runing 11i. The
admin prior to me setup that server and then left the company, so I'm
now in charge and trying to figure what was done.

I know the bundle hpuxwsApache A.2.0.52.00 HP-UX Apache-based Web
Server was installed and that apache (2.0.52) has been running fine.
But the prior admin left before getting a certificate and getting ssl
working.

That is my job. :-)

I used /opt/hpws/apache/bin/openssl to generate the key and the csr to
get the certificate. So I know openssl is installed and at least the
program openssl works.

What I have done:
1 - generated key and csr
2 - get certificate from provider
3 - install per cert provide and 3rd party software we are running
4 - add https 443 to /etc/services
5 - configure ssl.conf
6 - reboot server

I'm getting a connection refused when I try:

openssl s_client -connect localhost:443 -state -debug

I get:
warning, not much extra random data, consider using the -rand option
connect: Connection refused
connect:errno=239

To me it seems like port 443 is not setup correctly or port 443 has
nothing listening on it. If I had to guess it's the latter, but not
sure what I need to do to get things to work.

Anyone have any ideas?

John
10-07-2007, 03:05 PM
unix

Re: getting ssl to work, rp7410 11i apache 2.0.52

In article <1152818360.702662.120580@75g2000cwc.googlegroups.com>, jda wrote:[color=blue]
> I am trying to get ssl working on our rp7410 server runing 11i. The
> admin prior to me setup that server and then left the company, so I'm
> now in charge and trying to figure what was done.
>
> I know the bundle hpuxwsApache A.2.0.52.00 HP-UX Apache-based Web
> Server was installed and that apache (2.0.52) has been running fine.
> But the prior admin left before getting a certificate and getting ssl
> working.
>
> That is my job. :-)
>
> I used /opt/hpws/apache/bin/openssl to generate the key and the csr to
> get the certificate. So I know openssl is installed and at least the
> program openssl works.
>
> What I have done:
> 1 - generated key and csr
> 2 - get certificate from provider
> 3 - install per cert provide and 3rd party software we are running
> 4 - add https 443 to /etc/services
> 5 - configure ssl.conf
> 6 - reboot server[/color]

You don't need to reboot - simply restarting Apache would have worked and saved
a lot of time. Try:

# /sbin/init.d/hpws_apache stop
# /sbin/init.d/hpws_apache start
[color=blue]
> I'm getting a connection refused when I try:
>
> openssl s_client -connect localhost:443 -state -debug
>
> I get:
> warning, not much extra random data, consider using the -rand option
> connect: Connection refused
> connect:errno=239[/color]

Did you look at the logs in /opt/hpws/apache/logs? Do you see anything there
indicating a connection or a problem?
[color=blue]
> To me it seems like port 443 is not setup correctly or port 443 has
> nothing listening on it. If I had to guess it's the latter, but not
> sure what I need to do to get things to work.[/color]

Try 'netstat -an | grep :443' or (if you have lsof installed) 'lsof -i TCP:443'
- that will tell you if something is listening...

Kevin

--
Unix Guy Consulting, LLC
Unix and Linux Automation, Shell, Perl and CGI scripting
[url]http://www.unix-guy.com[/url]
10-07-2007, 03:05 PM
unix

Re: getting ssl to work, rp7410 11i apache 2.0.52

Kevin,

tried the stopping and starting apache first but that was before
realized that /etc/services didn't have https 443 setup. The reboot
was done to make sure everything was started correctly - over kill
probably - but knew everything started clean.

The netstat -an | grep :443 shows nothing. Which tells me nothing is
listening, which I assume means somethings not configured right or
running that should be.

any suggestions?

John

Kevin Collins wrote:[color=blue]
> In article <1152818360.702662.120580@75g2000cwc.googlegroups.com>, jda wrote:
>
> You don't need to reboot - simply restarting Apache would have worked and saved
> a lot of time. Try:
>
> # /sbin/init.d/hpws_apache stop
> # /sbin/init.d/hpws_apache start
>[color=green]
> > I'm getting a connection refused when I try:
> >
> > openssl s_client -connect localhost:443 -state -debug
> >
> > I get:
> > warning, not much extra random data, consider using the -rand option
> > connect: Connection refused
> > connect:errno=239[/color]
>
> Did you look at the logs in /opt/hpws/apache/logs? Do you see anything there
> indicating a connection or a problem?
>[color=green]
> > To me it seems like port 443 is not setup correctly or port 443 has
> > nothing listening on it. If I had to guess it's the latter, but not
> > sure what I need to do to get things to work.[/color]
>
> Try 'netstat -an | grep :443' or (if you have lsof installed) 'lsof -i TCP:443'
> - that will tell you if something is listening...
>
> Kevin
>
> --
> Unix Guy Consulting, LLC
> Unix and Linux Automation, Shell, Perl and CGI scripting
> [url]http://www.unix-guy.com[/url][/color]
10-07-2007, 03:06 PM
unix

Re: getting ssl to work, rp7410 11i apache 2.0.52

In article <1153148328.458781.92470@i42g2000cwa.googlegroups.com>, jda wrote:

[snip]

Please, don't top post... I've moved your comments below.
[color=blue]
> Kevin Collins wrote:[color=green]
>> In article <1152818360.702662.120580@75g2000cwc.googlegroups.com>, jda wrote:
>>
>> You don't need to reboot - simply restarting Apache would have worked and saved
>> a lot of time. Try:
>>
>> # /sbin/init.d/hpws_apache stop
>> # /sbin/init.d/hpws_apache start
>>[color=darkred]
>> > I'm getting a connection refused when I try:
>> >
>> > openssl s_client -connect localhost:443 -state -debug
>> >
>> > I get:
>> > warning, not much extra random data, consider using the -rand option
>> > connect: Connection refused
>> > connect:errno=239[/color]
>>
>> Did you look at the logs in /opt/hpws/apache/logs? Do you see anything there
>> indicating a connection or a problem?
>>[color=darkred]
>> > To me it seems like port 443 is not setup correctly or port 443 has
>> > nothing listening on it. If I had to guess it's the latter, but not
>> > sure what I need to do to get things to work.[/color]
>>
>> Try 'netstat -an | grep :443' or (if you have lsof installed) 'lsof -i TCP:443'
>> - that will tell you if something is listening...
>>[/color]
> Kevin,
>
> tried the stopping and starting apache first but that was before
> realized that /etc/services didn't have https 443 setup. The reboot
> was done to make sure everything was started correctly - over kill
> probably - but knew everything started clean.[/color]

Ok. Since the https entry in /etc/services is read during (and possibly after)
startup of Apache, this wasn't necessary - but it also can't hurt :)
[color=blue]
> The netstat -an | grep :443 shows nothing. Which tells me nothing is
> listening, which I assume means somethings not configured right or
> running that should be.[/color]

Correct.
[color=blue]
> any suggestions?[/color]

Yes - take a look at the logs as I mentioned previously. I suspect you will
find something useful in the *error* logs.

Kevin
--
Unix Guy Consulting, LLC
Unix and Linux Automation, Shell, Perl and CGI scripting
[url]http://www.unix-guy.com[/url]