getting ssl to work, rp7410 11i apache 2.0.52 - HP UX

This is a discussion on getting ssl to work, rp7410 11i apache 2.0.52 - HP UX ; I am trying to get ssl working on our rp7410 server runing 11i. The admin prior to me setup that server and then left the company, so I'm now in charge and trying to figure what was done. I know ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: getting ssl to work, rp7410 11i apache 2.0.52

  1. getting ssl to work, rp7410 11i apache 2.0.52

    I am trying to get ssl working on our rp7410 server runing 11i. The
    admin prior to me setup that server and then left the company, so I'm
    now in charge and trying to figure what was done.

    I know the bundle hpuxwsApache A.2.0.52.00 HP-UX Apache-based Web
    Server was installed and that apache (2.0.52) has been running fine.
    But the prior admin left before getting a certificate and getting ssl
    working.

    That is my job. :-)

    I used /opt/hpws/apache/bin/openssl to generate the key and the csr to
    get the certificate. So I know openssl is installed and at least the
    program openssl works.

    What I have done:
    1 - generated key and csr
    2 - get certificate from provider
    3 - install per cert provide and 3rd party software we are running
    4 - add https 443 to /etc/services
    5 - configure ssl.conf
    6 - reboot server

    I'm getting a connection refused when I try:

    openssl s_client -connect localhost:443 -state -debug

    I get:
    warning, not much extra random data, consider using the -rand option
    connect: Connection refused
    connect:errno=239

    To me it seems like port 443 is not setup correctly or port 443 has
    nothing listening on it. If I had to guess it's the latter, but not
    sure what I need to do to get things to work.

    Anyone have any ideas?

    John


  2. Re: getting ssl to work, rp7410 11i apache 2.0.52

    In article <1152818360.702662.120580@75g2000cwc.googlegroups.c om>, jda wrote:
    > I am trying to get ssl working on our rp7410 server runing 11i. The
    > admin prior to me setup that server and then left the company, so I'm
    > now in charge and trying to figure what was done.
    >
    > I know the bundle hpuxwsApache A.2.0.52.00 HP-UX Apache-based Web
    > Server was installed and that apache (2.0.52) has been running fine.
    > But the prior admin left before getting a certificate and getting ssl
    > working.
    >
    > That is my job. :-)
    >
    > I used /opt/hpws/apache/bin/openssl to generate the key and the csr to
    > get the certificate. So I know openssl is installed and at least the
    > program openssl works.
    >
    > What I have done:
    > 1 - generated key and csr
    > 2 - get certificate from provider
    > 3 - install per cert provide and 3rd party software we are running
    > 4 - add https 443 to /etc/services
    > 5 - configure ssl.conf
    > 6 - reboot server


    You don't need to reboot - simply restarting Apache would have worked and saved
    a lot of time. Try:

    # /sbin/init.d/hpws_apache stop
    # /sbin/init.d/hpws_apache start

    > I'm getting a connection refused when I try:
    >
    > openssl s_client -connect localhost:443 -state -debug
    >
    > I get:
    > warning, not much extra random data, consider using the -rand option
    > connect: Connection refused
    > connect:errno=239


    Did you look at the logs in /opt/hpws/apache/logs? Do you see anything there
    indicating a connection or a problem?

    > To me it seems like port 443 is not setup correctly or port 443 has
    > nothing listening on it. If I had to guess it's the latter, but not
    > sure what I need to do to get things to work.


    Try 'netstat -an | grep :443' or (if you have lsof installed) 'lsof -i TCP:443'
    - that will tell you if something is listening...

    Kevin

    --
    Unix Guy Consulting, LLC
    Unix and Linux Automation, Shell, Perl and CGI scripting
    http://www.unix-guy.com

  3. Re: getting ssl to work, rp7410 11i apache 2.0.52

    Kevin,

    tried the stopping and starting apache first but that was before
    realized that /etc/services didn't have https 443 setup. The reboot
    was done to make sure everything was started correctly - over kill
    probably - but knew everything started clean.

    The netstat -an | grep :443 shows nothing. Which tells me nothing is
    listening, which I assume means somethings not configured right or
    running that should be.

    any suggestions?

    John

    Kevin Collins wrote:
    > In article <1152818360.702662.120580@75g2000cwc.googlegroups.c om>, jda wrote:
    >
    > You don't need to reboot - simply restarting Apache would have worked and saved
    > a lot of time. Try:
    >
    > # /sbin/init.d/hpws_apache stop
    > # /sbin/init.d/hpws_apache start
    >
    > > I'm getting a connection refused when I try:
    > >
    > > openssl s_client -connect localhost:443 -state -debug
    > >
    > > I get:
    > > warning, not much extra random data, consider using the -rand option
    > > connect: Connection refused
    > > connect:errno=239

    >
    > Did you look at the logs in /opt/hpws/apache/logs? Do you see anything there
    > indicating a connection or a problem?
    >
    > > To me it seems like port 443 is not setup correctly or port 443 has
    > > nothing listening on it. If I had to guess it's the latter, but not
    > > sure what I need to do to get things to work.

    >
    > Try 'netstat -an | grep :443' or (if you have lsof installed) 'lsof -i TCP:443'
    > - that will tell you if something is listening...
    >
    > Kevin
    >
    > --
    > Unix Guy Consulting, LLC
    > Unix and Linux Automation, Shell, Perl and CGI scripting
    > http://www.unix-guy.com



  4. Re: getting ssl to work, rp7410 11i apache 2.0.52

    In article <1153148328.458781.92470@i42g2000cwa.googlegroups.c om>, jda wrote:

    [snip]

    Please, don't top post... I've moved your comments below.

    > Kevin Collins wrote:
    >> In article <1152818360.702662.120580@75g2000cwc.googlegroups.c om>, jda wrote:
    >>
    >> You don't need to reboot - simply restarting Apache would have worked and saved
    >> a lot of time. Try:
    >>
    >> # /sbin/init.d/hpws_apache stop
    >> # /sbin/init.d/hpws_apache start
    >>
    >> > I'm getting a connection refused when I try:
    >> >
    >> > openssl s_client -connect localhost:443 -state -debug
    >> >
    >> > I get:
    >> > warning, not much extra random data, consider using the -rand option
    >> > connect: Connection refused
    >> > connect:errno=239

    >>
    >> Did you look at the logs in /opt/hpws/apache/logs? Do you see anything there
    >> indicating a connection or a problem?
    >>
    >> > To me it seems like port 443 is not setup correctly or port 443 has
    >> > nothing listening on it. If I had to guess it's the latter, but not
    >> > sure what I need to do to get things to work.

    >>
    >> Try 'netstat -an | grep :443' or (if you have lsof installed) 'lsof -i TCP:443'
    >> - that will tell you if something is listening...
    >>

    > Kevin,
    >
    > tried the stopping and starting apache first but that was before
    > realized that /etc/services didn't have https 443 setup. The reboot
    > was done to make sure everything was started correctly - over kill
    > probably - but knew everything started clean.


    Ok. Since the https entry in /etc/services is read during (and possibly after)
    startup of Apache, this wasn't necessary - but it also can't hurt

    > The netstat -an | grep :443 shows nothing. Which tells me nothing is
    > listening, which I assume means somethings not configured right or
    > running that should be.


    Correct.

    > any suggestions?


    Yes - take a look at the logs as I mentioned previously. I suspect you will
    find something useful in the *error* logs.

    Kevin
    --
    Unix Guy Consulting, LLC
    Unix and Linux Automation, Shell, Perl and CGI scripting
    http://www.unix-guy.com

+ Reply to Thread