Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HTTPS on debian

Status
Not open for further replies.
Jiminald

Jiminald

Programmer
Oct 11, 2006
39
GB
Hi,

I have my fresh debian box built, i have apache2 and SSL on it, all ready to go.

I can access HTTPS using
lynx
but if I try to access it from internal network or externally, i cannot connect. The ports are forwarded correctly.

Thanks in advanced :)
 
Sort by date Sort by votes
What do you mean "cannot access"? What is the symptom?

Have you verified that Apache is listening on the IP:pORT for your install? (hint: see httpd.conf)

Have you verified that local server's firewall (and any firewalls in between) are allowing TCP/443 to pass?



D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
I am listening
netstat -a
shows https is on

I don't think any firewall is on, all internal client pcs firewalls are off, as well.
I'm a beginner on debian, so im still working my way around (plus been out of the linux game for a while too)

I've double, even triple checked the proxy box for external access, I had it working on an old box with no problems.

But I dont see why I cant access it internally either, could be due to the fact, im having to type IP in instead of hostname. It's a debian box in a win2k3 environment, if that helps any more.

TIA :)
 
Upvote 0 Downvote
Ahhh....
Assuming that your listing of "iptables -L" reveals no offending local firewalls, I'm inclined to believe that your SSL certificate does not support the IP address as the named certified site.

I'm a bit rusty on this, but I believe that SSL certificates can only validate the site for a hostname? So if you are accessing the site by IP address, it's likely that your error_log from Apache is actually showing an access attempt that cannot be resolved.

Try this:
On one client machine (preferably non-Win) create an entry in the 'hosts' file to map some nonsense name (or your cert hostname) to the real IP. Then, using the client's browser, try to reach the site by name.

All of this assumes that your certificate is valid, that mod_ssl is being loaded and running correctly, that httpd.conf is properly configured to listen on the proper IP, that your internal routing tables are correct, that there is not another machine competing for the same IP as your server,.... etc. :)

Good luck!






D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Steve Bowman
  • Locked
  • Question
I have a Debian server (buster) I h
Replies
0
Views
91
Steve Bowman
Steve Bowman
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
103
bhuv560
bhuv560
gregor weertman
  • Locked
  • Question
set samba "template shell" dependent on group
Replies
0
Views
94
gregor weertman
gregor weertman
lslamp
  • Locked
  • Question
Bash Onliner ... 1
Replies
2
Views
186
lslamp
lslamp
kjv1611
  • Locked
  • Question
RAID 5 Data Recovery? (Debian / OpenMediaVault) 1
Replies
2
Views
117
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top