Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Strange SSL Issues

larryh

By larryh
in General Support

Recommended Posts

larryh

larryh

Posted
Posted

Here is some background.

Red hat 9 with apache, php, mysql etc via rpm's(can get versions if needed). System is connected to the internet with a registered name and all web functionality seems to work fine. Mysql is installed and functioning properly. oscommerce install went without a hitch and I chose to use SSL. I dont currently have a CA cert so I went through the steps outlined in redhat docs for removing the default test key/cert and created a new key and generated a self signed cert.

 

When I try and access the site via https from a different system I get a "page can not be displayed" error. However, if I fire up mozilla on the redhat box itself I can access the secure pages.

 

When I check the ssl_error_log i see the following errors

 

[Fri Jul 23 04:02:14 2004] [warn] RSA server certificate is a CA certificate (Ba

sicConstraints: CA == TRUE !?)

 

Now, this would seem to indicate something is expecting a real CA cert but is getting a self signed one. I can not seem to find out where where to change this contraint, any input appreciated. (apache ver is 2x)

larryh

larryh

Posted
  • Author
Posted

Additional info.

 

It almost seems as if there is a DNS issue or even IP tables not allowing outside connection on port 443. With that in mind I ran "nmap -sT -O localhost" to check and see and it shows "443/tcp open https". Can the port be open and waiting but blocked by IPtables still?

larryh

larryh

Posted
  • Author
Posted

Well, in further attempts to get to the root of my problem I just did a port scan of my server from an outside source. The data returned was extensive, but whats interesting is below.

 

22/tcp     open        ssh                     
80/tcp     open        http                    
389/tcp    open        ldap                    
1002/tcp   open        unknown      

 

The scanner also reported "The 1032 ports scanned but not shown below are in state: filtered" and since the ports were listed in numerical order and 443 is not in the list above I have to assume that the port is open and listening based on the local nmap but is being filtered by iptables.

 

Im going to keep plugging away, I may not get a quick answer to my question, but perhaps these notes here will help someone else in the future. :)

larryh

larryh

Posted
  • Author
Posted

Problem solved, guess I just needed to write out the problem in publci and look like a moron to figure it out :)

 

I simply opened the port in iptables with the following command

 

iptables -I RH-Lokkit-0-50-INPUT 1 -p tcp -i eth0 --dport 443 -j ACCEPT

 

I then rescanned ports from an outside system which gave me the input I was looking for

 

22/tcp     open        ssh                     
80/tcp     open        http                    
389/tcp    open        ldap
443/tcp    open       https                    
1002/tcp   open        unknown

 

I then tested via a web browser and all was good so I commited the changes to iptables that I made above via the following command

 

/sbin/service iptables save

 

Most people are likely using hosting services so wont run into this but for those running RH9 and using IPtables, this info may come in handy.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...