Not able to reach managed server over ssl (https) - ssl

I am able to reach my weblogic console over https connection but when I try to launch developer console that is setup as a managed server in the weblogic domain, it fails. However, I can reach the dev console over http port without any issues.
I checked the validity of certs installed my keystore and configured to enable ssl port in managed servers. I am not sure what I am missing here. Please advice if I am missing any additional checks/setups.
For eg,
http://<XXX.cname.com>:9005/console - works on http
https://<XXX.cname.com>:9009/edq - does not work on https
I verified from console that ports are right and ssl ports are enabled.

Related

Iredmail local server with pfsense, nginx and ssl problems

I have a problem that bothers me for few days. I have 2 local servers on same IP, at my office, on one we run an apache webapp that uses port 443 and port 80, and on the other one i tried to install ubuntu iredmail server, all good until i asked for a letsencrypt certificate, and tried to open the mail domain url. I changed the ssl port in 00-default-ssl.conf to 8443, i stopped the nftables, no firewall installed or active on the mail server, just the pfsense working on network level. if i try to open the mail domain with port 8443 i get the no page, if i try to run with 443 i cant connect to it. If i try to open the main domain, not the mail, the root domain, with default port for ssl i get the page from the other server that runs the apache app, that should be linked to another domain.
I tried to obtain a ssl and i got an error that says the cert cant be downloaded on the server due to a possible firewall misconfiguration. I readout somewhere that pfsense might be the culprit, because he cant read the redirects from request header.
Can you please help me fix it ? I start loosing my patience.
I am trying to install iredmail on a local server with static IP and pfsense.

WSS connection failed for https

I am forcing a dummy SSL for my localhost running through xampp. Now I am using web sockets which asks for 'wss:' instead of 'ws:'. But when using 'wss', I am getting the following Error:
WebSocket connection to 'wss://192.168.1.5/?aswin' failed: WebSocket opening handshake was canceled
I am new to this, I don't know what's causing this issue.
Remember to change the port number to a one different to the one you used for not secure connections. Some browsers get confused if suddenly a port becomes secure or viceversa.
Remember to use the hostname indicated in the certificate to connect and not the IP.
If you are using a self-signed certificate, use it for HTTPS so you can see the dialog for accepting that certificate. When accessing via WSS:// there is not certificate acceptance dialog, it will just fail to connect.

Amazon EC2 + SSL

I want to enable ssl on an EC2 instance. I know how to install third party SSL. I have also enabled ssl in security group.
I just want to use a url like this: ec2-xx-xxx-xxx-xx.compute-1.amazonaws.com with https.
I couldn't find the steps anywhere.
It would be great if someone can direct me to some document or something.
Edit:
I have a instance on EC2. On Which I have installed LAMP. I have also enabled http, https and ssh in the security group policy.
When I open the Public DNS url in browser,I can see the web server running perfectly.
But When I add https to URL, nothing happens.
Is there a way I am missing? I really dont want to use any custom domain on this instance because I will terminate it after a month.
For development, demo, internal testing, (which is a common case for me) you can achieve demo grade https in ec2 with tunneling tools. Within few minutes especially for internal testing purposes with [ngrok] you would have https (demo grade traffic goes through tunnel)
Tool 1: https://ngrok.com Steps:
Download ngrok to your ec2 instance: wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip (at the time of writing but you will see this link in ngrok home page once you login).
Enable 8080, 4443, 443, 22, 80 in your AWS security group.
Register and login to ngrok and copy the command to activate it with token: ./ngrok authtoken shjfkjsfkjshdfs (you will see it in their home page once you login)
Run your http - non https server (any, nodejs, python, whatever) on EC2
Run ngrok: ./ngrok http 80 (or a different port if your simple http server runs on a different server)
You will get an https link to your server.
Tool 2: cloudflare wrap
Alternatively, I think you can use an alternative to ngrok which is called cloudflare wrap but I haven't tried that.
Tool 3: localtunnel
A third alternative could be https://localtunnel.github.io which as opposed to ngrok can provide you a subdomain for free it's not permanent but you can ask for a specific subdomain and not a random string.
--subdomain request a named subdomain on the localtunnel server (default is random characters)
Tool 4: https://serveo.net/
Turns out that Amazon does not provide ssl certificates for their EC2 instances out of box. I skipped the part that they are a virtual servers providers.
To install ssl certificate even the basic one, you need to buy it from someone and install it manually on your server.
I used startssl.com They provide free basic ssl certificates.
Create a self signed SSL certificate using openssl. CHeck this link for more information.
Install that certificate on your web server. As you have mentioned LAMP, I guess it is Apache. So check this link for installing SSL to Apache.
In case you reboot your instance, you will get a different public DNS so be aware of this. OR attach an elastic IP address to your instance.
But When I add https to URL, nothing happens.
Correct, your web server needs to have SSL certificate and private key installed to serve traffic on https. Once it is done, you should be good to go. Also, if you use self-signed cert, then your web browser will complain about non-trusted certificate. You can ignore that warning and proceed to access the web page.
You can enable SSL on an EC2 instance without a custom domain using a combination of Caddy and nip.io.
nip.io is allows you to map any IP Address to a hostname without the need to edit a hosts file or create rules in DNS management.
Caddy is a powerful open source web server with automatic HTTPS.
Install Caddy on your server
Create a Caddyfile and add your config (this config will forward all requests to port 8000)
<EC2 Public IP>.nip.io {
reverse_proxy localhost:8000
}
Start Caddy using the command caddy start
You should now be able to access your server over https://<IP>.nip.io
I wrote an in-depth article on the setup here: Configure HTTPS on AWS EC2 without a Custom Domain

Do I need to install SSL on my server?

I have a virtual server with a few websites on it. To be honest I know next to nothing about SSL. When Itry to log in to my servers Web Host Manager or any of my sites Cpanels I get a screen (In chrome) saying "This website is not trusted". Is this because the server needs to have SSL installed on it?
Maybe it's not even to do with SSL, but any explanation is appreciated.
SSL secures your conecction between your browser and the server. If you have important data there you should install SSL to protect your connection from "sniffing".
SSL is network protocol so you have to install it or enable it on the server.
here is resource for installing/enabling SSL on Apache server:
http://www.digicert.com/ssl-certificate-installation-apache.htm
and here is how to install/enable SSL on IIS:
http://support.microsoft.com/kb/299875

Tomcat - enabling two-way SSL

I am using Windows XP and running Tomcat 6.
I am trying to enable SSL on Tomcat. First, I tried it with client authentication.
It didn't work - and I configured it to work without client authentication.
I have certificate installed on the tomcat server, and also the CA certificate installed on the browsers (IE & FireFox).
It still doesn't work.
In IE the server doesn't throw any exception except for EOFException.
In FireFox it throws SSLHandeShakeException: Remote host close the connection.
Can anyone help?
Thanks.
The SSL configuration as provided in the comments is highly suspect - particularly the keyStorePass attribute. I suggest you work from the Tomcat SSL docs and proceed in the following order:
Get https working from a browser with a self-signed certificate
Then get it working with a proper certificate
Then try and add client certificate authentication
This does all work. It is tested as part of the Servlet TCK and every Tomcat release passes the TCK.