Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Can someone help me understand if I have 1 domain
www.example.com
which runs lampp on port 80 and tomcat on port 8080 ,
do I need 1 or 2 SSL certificates?
for example the commercial site runs on www.example.com but the actually web application runs on www.example.com:80/Login/
Does that mean I need 2 separate SSL EV Certificates or can I just purchase 1 and load it on both apache and tomcat because its the same domain?
Thanks
Firstly, you're probably not running your servers using SSL on ports 80 and 8080. Port 80 is the default port for HTTP whereas port 443 is the default port for HTTPS.
Tomcat tends to use port 8080 for its HTTP service and port 8443 for its HTTPS service because it tends to be run by a non-root user on Unix boxes (which can't use port numbers under 1024), and also perhaps because ports 80 and 443 tend to be taken by other services (e.g. Apache Httpd) already.
While you could technically run an HTTPS service on port 80, it's not a good idea, since you would have to specify the port in the address every time (and possibly resort to port unification if you want to run a plain HTTP service on that port too). This would lead to unnecessary confusion.
Host name verification for HTTPS is bound to host names, not port numbers. Whichever ports you use doesn't really matter. You could run both https://www.example.com/ (implicitly on port 443) with Apache Httpd and https://www.example.com:8443/ with Apache Tomcat using the same certificate, issued for www.example.com (at least). You may have to convert the storage format for the keys and certificate (Apache Httpd would use separate key and certificate files, whereas Tomcat would use a single keystore, e.g. in PKCS#12 format), but that's just a matter of converting the files on your end once the CA has issued the certificate.
In addition, it's quite unusual to use HTTPS on both Apache Httpd and Tomcat on the same machine. Typically, you'd set up your system with Apache Httpd on port 443 to handle the SSL connections, and set up a reverse proxy to have Apache Httpd dispatch the requests to your Tomcat in plain HTTP on localhost. This allows for everything to be served on https://www.example.com/ without needing to specify a non-default port. Only the front-end (Apache Httpd) would need to be configured with the certificate.
Related
I'm running IIS 7 on an old Windows Server 2008. While this machine is my main web host, I host a site on another (Lubuntu) server on the same LAN. This site has an SSL certificate which has been generated using LetsEncrypt. I need to renew this certificate every 90 days using a utility called certbot, but this needs to use port 80.
As I currently have port 80 on my router redirected to my main (IIS) web host, this means I have to temporarily redirect port 80 on the router to my Lubuntu server every time my SSL cert is due for renewal.
I was wondering if there was any way that I could configure my main IIS web host to redirect requests on port 80 to my Lubuntu host if the domain name requested was the one hosted on that Lubuntu host?
I have two iis websites. One I have a localhost on port 80 and was setup for dydns with ssl port forwarding external: 443 and internal port:1124 and the website is working perfectly with dydns access.
I wanted to setup another website with the ssl port but was unable to do so. As when I set the port forwarding external Ssl:443 and the internal ssl port:1129. the other dydns entry redirects to the first website. This website does not work without https.
So. How do I setup two websites for ssl port forwarding on the same machine?
Any help is appreciated.
You don't necessary need an entirely different port for each website you host on the same machine. You can use the same http/80 and https/443 to serve multiple website through virtual hosts.
I'm not familiar with IIS, but I do know that it's possible on IIS just like Apache and NGINX does. You can read about setting up virtual hosts on IIS here. Also I answered a similar question here.
I have a website setup, if I load the website with http://www.url.com:443 it works as expected, but if I load https://www.url.com I get a "ERR_CONNECTION_CLOSED" error on Chrome.
I have setup iptables to load port 3000 through both port 80 and 443.
Server is running centos, there is no ssl certificate setup at this stage
You configured the server to listen on port 443 but didn't configure it for SSL traffic. In other words, you merely changed the port from 80 to 443, so it is serving HTTP on port 443.
You say there are no SSL certificates set up. That's the problem. You need to set up certificates (even if only self-signed ones) for HTTPS to work at all. It's the key and certificates from this setup process that tell the server how to encrypt the HTTPS data, and how to identify itself.
This page will help you to set things up properly: https://wiki.centos.org/HowTos/Https
There are many places you can look for advice on creating keys and certs, but the easiest and least expensive options are StartSSL and LetsEncrypt. Both will do this for you at no cost.
https://letsencrypt.org/
https://www.startssl.com/
I have a vps running on ubuntu 12.04 with apache2. My question is, if I am going to install ssl cert and etc. to it am i able to use https directly to my domain? I just add A Record at my domain provider with the VPS IP Address.
Essentially, yes.
Remember to make sure that Apache is listening on https (and it's setup as it should be with the certs and mod_ssl) and if you have a firewall active, the port for https (443) is open.
Otherwise, all you would need to do is add your record to the DNS server.
I am getting started now on adding SSL login pages to my webapp. I am using apache mod_proxy to proxy tomcat.
Some tutorials showed that I need to get an SSL certificate for apache and proxy my login pages to tomcat on port 8443.
Is port 8443 automatically an encrypted SSL port for tomcat? Do I need both an apache certificate and a tomcat certificate?
Andy
As far as the browser is concerned, Apache Httpd will "terminate" the SSL/TLS connection to your web server. Whether the content it serves is in fact coming from Tomcat doesn't matter to the browser. The browser will only see as far as Apache Httpd in that scenario. If it is set up with a certificate recognised by the browser, this is sufficient.
In addition to this, you may want to encrypt the connection between Apache Httpd and Tomcat. This is only really useful if you don't trust the network between the two (rarely useful on the same host, for example). I don't think mod_proxy_ajp supports SSL/TLS, but mod_proxy_http does, in which case you need to configure the SSLProxy* directives (see introduction): Apache Httpd will be a client in that respect, and Tomcat will need to be configured with a certificate in this case.
If you don't need to encrypt the link between Apache Httpd and Tomcat, the easiest is probably to use mod_proxy_http as a reverse proxy to the plain HTTP port of Tomcat (and make sure that port can't be accessed externally, via a firewall for example).