keitharis
asked on
Making a SSL connection to coldfusion port: 8500 on a Linux Red Hat ES v3 server
I have a confusing problem with trying to connect to my Secure Server.
I have everything completed to allow SSL connections (only) installed on my Apache web server 2.0.
My OS is Red Hat Linux ES Server. (https://myservername.com)
My secure site is running fine I can conect using https:// only. When I use http:// cannont connect directly to my web server web site name. (I will be directed to a page in my html directory that I have set to instruct users to use https:// on the secure server to connect.
Problem is.
I cannot connect to my coldfusion server pages using https:// only http://
If I try:
https:/www.myservername:8500/CFIDE/administrator
I cannot connect to my cold fusion server.
If I try:
http://www.myservername:8500/administrator
I will connect just fine.
When I add:
Listen 0.0.0.0:8500
to my ssl.conf file I get an error message when I restart Apache stating that
Apache cannot bind to port 8500.
Can someone help me solve this problem.
I do configure apache2.0 with a SSL module in the conf.d directory.
Thank you in Advance.
Keith Henriques
I have everything completed to allow SSL connections (only) installed on my Apache web server 2.0.
My OS is Red Hat Linux ES Server. (https://myservername.com)
My secure site is running fine I can conect using https:// only. When I use http:// cannont connect directly to my web server web site name. (I will be directed to a page in my html directory that I have set to instruct users to use https:// on the secure server to connect.
Problem is.
I cannot connect to my coldfusion server pages using https:// only http://
If I try:
https:/www.myservername:8500/CFIDE/administrator
I cannot connect to my cold fusion server.
If I try:
http://www.myservername:8500/administrator
I will connect just fine.
When I add:
Listen 0.0.0.0:8500
to my ssl.conf file I get an error message when I restart Apache stating that
Apache cannot bind to port 8500.
Can someone help me solve this problem.
I do configure apache2.0 with a SSL module in the conf.d directory.
Thank you in Advance.
Keith Henriques
ASKER
Hello chutz:
I had not thought of that as an issue but you could be right. When I configured my SSl server to connect to port 8500 in the Virtual host
section of ssl.conf my coldfusionsever ceased to function. My SSL Apache server would also not work proberly.
I had to put my web server back to 443 and reboot the server in order to get coldfusion server to function again.
It may be that coldfusion will not accept SSL. It may be as simple as two servers not being able to run on the same port at the same time.
How does Apache SSL accept connections on multiple ports normally. I would appreciate any ideas you have regarding this.
I wonder if coldfusion being a server can accept SSL connections?
Keith Henriques
I had not thought of that as an issue but you could be right. When I configured my SSl server to connect to port 8500 in the Virtual host
section of ssl.conf my coldfusionsever ceased to function. My SSL Apache server would also not work proberly.
I had to put my web server back to 443 and reboot the server in order to get coldfusion server to function again.
It may be that coldfusion will not accept SSL. It may be as simple as two servers not being able to run on the same port at the same time.
How does Apache SSL accept connections on multiple ports normally. I would appreciate any ideas you have regarding this.
I wonder if coldfusion being a server can accept SSL connections?
Keith Henriques
I had problems installing the trial version of coldfusion, so I couldn't take a look at it myself.
With apache, you can simply list all the ports in the configuration files. I.e. you can add another "Listen" directive, and it will listen on another port. For example:
Listen 10.0.0.8:80
Listen 10.0.0.9:81
Since the SSL negotiation on https:// connections is done at connection time, it is unlikely that if a server supports normal http:// on a given port, it will also support https:// on the same port.
As a workaround (until you figure how to configure CF), I can recommend the ucspi-tcp and ucspi-proxy software. You can download the ucspi-tcp package from http://cr.yp.to/ucspi-tcp.html . Get the SSL patch for it from http://www.nrg4u.com/qmail/ucspi-tcp-ssl-20020705.patch.gz
Compile and install. Then also install ucspi-proxy from http://untroubled.org/ucspi-proxy/
You can then use the new package to listen on an SSL port and forward connections to your unencrypted server like this:
tcpserver -s -n "key_and_cert_file.pem" myservername.com 8501 tcpclient myservername.com 8500 ucspi-proxy
The only downside is that all connections to your CF will appear to originate from the computer where ucspi-proxy is listening (possibly localhost).
With apache, you can simply list all the ports in the configuration files. I.e. you can add another "Listen" directive, and it will listen on another port. For example:
Listen 10.0.0.8:80
Listen 10.0.0.9:81
Since the SSL negotiation on https:// connections is done at connection time, it is unlikely that if a server supports normal http:// on a given port, it will also support https:// on the same port.
As a workaround (until you figure how to configure CF), I can recommend the ucspi-tcp and ucspi-proxy software. You can download the ucspi-tcp package from http://cr.yp.to/ucspi-tcp.html . Get the SSL patch for it from http://www.nrg4u.com/qmail/ucspi-tcp-ssl-20020705.patch.gz
Compile and install. Then also install ucspi-proxy from http://untroubled.org/ucspi-proxy/
You can then use the new package to listen on an SSL port and forward connections to your unencrypted server like this:
tcpserver -s -n "key_and_cert_file.pem" myservername.com 8501 tcpclient myservername.com 8500 ucspi-proxy
The only downside is that all connections to your CF will appear to originate from the computer where ucspi-proxy is listening (possibly localhost).
ASKER
Hello chutz:
when I add another Listen to my ssl.conf file in mod.ssl in the conf.d directory
I cannot start Apache and get a warning that port 8500 is already in use.
I have Listen in my httpd.conf file as:
Listen 0.0.0.0:80
this directs users to a welcome page I have created in my html directory linking them to
https://myserver.org
root file directory is /var/www/html
my server cannot now be used as a non SSL (https://) server. (No pages can be accessed in an insecure manner except the coldfusion
server on port 8500 and all .cfm pages.
I think the workaround you demonstrated may work temporarily but it will be easier for me to use php forms to access and enter data in the mysql data base
I am currently using with coldfusion on my server.
I think coldfusionmx will accept SSL (https://) connections. I must have something configured wrong in ether coldfusionmx or Apache 2.xx
using mod.ssl on a Red Hat ES Server. It is likely something simple that I am missing.
Thank you again in advance.
Keith Henriques
when I add another Listen to my ssl.conf file in mod.ssl in the conf.d directory
I cannot start Apache and get a warning that port 8500 is already in use.
I have Listen in my httpd.conf file as:
Listen 0.0.0.0:80
this directs users to a welcome page I have created in my html directory linking them to
https://myserver.org
root file directory is /var/www/html
my server cannot now be used as a non SSL (https://) server. (No pages can be accessed in an insecure manner except the coldfusion
server on port 8500 and all .cfm pages.
I think the workaround you demonstrated may work temporarily but it will be easier for me to use php forms to access and enter data in the mysql data base
I am currently using with coldfusion on my server.
I think coldfusionmx will accept SSL (https://) connections. I must have something configured wrong in ether coldfusionmx or Apache 2.xx
using mod.ssl on a Red Hat ES Server. It is likely something simple that I am missing.
Thank you again in advance.
Keith Henriques
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you!
I am now trying to learn how to configure my coldfusion server to accept SSL connections or find a
way to use my Apache server with coldfusion
Thank You.
Keith Henrques
I am now trying to learn how to configure my coldfusion server to accept SSL connections or find a
way to use my Apache server with coldfusion
Thank You.
Keith Henrques
Apache cannot bind to port 8500, because the CF server is already binding to that port. Try to look into the configuration of the CF server.