How do I Open/Allow HTTPS ports on Cisco Pix 501

can you post your config.  usually from default config it should work.  but it depends on the dhcp settings for DNS you use to.  once you post your config, i can tell you if the config is right or not though.

access-list inside_access_in (or whatever your inside access-list name is) extended permit tcp <inside_net> 255.255.255.0 any eq https

You also might want to think about creating object-groups that has a list of globally allowed ports to be accessed from the inside.  That will cut down in the number of ACLs you have.

Here is my config, The HTTPS has been able to connect on a few sites but takes well over 5 minutes to load.
My public IP has been Starred for security


Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password pniICNaKuLDeJNlq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname rmapfw
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 20
fixup protocol ftp 21
fixup protocol ftp 443
fixup protocol ftp 444
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol http 440-444
fixup protocol http 8080
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.0.10 Server
name 192.168.0.3 WiFi
name 166.70.131.3 ConscriptionVectra
object-group network Test
  network-object Server 255.255.255.255
  network-object WiFi 255.255.255.255
  network-object 192.168.0.1 255.255.255.255
  network-object 192.168.0.2 255.255.255.255
object-group service TheONe tcp-udp
  port-object range www 90
  port-object eq 4125
  port-object range 440 445
  port-object range 20 21
  port-object eq www
object-group service Vectra tcp-udp
  port-object eq 1433
  port-object eq 21
  port-object eq www
  port-object eq 443
access-list outside_access_in permit tcp any any eq smtp
access-list outside_access_in permit tcp any any eq ftp
access-list outside_access_in permit tcp any any eq https
access-list outside_access_in permit tcp any any eq 990
access-list outside_access_in permit tcp any any eq 444
access-list outside_access_in permit tcp any any eq ssh
access-list outside_access_in permit udp any any eq www
access-list outside_access_in permit tcp host ConscriptionVectra any object-group Vectra
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside **.145.**.** 255.255.255.252
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.0.2 255.255.255.255 inside
pdm location 192.168.1.0 255.255.255.0 inside
pdm location Server 255.255.255.255 inside
pdm location WiFi 255.255.255.255 inside
pdm location ConscriptionVectra 255.255.255.255 outside
pdm group Test inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (inside) 1 192.168.0.2-Server
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface ftp Server ftp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https Server https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 990 Server 990 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 444 Server 444 netmask 255.255.255.255 0 0
static (inside,outside) udp interface www Server www netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 **.145.**.** 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.0.2 255.255.255.255 inside
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.0.2-192.168.0.5 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:3955d124cf21579544fa300a5719f84a
: end
[OK]

just for clarification are you talking about internal people going to https sites? or external people going to your https server?

According to the acls the traffic is definitely allowed, so I'd be betting on layer 1 or 2 issues.  when you run a 'sh int' do you see any interfaces where there are errors?

Internal People going to HTTPS sites.

Don't see any errors, here's the result

Result of firewall command: "sh int"
 
interface ethernet0 "outside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 001e.f7c5.02e0
  IP address **.145.**.**, subnet mask 255.255.255.252
  MTU 1500 bytes, BW 100000 Kbit full duplex
      1094565 packets input, 1139115562 bytes, 0 no buffer
      Received 25233 broadcasts, 0 runts, 0 giants
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
      763278 packets output, 135119375 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collisions, 0 deferred
      0 lost carrier, 0 no carrier
      input queue (curr/max blocks): hardware (128/128) software (0/38)
      output queue (curr/max blocks): hardware (0/19) software (0/1)
interface ethernet1 "inside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 001e.f7c5.02e1
  IP address 192.168.0.1, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 100000 Kbit full duplex
      861978 packets input, 175552689 bytes, 0 no buffer
      Received 37289 broadcasts, 0 runts, 0 giants
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
      1068554 packets output, 1145263791 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collisions, 0 deferred
      0 lost carrier, 0 no carrier
      input queue (curr/max blocks): hardware (128/128) software (0/41)
      output queue (curr/max blocks): hardware (5/71) software (0/1)

Everything worked prior to replacing a Netgear firewall with this PIX 501.

Thanks Cyclops! That did it! were there anyother fixups that shouldn't be in there?

personally, I'd also get rid of the following

fixup protocol ftp 444
fixup protocol http 440-444


for one they overlap, and cover ports that don't typically match up with those protocols.  Beyond that I'm thinking it should be good.