I know that if port 443 is open that means the remote host supports the secure protocol https that encrypts the traffic, and therefore, the remote host has private and public key pairs.
But my question is: If I knew that port 443 for a remote host is open, does this definitely means the remote host has a certificate ? Is it possible that there is a remote host which has private/public key pairs without certificate at all ??
I can run whatever I want on port 443. I can run on it also http (withous 's').
So, the answer is no! It doesn't means that that host has a certificate. Not even a public/private key system.
Related
the Terminal just says:
ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection timed out
Here are the firewall rules.
I can't ssh into the VM so I cant change the firewall rules on the VM
Please Help.
First, double-check your IP address: it must match your Oracle Virtual Cloud Public IP Address, assuming it is a reserved one (meaning it is a fixed one)
Second, check your local firewall: you cannot change the remote ones, but the local rules might still block your SSH traffic.
As mentioned here:
ust by opening the port through firewall and security lists will not allow new incoming connections. Ex: unless there is a service listening on port 443 (Tomcat etc), you will be unable to connect. Same with SSH daemon for port 22.
So make sure the SSH daemon is up and running.
Check also Default Security List
Unlike other security lists, the default security list comes with an initial set of stateful rules, which should in most cases be changed to only allow inbound traffic from authorized subnets relevant to the region that homes that VCN or subnet.
A list of authorized subnet ranges relevant to each region can be found here .
In particular:
Stateful ingress: Allow TCP traffic on destination port 22 (SSH) from authorized source IP addresses and any source port.
This rule makes it easy for you to create a new cloud network and public subnet, launch a Linux instance, and then immediately use SSH to connect to that instance without needing to write any security list rules yourself.
You can mount your machine drive to some other machine, edit sshd config and mount it back.
That helped me :D
See this ref: https://blogs.oracle.com/cloud-infrastructure/post/recovering-opc-user-ssh-key-on-oracle-cloud-infrastructure
how can i use the external ip of my centos7 instance with https, like for example https://external_ip to open an application like https://external_ip:Port/my_application
Generate a self-sign certificate using openssl.
Check this out here:
https://stackoverflow.com/a/10176685/9662626
Open a https port on your webserver. Set the certificate in the config (I can't be specific here because I don't know about your operating system and your choice of web server). Finally setup a reverse proxy to proxy the web server port to your app port.
There is a machine (let's call it Machine) with a hostname in my local network. If I go to abc.def.com, my DNS service resolves Machine's external IP and connects me successfully with https://. I've added a hosts file entry so that local.abc.def.com resolves to Machine's local, internal IP.
However, using https://local.abc.def.com breaks everything. I get ERR_CONNECTION_REFUSED in Chrome and This page can't be displayed in Internet Explorer. If I replace https:// with http://, it works again. What's going on?
I assume, for your abc.def.com machine you have https redirect configured with 443 port as well.
Based on description above your application/web server you are using
is not listening port 443 or there is a firewall rejecting your connection.
After reading the documentation, I thought this would be easy and straight forward but it's not working at all.
I have generated a 2048-bit key and self-signed it. They are in the locations that hue.ini is pointing to:
# Filename of SSL Certificate
ssl_certificate=/etc/hue/certs/cert/server.crt
# Filename of SSL RSA Private Key
ssl_private_key=/etc/hue/certs/key/server.key
# Webserver listens on this address and port
http_host=0.0.0.0
http_port=8082
So when I /etc/init.d/hue restart, the service appears to start fine. I cannot browse over http or https to the hue URL.
When I comment out the key and cert line and restart, I can browse hue on http port 8082 just fine.
Do I need to change http_port to 443? I tried that with no luck. I also tried to browse https://secret.url:8082 with no luck.
I have opened port 443 and 8082 in iptables for https and http respectively. I can see the packet count go up when I fail the test. So the network firewall appears to be open on the right ports.
I seem to be missing something. Any help is greatly appreciated.
Thank you.
I figured it out. The certificate needs the CN for the domain name, of course. I found a one-liner to self-sign a cert with CN added in.
It's in the comments of this post: https://major.io/2007/08/02/generate-self-signed-certificate-and-key-in-one-line/#comment-1937883918
I have run into an issue when enabling https on a server that hosts many sites. I have only enabled https for one site (site1.com), but when a user tries to browse to site2.com which doesn't have https enabled, if they try to get to https://www.site2.com, it redirects to https://www.site1.com. Can I prevent this from happening?
You will need two IPs for that and host one site with a different IP.
The 'problem' is that SSL connection is established on IP basis through TCP before the HTTP Server gets the Request, which is then already encrypted. Since your SSL port is linked to site1 this site will be served.
If your DNS A-Records point to the same IP then the only way i see you could do this is either use two IPs or enter the URL of site2 with http://site2.com (explicitly without HTTPS). In that case the connection would be opened unencrypted on Port 80.
Setup two IPs use HTTPS for one and not the other.