> Date: Sunday, June 24, 2018 14:22:10 +0000 > From: Richard <lists-apache@xxxxxxxxxxxxxxxxxxxxx> > >> Date: Saturday, June 23, 2018 17:09:41 +0000 >> From: Mahmood Naderan <nt_mahmood@xxxxxxxxx.INVALID> >> >>> Try "openssl s_client -debug -connect host:port" to see if your >>> machine can contact the server at all. >> Should I run that on my laptop (the remote machine) or the server? >> >> >>> You should try to telnet to port 443 from a) the localhost >> >> The output seems to be fine >> mahmood@ce:~$ telnet localhost 443 >> Trying ::1... >> Connected to localhost. >> Escape character is '^]'. >> ^] >> telnet> >> >>> Note, from your output it looks like you only have this (only) >>> configured for ipv6, which constrains what is and isn't going to >>> work. You're going to need to understand whether the telnet test >>> above is being done from ipv4 or v6 in order to interpret the >>> results. >> >> Where do you mean? I have no problem with removing ipv6. >> >> What I have done already is to test one of the websites (and not a >> subdomain) with https. I mean if you consider the main url as >> http://myuni.com then http://myuni.com/shb works fine. What I have >> done is that I have created an entry in default-ssl.conf for >> /var/www/html/shb. Therefore, I want to test https://myuni.com/shb >> Does that matter? >> > > To get this to work: > > > Therefore, I want to test https://myuni.com/shb > > Does that matter? > > you need to have https/port 443 configured correctly and open > (including through firewalls) to whatever networks you want to give > it access from (localhost, internal, external). > > Your telnet test shows you successfully connecting -- via ipv6 > (Trying ::1...) -- to port 443 on the local machine. You need to > continue testing the "b" and "c" options from my earlier message: > > > b) a machine on the same network, c) a machine on a different > > (ideally external) network > > if you want clients to be able to connect from "b" internal networks > and/or "c" external networks. > > As noted earlier, your netstat output is only showing ipv6 for port > 443. That may be what you want, but generally isn't sufficient for > full external client access. If you need ipv4 too you'll need to > configure things appropriately -- that's a host networking, not > apache/httpd, issue. > > By the way, the "s_client" test that was suggested is useful, but I > think is harder to get the different types of server side responses > from than a simple telnet. If the port is open but it's potentially > a security protocol/certificate issue, then s_client is the right > tool. Trying to debug your current issue with a browser is almost > useless. > A clarification, the last part of this line: > If you need ipv4 too you'll need to configure things > appropriately -- that's a host networking, not > apache/httpd, issue. is imprecise. See: <https://httpd.apache.org/docs/2.4/bind.html> for more detail on ipv4/ipv6 bindings. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx