RE: Apache w/ HTTPS - connection problems
Title: RE: Apache w/ HTTPS - connection problems Well, now you need to open the SSL port, 443. If your goal is to allow only SSL access inside the firewall you will need to close port 80 from S1 to S2. -Original Message- From: Shiv Kumar [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 11:25 AM To: [EMAIL PROTECTED] Subject: Re: Apache w/ HTTPS - connection problems Hi all again, While this problem was solved (the Apache on S2 was not listening to port 80!), I have another problem :( The Servlet on S1 is invoked as https://S1/MyServlet/MyAction?myParam=1. The doGet() method of the servlet opens an URLConnection to http://S2/cgi-bin/mycgi.exe?myParam=1. The CGI may return a HTML page or PDF document based on myParam. The following observations are made : When the servlet on S2 tries to get a HTML page returned by the CGI program on S2, it works fine. When it tries to get a PDF document from S2, the following happens :- 1. On IE, with Acrobat Web Integration On, it says Internet Explorer cannot download https://S1/MyServlet/MyAction?myParam=1 from myserver.domain.com. Internet Explorer was not able to open this internet site. The requested site is either unavailable or can not be found. Please try again later. 2. On IE, with Acrobat Web Integration Off, it behaves the same was as in #1. 3. On Netscape, with Acrobat Web Integration On, it displays a blank page. On the servlet side I could notice that the doGet() method is called twice !! 4. On Netscape, with Acrobat Web Integration off, it successfully opens the PDF file :) Netscape - verson 4.74 IE - version 5.50.4522.1800 As I noted in my earlier mail, everything works fine if connection to S1 is HTTP instead of HTTPS. Thanks for any help. -- shiv [EMAIL PROTECTED] Shiv Kumar wrote: Hi all This is a problem Im facing with Apache + Mod_SSL (for HTTPS). Consider this scenario : |-| |-| +-+ |-| +-+ | A | T | |-| | A | | | p | o | |-| | p | C | HTTPS | a | m | |-| HTTP | a | G | ---| c | c |--|-|--| c | I | | h | a | |-| | h | | | e | t | |-| | e | | +-+ |-| +-+ |-| S1 |-| S2 |-| Firewall When the servlet on S1 tries the following : URL url = new URL(http://S2/cgi-bin/mycgi.exe); URLConnection conn = url.openConnection(); InputStream in = conn.getInputStream(); FAILS HERE The exception is : java.net.ConnectException: Connection refused: no further information at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:312) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:125) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:112) at java.net.Socket.init(Socket.java:273) at java.net.Socket.init(Socket.java:100) at sun.net.NetworkClient.doConnect(NetworkClient.java:50) at sun.net.www.http.HttpClient.openServer(HttpClient.java:331) at sun.net.www.http.HttpClient.openServer(HttpClient.java:517) at sun.net.www.http.HttpClient.init(HttpClient.java:267) at sun.net.www.http.HttpClient.init(HttpClient.java:277) at sun.net.www.http.HttpClient.New(HttpClient.java:289) at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection .java:379) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon nection.java:472) This used to work before introducing SSL module on Apache running on S1 (i.e. when it was HTTP everywhere). Any idea of whats going wrong? Thanks. -- shiv [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Re: Apache w/ HTTPS - connection problems
Hi all again, While this problem was solved (the Apache on S2 was not listening to port 80!), I have another problem :( The Servlet on S1 is invoked as https://S1/MyServlet/MyAction?myParam=1. The doGet() method of the servlet opens an URLConnection to http://S2/cgi-bin/mycgi.exe?myParam=1. The CGI may return a HTML page or PDF document based on myParam. The following observations are made : When the servlet on S2 tries to get a HTML page returned by the CGI program on S2, it works fine. When it tries to get a PDF document from S2, the following happens :- 1. On IE, with Acrobat Web Integration On, it says Internet Explorer cannot download https://S1/MyServlet/MyAction?myParam=1 from myserver.domain.com. Internet Explorer was not able to open this internet site. The requested site is either unavailable or can not be found. Please try again later. 2. On IE, with Acrobat Web Integration Off, it behaves the same was as in #1. 3. On Netscape, with Acrobat Web Integration On, it displays a blank page. On the servlet side I could notice that the doGet() method is called twice !! 4. On Netscape, with Acrobat Web Integration off, it successfully opens the PDF file :) Netscape - verson 4.74 IE - version 5.50.4522.1800 As I noted in my earlier mail, everything works fine if connection to S1 is HTTP instead of HTTPS. Thanks for any help. -- shiv [EMAIL PROTECTED] Shiv Kumar wrote: Hi all This is a problem Im facing with Apache + Mod_SSL (for HTTPS). Consider this scenario : |-| |-| +-+ |-| +-+ | A | T | |-| | A || | p | o | |-| | p | C | HTTPS | a | m | |-| HTTP | a | G | ---| c | c |--|-|--| c | I | | h | a | |-| | h || | e | t | |-| | e || +-+ |-| +-+ |-| S1 |-| S2 |-| Firewall When the servlet on S1 tries the following : URL url = new URL(http://S2/cgi-bin/mycgi.exe;); URLConnection conn = url.openConnection(); InputStream in = conn.getInputStream(); FAILS HERE The exception is : java.net.ConnectException: Connection refused: no further information at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:312) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:125) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:112) at java.net.Socket.init(Socket.java:273) at java.net.Socket.init(Socket.java:100) at sun.net.NetworkClient.doConnect(NetworkClient.java:50) at sun.net.www.http.HttpClient.openServer(HttpClient.java:331) at sun.net.www.http.HttpClient.openServer(HttpClient.java:517) at sun.net.www.http.HttpClient.init(HttpClient.java:267) at sun.net.www.http.HttpClient.init(HttpClient.java:277) at sun.net.www.http.HttpClient.New(HttpClient.java:289) at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection .java:379) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon nection.java:472) This used to work before introducing SSL module on Apache running on S1 (i.e. when it was HTTP everywhere). Any idea of whats going wrong? Thanks. -- shiv [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Re: Apache w/ HTTPS - connection problems
On Mon, 21 May 2001, Shiv Kumar wrote: Hi all This is a problem Im facing with Apache + Mod_SSL (for HTTPS). Consider this scenario : |-| |-| +-+ |-| +-+ | A | T | |-| | A || | p | o | |-| | p | C | HTTPS | a | m | |-| HTTP | a | G | ---| c | c |--|-|--| c | I | | h | a | |-| | h || | e | t | |-| | e || +-+ |-| +-+ |-| S1 |-| S2 |-| Firewall When the servlet on S1 tries the following : URL url = new URL(http://S2/cgi-bin/mycgi.exe;); URLConnection conn = url.openConnection(); InputStream in = conn.getInputStream(); FAILS HERE [ ... ] This used to work before introducing SSL module on Apache running on S1 (i.e. when it was HTTP everywhere). Any idea of whats going wrong? Thanks. I can't really help you, I just wanted to compliment you on the beautiful diagram :-). (Oh, perhaps one thing to check, make sure it's not trying to use https for that connection. Not sure why it would, but who knows. Is it possible to check the firewall logs to see if there's any activity on the 443 (or some other) port?) Milt Epstein Research Programmer Software/Systems Development Group Computing and Communications Services Office (CCSO) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED]
Re: Apache w/ HTTPS - connection problems
I guest but I'm not sure that you must do it the same way you do for a normal connection: I meant: virtual_host: 443 ApJServMount /*.jsp localhost:8007/ ... ... /virtual_host And in the server.xml don't use SSL...use it through apache... Guido. - Original Message - From: Shiv Kumar [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 21, 2001 6:58 PM Subject: Apache w/ HTTPS - connection problems Hi all This is a problem Im facing with Apache + Mod_SSL (for HTTPS). Consider this scenario : |-| |-| +-+ |-| +-+ | A | T | |-| | A || | p | o | |-| | p | C | HTTPS | a | m | |-| HTTP | a | G | ---| c | c |--|-|--| c | I | | h | a | |-| | h || | e | t | |-| | e || +-+ |-| +-+ |-| S1 |-| S2 |-| Firewall When the servlet on S1 tries the following : URL url = new URL(http://S2/cgi-bin/mycgi.exe;); URLConnection conn = url.openConnection(); InputStream in = conn.getInputStream(); FAILS HERE The exception is : java.net.ConnectException: Connection refused: no further information at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:312) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:125) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:112) at java.net.Socket.init(Socket.java:273) at java.net.Socket.init(Socket.java:100) at sun.net.NetworkClient.doConnect(NetworkClient.java:50) at sun.net.www.http.HttpClient.openServer(HttpClient.java:331) at sun.net.www.http.HttpClient.openServer(HttpClient.java:517) at sun.net.www.http.HttpClient.init(HttpClient.java:267) at sun.net.www.http.HttpClient.init(HttpClient.java:277) at sun.net.www.http.HttpClient.New(HttpClient.java:289) at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection .java:379) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon nection.java:472) This used to work before introducing SSL module on Apache running on S1 (i.e. when it was HTTP everywhere). Any idea of whats going wrong? Thanks. -- shiv [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com