10 Replies Latest reply: Apr 10, 2013 4:17 PM by alvaromiranda RSS

    How to check port used for SSL

    975148
      I have RHEL 5.8 in our production environment. We are using SSL, my query is how to find the port used for SSL. In /etc/services, it shows 443 but when I give

      netstat –tulpn | grep 443

      Or

      netstat –tulp | grep https

      I do not get any output.

      I hope, my question is clear of how to find the port used for SSL.

      Please revert with the reply to my query.

      Regards
        • 1. Re: How to check port used for SSL
          Dude!
          What is your output of the following as root:

          lsof -i TCP:443
          • 2. Re: How to check port used for SSL
            975148
            Thanks for your answer. The output of lsof -i TCP:443 is blank, I mean no output listed.
            • 3. Re: How to check port used for SSL
              Dude!
              It means your are not providing any service that is listening on port 443 and do not have any such outgoing connections either. It is also possible, albeit strange, that you have any SSL service that is not using a standard TCP port. In the later case, you need to know which service or application is providing SSL and check the configuration files to find out what listening port are configured. Oracle application server, for instance, provides $HOME/install/portlist.ini file, which lists the configured ports. Other services, such as apache, have the ports configued in the httpd.conf file.
              • 4. Re: How to check port used for SSL
                975148
                But, SSL configuration would be at the RHEL level. The file should be there on the path /etc/pki/tls/certs. Also, does the /etc/services file contain the default ports or the ports used by the server?
                • 5. Re: How to check port used for SSL
                  Dude!
                  The /etc/services file simply maps port numbers to named services. It's function is similar to /etc/hosts, which maps host names to TCP/IP addresses. An entry in /etc/services however does not mean you are actually providing the service. The directory /etc/pki/tls/certs contains the SSL certificate, which is a file used in the SSL authentication process. None of this means you are actually providing SSL or have any such connection. You may be sitting in your car buckled up with the key in your hand, but you are not necessarily driving ;-)
                  • 6. Re: How to check port used for SSL
                    alvaromiranda
                    What application are you using?

                    EBS? OracleVM? Enterprise Manager? Ops Center? other?

                    Some applications like EBS, are kept as http only, and the https came after with the loadbalancer, so even when you can https://app... is not true that the app it self is doing the https part.

                    If the application use apache or httpd, you can try to search as:

                    ps aux | egrep -i 'httpd|apache'

                    To see if any process is running.

                    Then

                    netstat -anp | egrep -i 'httpd|apache'

                    Should show you what port are being used by those applications.

                    example:



                    [root@mirandaa00 ~]# ps aux | grep http
                    ...
                    apache 6084 0.0 0.0 173532 2276 ? S Apr07 0:00 /usr/sbin/httpd
                    [root@mirandaa00 ~]# netstat -anp | grep htt
                    tcp 0 0 :::80 :::* LISTEN 1885/httpd
                    [root@mirandaa00 ~]#

                    In this case, my machine is not listening on 443, but give you an idea on what to look.

                    Alvaro
                    • 7. Re: How to check port used for SSL
                      975148
                      I am sorry but there does not seem any clarity on how to check the port for SSL.
                      • 8. Re: How to check port used for SSL
                        alvaromiranda
                        first, please tell me what application you are using.

                        second, I think you mean https instead of ssl, and the https of one application can be on any port, usually us 443, not can be any port

                        8001, 7801, 8080, etc

                        So provide more information, and the output of those commands and we can try to help you.

                        but is hard to guess what application are you using here.

                        Alvaro
                        • 9. Re: How to check port used for SSL
                          975148
                          Thanks for your answer. We are using a Java application in our RHEL production server. I checked out the commands you gave,

                          ps aux | egrep -i 'httpd|apache'

                          which has a long listing.

                          But, the output of the netstat command seems very meaningful and is as follows:

                          tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4211/httpd
                          tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 4211/httpd

                          So, are the ports 8080 & 8081 being used? Also, any way in Java to check where these ports are listed.

                          Regards
                          • 10. Re: How to check port used for SSL
                            alvaromiranda
                            Hello,

                            So you have a java application that connect to these web servers?

                            Now with those 2 ports, you can open a browser and point to those ports https://ip:8080 and https://ip:8081, is any of those is https, then you will get some kind of certificate/lock green/red etc

                            As the Java app, You should ask the developers that handle the application.

                            Good luck

                            Alvaro.