7 Replies Latest reply: May 3, 2013 6:32 AM by Colm Divilly RSS

    Enable SSL / HTTPS, get HTTP error message 403 (forbidden)

    JPL_12
      Hello forummembers,

      I try to enable HTTPS, I have a valid certificate installed, and it works fine when I connect to the server within our company.

      But from outside our company (e.g. sitting in my customers office) I can't get a connection over https (while http is working fine).
      Using Internet Explorer, I get 'Internet Explorer cannot display the webpage', clicking 'Diagnose Connection problems' will give 'Windows received an HTTP error message: 403 (forbidden)'

      Using chrome, I get 'This webpage is not available' with
      'Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.'

      Has anybody an idea how to troubleshoot this?
        • 1. Re: Enable SSL / HTTPS, get HTTP error message 403 (forbidden)
          AndyH
          JP_1442650 wrote:
          Hello forummembers,

          I try to enable HTTPS, I have a valid certificate installed, and it works fine when I connect to the server within our company.

          But from outside our company (e.g. sitting in my customers office) I can't get a connection over https (while http is working fine).
          Using Internet Explorer, I get 'Internet Explorer cannot display the webpage', clicking 'Diagnose Connection problems' will give 'Windows received an HTTP error message: 403 (forbidden)'
          Perhaps you have a company firewall that is blocking incoming HTTPS?
          • 2. Re: Enable SSL / HTTPS, get HTTP error message 403 (forbidden)
            JPL_12
            Hi Andy,

            Thanks for the reply.
            It could be some firewall problem, but HTTPS in general is not blocked.
            E.g I can access Gmail, and also this very forums.oracle.com is https which I can access from my customers office.

            That's why I'm wondering if there's anything wrong with our https setup, what may trigger the firewall.
            I'm running Apex 4.2, with Apex listener 1.4 under Glassfish 3.2.1.
            I have a valid SSL certificate.

            How to test what could be wrong with our server?
            • 3. Re: Enable SSL / HTTPS, get HTTP error message 403 (forbidden)
              Udo
              Hi,
              It could be some firewall problem, but HTTPS in general is not blocked.
              E.g I can access Gmail, and also this very forums.oracle.com is https which I can access from my customers office.
              I think the question was more related to incoming HTTPS connections (port 443 TCP) on the network you've deployed your APEX Listener at. Does your host have a public IP adress at all or is there a NAT rule that forwards incoming connections to your host?

              -Udo
              • 4. Re: Enable SSL / HTTPS, get HTTP error message 403 (forbidden)
                JPL_12
                Hi Udo,

                Thanks for the reply.
                There is NAT from the internet to an internal IP adress to my host.

                Is there something special I should set for port 443?

                My apex login is not using port 443 directly, the address is like
                https://www.server:8199/apex/f?p=119:1

                The strange thing is, that in some places I can connect to our site, but not from everywhere.
                • 5. Re: Enable SSL / HTTPS, get HTTP error message 403 (forbidden)
                  Colm Divilly
                  JP_1442650 wrote:
                  Hi Udo,

                  Thanks for the reply.
                  There is NAT from the internet to an internal IP adress to my host.

                  Is there something special I should set for port 443?

                  My apex login is not using port 443 directly, the address is like
                  https://www.server:8199/apex/f?p=119:1
                  Then I would guess a firewall in the middle is not allowing https over port 8199, it's pretty unusual to see https over anything other than the standard port of 443, try switching to the proper https port of 443, many firewalls are configured to only allow traffic on port 80 (http) and 443 (https).
                  The strange thing is, that in some places I can connect to our site, but not from everywhere.
                  • 6. Re: Enable SSL / HTTPS, get HTTP error message 403 (forbidden)
                    JPL_12
                    I can try the port which is used as standard by Glassfish (8181), I can try 443 as well but I doubt if I can open that port.
                    Even if I can open it, isn't is more vulnerable for hackers then?

                    Thanks.
                    • 7. Re: Enable SSL / HTTPS, get HTTP error message 403 (forbidden)
                      Colm Divilly
                      JP_1442650 wrote:
                      I can try the port which is used as standard by Glassfish (8181), I can try 443 as well but I doubt if I can open that port.
                      Even if I can open it, isn't is more vulnerable for hackers then?

                      Thanks.
                      To stop hackers, firewalls are usually locked down to allow only 80 and 443 as the only open ports. It sounds like you may need to consider seeking advice of someone experienced in configuring public facing HTTPS sites.