[Xitami] Xitami Pro SSL and Thawte Certificates

[Brad Smith]

Sean:

There could be several problems here:

1.  Many cable modem ISP's block the ports below 1024, at which point 
the typical SSL port (443) would be blocked also.  Therefore, you need 
to redirect to a different port.  It is easy!  First you need to change your 
typical port number in the SSL control file (sslhttp.cfs).  The port 
number variable is under the first section labeled [Server].  CHange it to 
anything you would like (for example, 2443).  From now on, instead of 
sending ssl requests to https://www.southbroadwaytropicals.com, you 
would send the requests to https://southbroadwaytropicals.com:2443.

2.  If you want to know for sure that port 443 is blocked, go to 
www.tzo.com and download their app, Port Detective.  It will run through 
all the typical ports and tell you which ones are blocked.

3.  Finally, check the final line of the sslhttp.cfs file, in the section 
labeled [Virtual_hosts].  You must give it the IP addy of your 
connection.  The instructions actually read that you must use actual IP 
addresses; though, I have used domain names (since we have a 
dynamic IP), and have found that it works for us.... though, I have no 
guarantees for anyone else.

Hope this helps.

Sincerely,
Brad Smith, CFO
Social Design Technologies
mata@matatech.tzo.com


On 8 Jun 2002 at 12:05, sbtropicals wrote:

> I am hoping somebody with a bit more knowledge than I have could help
> me past this stumbling block.
> 
> We are building an e-commerce site and I am using Xitami Pro v2.4d10
> (c) on Windows 95. Xitami was very easy for a total beginner to
> install and get running. The system operates properly except now I am
> trying to install CA Certificates from Thawte to provide SSL
> encrytion. The bulk of the html pages are stored on our ISP's servers,
> and cgi-scripts retrieve the shopping cart pages from our local
> server, which is tied into our point of sale software here. Connection
> is made through DSL with a Cisco 675, and we run ZoneAlarm firewall
> protection.
> 
> I believe I have done everything right in terms of paths, placement of
> certificates, etc. But the SSL layer is never getting connected, I
> believe as a result of the error message below from the xitami log
> file. I hate to admit this, but I am in way over my head here!
> 
> 2/06/07 15:24:47: smtssl: preparing for connections on port 443
> 2/06/07 15:24:47: smtssl: ready for SSL connections on port 443
> 2/06/07 15:24:47: smtssl: accepting connections on 65.100.174.89
> 2/06/07 15:24:47: smtssl: accepting connections on 127.0.0.1
> 2/06/07 15:56:09: smtftpc: error on socket 148: WSAENOTCONN
> 
> I am guessing this is a Winsocket error message, but I lack the smarts
> to figure out how to cure it! I have no formal training in this area
> at all!
> 
> Does anybody out there have some time to point me in the right
> direction?
> 
> Thanks for your time! 
> Sean Niland
> 
> 
>