Wednesday, January 20, 2010

Testing the Server





Testing the
Server



Now we're ready to take the server for a test
drive. First we start up the server for both normal and SSL Web traffic:



# /usr/local/apache/bin/apachectl startssl


You should see a message like this:



apachectl startssl: httpd started


If you don't, something happened that
prevented the server from properly starting. The best place to look to help
diagnose what is wrong is the error log file, in ../logs/error_log.



Now look to see if you have two new ports
listening, ports 80/TCP and 443/TCP. We will use the netstat command to look
for them:



# netstat -na | grep LISTEN
 
tcp������� 0����� 0 0.0.0.0:80������������� 0.0.0.0:*������������� LISTEN
lang=EN-GB>tcp������� 0����� 0 0.0.0.0:443������������ 0.0.0.0:*���������� ���LISTEN


Sure enough, we have two listening sockets,
on ports 80 and 443 TCP ports. These correspond to the normal and SSL traffic
for the server, respectively.



And now we will connect to our server and
test out the secure Web-mail connection. Fire up a browser like Netscape or
Internet Explorer (if you are on a Windows machine) and point it to your Web
server. In our example the machine's name is friend.dsl.isp.com,
so the secure Aeromail site would have the URL https://friend.dsl.isp.com/aeromail/.



The first thing you should go through is the
acceptance of the certificate. For Netscape, it's a several-stage process,
illustrated next.



First, we are presented with a popup window
noting that the site uses encryption but Netscape doesn't recognize the signing
authority (remember, we didn't have a big name sign above it). Use class=docemphasis1>Next
to move on in the process (lang=EN-GB style='color:#003399'>Figure 8-1).



lang=EN-GB style='font-size:10.5pt;font-family:Arial'>Figure 8-1. style='font-size:10.5pt;font-family:Arial'>Netscape�cert2.




Second, it tells us a little bit about the
certificate. If you click the More Info button
(
lang=EN-GB style='color:#003399'>Figure 8-2) we can
view more information, and Next will continue
in the process.



style='font-size:10.5pt;font-family:Arial'>Figure 8-2. Netscape�cert3.




Now we can choose to accept this certificate or not, and for
how long. I usually choose to accept the certificate until it expires (style='color:#003399'>Figure 8-3) and then click class=docemphasis1>Next.



style='font-size:10.5pt;font-family:Arial'>Figure 8-3. Netscape�cert4.




Then it offers you the chance of alerting you whenever you
submit information (style='color:#003399'>Figure 8-4). This can be useful, but with
Web-mail it can also be extremely annoying. I usually ignore the warnings and
don't let them pop up, and I click Next to
continue the process.



style='font-size:10.5pt;font-family:Arial'>Figure 8-4. Netscape�cert5.




Now we can finish the process by clicking class=docemphasis1>Finish (style='color:#003399'>Figure 8-5).



style='font-size:10.5pt;font-family:Arial'>Figure 8-5. Netscape�cert6.




I often get the popup shown in style='color:#003399'>Figure 8-6, since the site name that is on the
certificate and the one that I am actually connecting to don't match (I'm not
running a real Internet server here). I just click Continue
and accept the certificate.



style='font-size:10.5pt;font-family:Arial'>Figure 8-6. Netscape�cert7.




We know we have a secure connection because of three things:
We have a URL that starts with https:// rather
than http:// (style='color:#003399'>Figure 8-7). And we have two indicators in the
browser that the connection is secure: The button bar at the top has a
highlighted security lock (style='color:#003399'>Figure 8-8), and the lock in the bottom left
of the browser is closed and highlighted (style='color:#003399'>Figure 8-9).



style='font-size:10.5pt;font-family:Arial'>Figure 8-7. Secure�2.




style='font-size:10.5pt;font-family:Arial'>Figure 8-8. Secure�1.




style='font-size:10.5pt;font-family:Arial'>Figure 8-9. Secure�3.




Should the preceding not have occurred, you
need to diagnose the problem and try to remedy it. You can look in several
places. First, make sure you are listening on both ports 80/TCP and 443/TCP for
normal and SSL Web connections. Second, make sure that the SSL engine is turned
on in the directives for the Web server. Otherwise you'll never complete a
connection with the server�your browser will just hang. Last, make sure you are
indeed connecting. Use netstat on the server to show that you are connecting to
the server, and check the logs from Apache, both the access_log
file and the error_log file, for any entries. The
SSL server is pretty verbose about what went wrong, and the mod_ssl
documentation is also very good at helping diagnose a problem.



You can test your PHP4 installation with a
simple PHP file. Simply create the file test.php
in your htdocs/ directory for your Web server
with the following very simple content:



<?php phpinfo() ?>


This will show you all of the information
about your PHP installation if it comes up. Make sure that you have IMAP
support, for one, or your Web-mail solution just won't work. If you get
prompted to download the file, make sure you added the earlier directives for
PHP files to the server configuration file, httpd.conf.
When in doubt, check the documentation for each of the components, Apache,
mod_ssl, and PHP, for chances are you have encountered a common problem.



 





No comments: