amazon ec2 port 443 not open

3
votes

I have an amazon EC2 amzn-ami-hvm-2014.09.2.x86_64-ebs instance running and port 443 does not seem to be open, even though I have added it to the instance's security group, both inbound and outbound settings:

enter image description here

I have run netstat on the EC2 instance and port 443 is not listed:

$ sudo netstat -nupt -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      2595/java           
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2061/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2103/sendmail       
tcp        0      0 127.0.0.1:8005              0.0.0.0:*                   LISTEN      2595/java           
tcp        0      0 0.0.0.0:8009                0.0.0.0:*                   LISTEN      2595/java           
tcp        0      0 :::22                       :::*                        LISTEN      2061/sshd           
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1868/dhclient       
udp        0      0 172.31.40.1:123             0.0.0.0:*                               2080/ntpd           
udp        0      0 127.0.0.1:123               0.0.0.0:*                               2080/ntpd           
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               2080/ntpd

How can I open the port 443? port 80 is working fine.

EDIT: more info added

I'm running a web app on tomcat 8. When entering the ip address on the internet browser, it is successfully redirecting to https. But the page does not display.

On my apache8/conf/server.xml file I have:

<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />

and 

 <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

It works fine on my development machine, successfully redirecting to port 443.

Thanks in advance, Lucas

2
amazon-web-serviceshttpsamazon-ec2tomcat8

2 Answers

6
votes

You need to configure apache(if you are running apache or the webserver you are using) to start using port 443. If you are using ubuntu you need to execute the following

sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart
2
votes

Thank you, Dimos Karagiannis for your answer.

I am working with tomcat8 and I totally forgot to set up Tomcat SSL configuration as stated on Tomcat's well documented page.

It was one of those things that I tried everything, except for the one thing I had done numerous times in the past.

To test that SSL was working, I quickly generated a keystore file (linux):

sslKeys]$ sudo keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
Enter keystore password:changeit  
Re-enter new password:changeit

After having generated the keystore, I just referenced it from tomcat8/conf/server.xml file:

<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
                teystoreFile="/pathTosslKeys/tomcat.keystore"
                password="changeit" />

That worked. This is only a temporary thing. I need to add a properly generated ssl cert.

I am a numpty!