Ssl – How to specify the SSL port with command line curl

curlportssl

I'm trying to test the SSL connection on one of my servers. The server is behind a load balancer (LB) so it's listening for SSL connections on the port 8090.

I have use the --resolve option to test when talking to the LB which listens on port 443.

curl --resolve 'myservice.com:443:1.1.1.1' 'https://myservice.com'

but when I do:

curl --resolve 'myservice.com:8090:2.2.2.2' 'https://myservice.com:8090'

curl simply ignores the port and goes with 443. Of-course, this causes the DNS cache to miss and I end-up using the public DNS IP…

* Added myservice.com:8090:2.2.2.2 to DNS cache
* About to connect() to myservice.com port 443 (#0)
*   Trying 3.3.3.3...
* Connected to myservice.com (3.3.3.3) port 443 (#0)

How can I force curl to use the port 8090 for an SSL connection?

Thanks.

Best Answer

Tested with curl 7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3, the --resolve header works as expected with https and a non-standard port specified in both places.

Related Solutions

Ubuntu – SSL site not using the correct IP in Apache and Ubuntu

I've set this on on my servers by adjusting the /etc/apache2/ports.conf file as follows:

<IfModule mod_ssl.c>
NameVirtualHost *:443
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    NameVirtualHost *:443
    Listen 443
</IfModule>

You should then be able to use by editing /etc/apache2/sites-enabled/mysite.com (some code omitted to shorten the example):

<VirtualHost *:443>
     ServerName mysite1.com
     SSLCertificateFile    /etc/ssl/localcerts/www.mysite1.com.crt
     SSLCertificateKeyFile /etc/ssl/localcerts/www.mysite1.com.pem
</VirtualHost>

<VirtualHost *:443>
    ServerName mysite2.com
    SSLCertificateFile    /etc/ssl/localcerts/www.mysite2.com.crt
    SSLCertificateKeyFile /etc/ssl/localcerts/www.mysite2.com.pem
</VirtualHost>

For as many vhosts as you like.

Edit: NEED A SECOND OPINION? GO HERE: http://forum.slicehost.com/comments.php?DiscussionID=3244

Ubuntu – Multiple SSL websites on the same Apache server

You're on the right track here. Basically you must have a singular IP address per SSL website you plan on hosting for. The reasoning for this is that the SSL handshake is performed first and knows nothing of the domain name you're trying to connect too. Only after the SSL handshake is performed will the HTTP request be transmitted to the server.

My suggestion would be to go to a more basic setup & enable one SSL virtualhost per domain with a corresponding IP address.

Best Answer

Related Solutions

Ubuntu – SSL site not using the correct IP in Apache and Ubuntu

Ubuntu – Multiple SSL websites on the same Apache server

Related Topic