Overview
This guide verifies that your Virtru Private Keystore deployment for Virtru Solutions is properly configured to allow secure inbound HTTPS connectivity. These connectivity checks ensure the key wrapping/unwrapping process, API communication, and email encryption/decryption are functional. The connectivity check is performed on the Private Keystore server. Proceed with the steps below:
1️⃣ Netcat Installation
Use Netcat (nc) to test connectivity.
RHEL / CentOS / Rocky / AlmaLinux:
sudo yum install -y nc # or sudo dnf install -y nc
Ubuntu / Debian:
sudo apt update sudo apt install -y netcat # or for enhanced features: sudo apt install -y netcat-openbsd
Verify Installation:
nc -h
2️⃣ Determine Public IP
Run the following on your Virtru Private Keystore server:
curl ifconfig.me
Example Output:
33.233.36.80
This is your server public IP address.
3️⃣ Inbound Connectivity Test (Listener)
Start Netcat Listener on the Private Keystore Container:
nc -l -p 443
If port 443 is typically already in use by Docker or Podman (Virtru container), this command nc -l -p 443 will fail. The failure does not mean the port is not open, it means the container is actively listening for traffic.
4️⃣ External Inbound Test
From a remote machine, as long as your IP address is added to the firewall rule:
nc -vz <server.public.ip> 443 #OR curl https://cks.yourdomain.com/status #OR openssl s_client -connect cks.yourdomain.com/status:443
Success Criteria:
- Port is open
- DNS resolution is working
- SMTP service responds with banner
5️⃣ Internal Inbound Connectivity Test
- Ensure an SMTP listener is active on the port
- Confirm firewall and cloud security rules allow inbound TCP on the port
- Run:
sudo ss -tulnp | grep 443
Expected Output:
tcp LISTEN 0 4096 0.0.0.0:443 0.0.0.0:* users:("docker-proxy",...)This confirms that Docker is listening on port 443 for HTTPS traffic to the container.
Alternative Approaches
If you want to test if your server is reachable from the internet on port 443, here are your options:
-
Use an Online Port Scanner:
Conclusion
Using Netcat to validate HTTPS connectivity ensures that your Virtru Private Keystore is correctly connected to required services. If all checks pass, your system is ready to securely wrap/unwrap keys and transmit secure email data.
For more, visit the full firewall reference: https://support.virtru.com/hc/en-us/articles/360013417494