Hi, On 7 February 2011 17:54, Amol <mandm_z...@yahoo.com> wrote: > > Hi all, i had a question on setting up haproxy in SSL, since my current site > is https(where i had used openssl to generate csr and crt keys), so i wanted > to load balance with the same. > > My web servers are apache and they are behind the haproxy server, so once i > install stunnel on HAproxy server, i have a few question in the installation > process > > I have installed stunnel-4.35.tar.gz, but the patch for xforward was > tunnel-4.32-xforwarded-for.diff is that ok? of is the patch available for > 4.35 ?
The last stunnel patch I saw on this mailing list was for stunnel 4.34 available from this thread: http://www.mail-archive.com/haproxy@formilux.org/msg04024.html > this is the patch ouput > $patch -p1 < ../stunnel-4.32-xforwarded-for.diff > patching file doc/stunnel.8 > Hunk #1 FAILED at 504. <snip> The patch failed, you need to use the patch described above - quite possibly with stunnel 4.34 not 4.35 (it might work but if any hunks show up as 'FAILED' go back to 4.34). > > during the make install of stunnel it asked me the details for the .pem file? > why is that needed if i use certs from third party vendors? > can i used a certificate generated from third party vendors like godaddy to > set stunnel? > or do i have to use self-signed certificate? The make install process probably generates a self signed certificate initially. There might be a parameter to skip this. Regardless you can definitely swap it for another certificate from a 3rd party vendor. It should be in ASCII PEM format though. > > These are some of the doubts for now, it will a great help if you can help me > understand this or send some helpful links? > > Thanks > -- Best Regards, Brett Delle Grazie