See below > -----Original Message----- > From: Anne Moore [mailto:[email protected]] > Sent: Friday, April 02, 2010 1:44 PM > To: [email protected] > Subject: RE: [Pound Mailing List] Help - Pound not redirecting to > backend servers > > Hi Joe > > Thanks for this great information. > > Unfortunately, no matter what I do, I can't get an SSL PEM file working > with > POUND. Otherwise, like you mentioned, I probably could get this working > like > that. (Only my backend servers have SSL certificates installed on them. > I'm > just trying to forward to my backend SSL websites.) > > Are there instructions anywhere that include how to make a PEM file, > using a > root certificate authority that customers can recognize, that works > with > POUND?
It's the same as mod_ssl: http://www.modssl.org/docs/2.8/ssl_faq.html (see "about certificates") Basically, you need a plain text file with the PEM(base64) format of the private key, followed by the PEM(base64) format of the certificate, followed by any CA certificates in the chain in PEM format. > Also, isn't there anyway to forward incoming port 80 requests to > backend > port 4443 (ssl) requests, without having the load balancers (pound) > having > it's own SSL certificate? Sure. Move the services back outside the listener blocks, remove the 443 listenhttps block, and change the redirect URL matcher to "^/$" However, by doing that, your clients will be talking HTTP to pound. Pound will talk HTTPS to backends. You can't have pound load-balance SSL traffic, it either has to terminate the SSL connection, or terminate a non-SSL connection and speak to SSL backends. Joe -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
