On 8/9/2010 2:18 PM, Alfonso Espitia wrote:
Hello all, it's been a while since I had to generate a new key and get
SSL to work on Pound.
I remember specifically in the Pound documentation that it said that the
key can not have a passphrase on it, has this changed with any of the
recent versions?
It looks like some of the SSL certificate standards have changed so
everything is requiring a 2048 key.
When I run this:
openssl genrsa -des3 -out<name of your certificate>.key 2048
it asks for a passphrase, and will not let you proceed unless you type
something in.
Can someone send instructions on how to get past this, or configure
pound to allow for a passphrase?
Remove the -des3 ... you're telling openssl to encrypt your key, which
is the problem. Don't bother - it doesn't offer any extra security.
The best ref on generating certs I've found is OpenBSD's 'ssl' manpage:
http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html
You want the section on generating server certificates for web servers.
Regards,
--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
http://www.redterror.net/
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
