On 3/12/2011 4:18 AM, Pound Rproxy wrote:
I currently have a server that has a self-signed SSL cert and viewing it is
restricted by using a private key that's been exported to Firefox.
I want to put Pound in front of this and 1 other server, so that both are using
the same https listener in pound.cfg and the same private key on the client end
for restricting access.
My confusion is mostly around where to generate the server.pem for Pound.
Do I generate the server.pem and private browser key on the pound server or
import the server.pem from a backend server?
It doesn't matter where they are generated. A PEM file is just a
private key + certificate, you can make it anywhere.
If the second option, does this mean I can only have one SSL backend per Pound
instance?
You can have many ListenHTTPS directives per pound instance, it has
nothing to do with the certificates used.
I'm just at point of testing now (creating keys takes me a while) and have
created a new CA, self-signed cert, pem file, and private key on the Pound
server.
I have commented out all SSL stuff in the Apache httpd.conf files on both
backend servers so now they should just pass http requests back to Pound.
I've tested that each backend resolves with http and without need for a private
key, as I want Pound to handle this.
But I can't get Pound to resolve the backends. Am I doing something wrong or
that isn't possible?
Here's my pound.cfg so far:
ListenHTTPS
Address 192.168.1.140
Port 443
Cert "/usr/etc/server.pem"
LogLevel 2
Service
BackEnd
Address 192.168.1.141
Port 8080
End
End
Service
BackEnd
Address 192.168.1.142
Port 8083
End
End
End
Your config looks fine. What happens when you hit it, specifically?
Regards,
--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
http://www.redterror.net/
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
