Hi Francoise, Your more thank welcome. On a side note you may also like the DisableSSLv2 Patch which can be found here: http://www.apsis.ch/pound/pound_list/archive/2012/2012-01/1327928733000
This will remove the need for the '!SSLv2' option in your Ciphers List line. ~Scott On 19 September 2012 11:51, Francoise Dehinbo < [email protected]> wrote: > Hi Scott, > > It worked fine once I switched it to the live certificate instead of the > self-signed one used for testing. > > Much appreciated. > > Francoise > > From: Scott McKeown <[email protected]<mailto:[email protected] > >> > Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto: > [email protected]>> > Date: Wednesday, 19 September 2012 10:40 > To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto: > [email protected]>> > Subject: Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot > get certificate > > Hi Francoise, > > This looks more like a Certificate issue than a Pound issue. > What type of certificate have you created? > I would have another go at creating the PEM file myself and if you have > paid for a certificate from a CA you may need the intermediate and root > chains. > This site is a good reference on the creation of the PEM files. > http://www.digicert.com/ssl-support/pem-ssl-creation.htm > 9 time out of 10 I would use the full PEM file listed right at the bottom > of the page. > > ~Yours, > Scott > > > On 19 September 2012 10:11, Francoise Dehinbo < > [email protected]<mailto:[email protected]>> > wrote: > Hi All, > > My OS is debian squeeze which have Pound version 2.5 installed. I > downloaded the latest stable version 2.6 from > http://www.apsis.ch/pound/Pound-2.6.tgz and > applied the BEAST attack patch from > > https://github.com/goochjj/pound/commit/2f69c71b0314538f2a6218f624bdd2b954e5dbc8.patch > > After installing 2.6 and start up pound (as root), it fails with the > following error: > > /etc/pound/pound.cfg line 15: ListenHTTPS: could not get certificate CN > > Line 15 is: > Cert "/etc/pound/dev.pem" > > But /etc/pound/dev.pem does exist so I don't understand why it cannot read > it: > > >ls -la /etc/pound/dev.pem > -rw-r--r-- 1 root root 1.9K May 22 15:29 /etc/pound/dev.pem > > Here is my config for pound: > > User "web" > Group "web" > > # If the backend disappears check for it to come back every 'Alive' > seconds. > Alive 5 > > # no logging of individual requests > # start up etc errors are still logged to daemon.log > LogLevel 2 > > ListenHTTPS > > Address 0.0.0.0 > Port 443 > Cert "/etc/pound/dev.pem" > Ciphers > > "ALL:!aNULL:!ADH:!eNULL:!EXPORT56:RC4+RSA:HIGH:MEDIUM:!LOW:!SSLv2:!EXP:!eNUL:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5" > > AddHeader "X-Secure-Connection: true" > > Service > BackEnd > Address 127.0.0.1 > Port 6000 > End > End > > End > > Any help would be greatly appreciated. > > Many thanks > > Francoise > > Privacy and Confidentiality Notice: > > This is strictly confidential and intended solely for the person or > organisation to whom it is addressed. It may contain privileged and > confidential information and if you are not an intended recipient, you must > not copy, distribute or take any action in reliance on it. If you have > received this message in error, please notify us as soon as possible and > delete it and any attached files from your system. > The views and opinions expressed in this email message are the author's > own and may not reflect the views and opinions of the author's employer. > > Foxtons Limited is registered in England and Wales (registered number > 01680058). Our registered office is at Building One, Chiswick Park, 566 > Chiswick High Road, London, W4 5BE. > > _____________________________________________________________________ > This e-mail has been scanned for viruses by MessageLabs. > > -- > To unsubscribe send an email with subject unsubscribe to [email protected] > <mailto:[email protected]>. > Please contact [email protected]<mailto:[email protected]> for questions. > > > > -- > With Kind Regards. > > Scott McKeown > Loadbalancer.org > http://www.loadbalancer.org > > > _____________________________________________________________________ > This e-mail has been scanned for viruses by MessageLabs. > > Privacy and Confidentiality Notice: > > This is strictly confidential and intended solely for the person or > organisation to whom it is addressed. It may contain privileged and > confidential information and if you are not an intended recipient, you must > not copy, distribute or take any action in reliance on it. If you have > received this message in error, please notify us as soon as possible and > delete it and any attached files from your system. > The views and opinions expressed in this email message are the author's > own and may not reflect the views and opinions of the author's employer. > > Foxtons Limited is registered in England and Wales (registered number > 01680058). Our registered office is at Building One, Chiswick Park, 566 > Chiswick High Road, London, W4 5BE. > > _____________________________________________________________________ > This e-mail has been scanned for viruses by MessageLabs. > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org
