Re: [Pound Mailing List] SSL_CTX_use_PrivateKey_file Driving me insane

Thu, 27 Sep 2012 03:18:21 -0700 

Fixed! thanks for the link, it put me on the right track.
All that was required was to concatenate the key, the crt and output a .pem file which i put in the ssl store and referenced it from pound.cfg. 

I also ran "update-ca-certificates --verbose --fresh"
And restarted pound, success! This is just a test, the live site will use a "real" ssl cert. 

Thanks,

Alan

2012-09-27 11:57, Scott McKeown skrev:

Hi Alan,
I'm sure that you will need to include the Private Key Chain in your PEM
file to resolve this error.

Have a look at http://www.digicert.com/ssl-support/pem-ssl-creation.htm
which shows the different ways of creating the PEM file.

Although now that I think about it, I don't remember if I had to include
this in mine the last time I created a Self Signed certificate so I
could be wrong on the self signed front. However, I would recommend the
full PEM file when you go live.


~Scott


On 27 September 2012 10:16, Alan McGinlay <[email protected]
<mailto:[email protected]>> wrote:

    Hi All,

    I have been getting this error now no matter what I do when trying
    to setup and HTTPS listener with a self signed cert.

    "/etc/pound/pound.cfg line 56: SSL_CTX_use_PrivateKey_file failed -
    aborted"

    I have generated the ssl cert in myriad different ways, always with
    the same result. I have tried with pound 2.5 and 2.6 (from ubuntu
    precise and quantal respectively) but there is no change! The
    certificates test ok with the openssl command line so I am at a
    complete loss!

    Most of the info I have found on the net is from a few years back,
    could this be a new bug?

    pound.cfg listeners:

    ListenHTTP
         Address 199.10.64.8
         Port    80
         #Cert    "/etc/ssl/certs/server.crt"
         Service
             HeadRequire "Host:.*redneck001-ext.__example.se.*"
             BackEnd
                 Address localhost
                 Port    81
             End
         End

    END

    ListenHTTPS
         Address 193.10.64.8
         Port    443
         Cert    "/etc/ssl/certs/redneck001-__ext.example.se.cert"
         Service
             HeadRequire "Host:.*redneck001-ext.__example.se.*"
             BackEnd
                 Address localhost
                 Port    81
             End
         End
    End

    Please help!

    /Alan

    --
    To unsubscribe send an email with subject unsubscribe to
    [email protected] <mailto:[email protected]>.
    Please contact [email protected] <mailto:[email protected]> for questions.




--
With Kind Regards.

Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org



--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to