Hello All,
recently I got a new ssl cert. while trying to install for pound's use
I keep getting the SSL_CTX_use_Privatekey_file failed error aborted.
it's gotten me up to seriously frustrated.
I have the original server.key and the server.csr files generated from
openssl
I have the server.cer file from commodo
as an aside, I also have and have tried the cert only and intermediates
files as well)
I have used openssl to check all the files
I have tried every version of concatenating the files into a new pem
file as listed by
https://www.digicert.com/ssl-support/pem-ssl-creation.htm
I have check the cert order by concatenated a new pem from the cert
only and intermediary files
cat server.key server.cer > server.pem as the default
the pem file has each of the sections as expected.
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
as you can see the key is not encrypted.
the pound.cfg:
User "nobody"
Group "nobody"
LogLevel 1
LogFacility local3
Client 20
TimeOut 20
Grace 20
Alive 5
#redirect unencrypted to encrypted
ListenHTTP
Address xxx.xxx.xxx.20
Port 80
xHTTP 2
Service
Redirect "https://server.com";
End
End
#unecrypt and send to the backend
ListenHTTPS
Address xxx.xxx.xxx.20
Port 443
Cert "etc/oldserver.pem"
Cert "/etc/server.pem"
SSLHonorCipherOrder 1
SSLAllowClientRenegotiation 0
Ciphers
"RC4-SHA:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
Service
BackEnd
Address 127.0.0.127
Port 80
End
End
End
at this point I am not sure what I am missing. should the cert file be
owned by a specific user or group? should there be permissions other
than 644 for root:root?
Thanks for any help you can offer.
Cheers
Taz
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
