Hello, In December I reported Same problem
http://www.apsis.ch/pound/pound_list/archive/2014/2014-12/1418907678000#1418907678000 So far, no response. The problem is that the Comodo really does not make CN into the MDC but only SANs. Pound requires that the CN in the certificate. You can try to remove the "else" branch in a file config.c at line 1087. No warranty is given as to do it. My solution was to switch from the pound to nginx regadrs Mirek > On 24. 5. 2015, at 20:06, Helmut <[email protected]> wrote: > > Hello everyone, > > i have a problem to start pound with a multidomain-certificate from commodo. > It is installed on a apache webserver with multiple domains. > The first you can reach with the domain and url on > https://webmail.ecom-server.de <https://webmail.ecom-server.de/>. > > On my debian wheezy system there is installed pound version 2.6-2+deb7u1 > > If I start pound , i got: > starting... > /etc/pound/pound.cfg line 65: ListenHTTPS: could not get certificate CN > Line 65 is: Cert "/etc/pound/poundssl.pem" > > Here ist my /etc/pound.cfg where XXX.XXX.XXX.XXX is the IP of my server: > > ListenHTTP > Address XXX.XXX.XXX.XXX > Port 80 > Service > BackEnd > Address 127.0.0.1 > Port 8000 > End > End > End > ListenHTTPS > HeadRemove "X-Forwarded-Proto" > AddHeader "X-Forwarded-Proto: https" > Address XXX.XXX.XXX.XXX > Port 443 > Cert "/etc/pound/poundssl.pem" > Service > Backend > Address 127.0.0.1 > Port 8000 > End > End > End > > I also did my certificate /etc/pound/poundssl.pem with all of this: > https://www.digicert.com/ssl-support/pem-ssl-creation.htm > <https://www.digicert.com/ssl-support/pem-ssl-creation.htm> > but it seems pound cannot read the domainnames from my commodo > multidomain-certificate. > > I also compile the latest version from scatch, but with the same error > mail:/opt/Pound-2.7$ ./pound -v -f /etc/pound/pound.cfg > starting... > /etc/pound/pound.cfg line 65: ListenHTTPS: could not get certificate CN > > Someone have an idea? > Thanks > helmut > > > >
