Re: [Pound Mailing List] Need Help with "ListenHTTPS: could not get certificate CN"

Tue, 26 May 2015 01:03:04 -0700 

Thanks Mirek,
recompile config.h without else branch seems to work, pound start now!
I have to do further tests now, that all alternative domains in certificate also work now. 
Helmut

Am 25.05.2015 um 20:02 schrieb Miroslav Danek:

Hello,

In December I reported Same problem

http://www.apsis.ch/pound/pound_list/archive/2014/2014-12/1418907678000#1418907678000
So far, no response. The problem is that the Comodo really does not make CN into the MDC but only SANs. 

Pound requires that the CN in the certificate.
You can try to remove the "else" branch in a file config.c at line 1087. No warranty is given as to do it. 

My solution was to switch from the pound to nginx

regadrs
Mirek
On 24. 5. 2015, at 20:06, Helmut <[email protected] <mailto:[email protected]>> wrote: 

Hello everyone,
i have a problem to start pound with a multidomain-certificate from commodo. 
It is installed on a apache webserver with multiple domains.
The first you can reach with the domain and url on https://webmail.ecom-server.de. 

On my debian wheezy system there is installed pound version 2.6-2+deb7u1

If I start pound , i got:
starting...
/etc/pound/pound.cfg line 65: ListenHTTPS: could not get certificate CN
Line 65 is:/    Cert "/etc/pound/poundssl.pem"//
/
Here ist my /etc/pound.cfg where XXX.XXX.XXX.XXX is the IP of my server:

/ListenHTTP//
//        Address XXX.XXX.XXX.XXX//
//        Port    80//
//        Service//
//                BackEnd//
//                        Address 127.0.0.1//
//                        Port    8000//
//                End//
//        End//
//End//
//ListenHTTPS//
//        HeadRemove "X-Forwarded-Proto"//
//        AddHeader "X-Forwarded-Proto: https"//
//        Address XXX.XXX.XXX.XXX//
//        Port 443//
//        Cert "/etc/pound/poundssl.pem"//
//        Service//
//                Backend//
//                        Address 127.0.0.1//
//                        Port 8000//
//                End//
//        End//
//End/

I also did my certificate //etc/pound/poundssl.pem /with all of this:
https://www.digicert.com/ssl-support/pem-ssl-creation.htm
but it seems pound cannot read the domainnames from my commodo multidomain-certificate. 

I also compile the latest version from scatch, but with the same error
mail:/opt/Pound-2.7$ ./pound -v -f /etc/pound/pound.cfg
starting...
/etc/pound/pound.cfg line 65: ListenHTTPS: could not get certificate CN

Someone have an idea?
Thanks
helmut

Reply via email to