Hi Joe and everyone,
I am back and sorry for another post but I seem to not be able to get Pound
to work with ClientCert and different certificates.
Basically, what I want to do is use the Pound required pem file as a dummy
pem file. So that when someone tries to access my device they get the dummy
pem but other than that; if they try to use it to gain access it gets
ignored. In other words the Cert is just a file sent when someone tries to
access the website but it won't work if they try to use it to access the
device with a browser or any other program.
Then I want to use a privately created certificate in the PEM format to add
to the client and it sends that certificate to the device and Pound checks
that certificate and if it is valid then they get access if not they get
rejected.
Here is my pound.cfg:
#ListenHTTP
# Address 192.192.192.245
# Port 80
#End
Daemon 0
ListenHTTPS
Address 192.192.192.245
Port 443
Cert "/etc/pound/sign.pem"
ClientCert 2 2
VerifyList "/etc/pound/Verifylist/rootCA.pem"
End
Service
Backend
Address 127.0.0.1
Port 80
End
End
I have my rootCA.pem in /etc/pound/Verifylist/rootCA.pem
I have my sign.pem in /etc/pound/
I am sending device.pem which was created using the rootCA.pem and
rootCA.key.
What am I missing? Could I have messed up when I created my device.pem?
I get the following error message when I try to access the device via https.
An error occurred during a connection to 192.168.60.162. SSL peer was unable
to negotiate an acceptable set of security parameters. Error code:
SSL_ERROR_HANDSHAKE_FAILURE_ALERT when I try the browser
AND
Requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure when trying to sent a
command to the device via python in a Linux terminal.
Warren
