Hi Joe and everyone,

 

I am back and sorry for another post but I seem to not  be able to get Pound
to work with ClientCert and different certificates. 

 

Basically, what I want to do is use the Pound required pem file as a dummy
pem file. So that when someone tries to access my device they get the dummy
pem but other than that; if they try to use it to gain access it gets
ignored. In other words the Cert is just a file sent when someone tries to
access the website but it won't work if they try to use it to access the
device with a browser or any other program. 

 

Then I want to use a privately created certificate in the PEM format to add
to the client and it sends that certificate to the device and Pound checks
that certificate and if it is valid then they get access if not they get
rejected. 

 

Here is my pound.cfg:

 

#ListenHTTP

#                  Address 192.192.192.245

#                   Port 80

#End

 

Daemon 0

 

ListenHTTPS

                    Address 192.192.192.245

                    Port 443

                    Cert "/etc/pound/sign.pem"

                    ClientCert 2 2

                    VerifyList  "/etc/pound/Verifylist/rootCA.pem"

End

 

Service

      Backend

                     Address 127.0.0.1

                     Port 80

      End  

End

 

I have my rootCA.pem in /etc/pound/Verifylist/rootCA.pem         

 

I have my sign.pem in /etc/pound/

 

I am sending device.pem which was created using the rootCA.pem and
rootCA.key.

 

What am I missing? Could I have messed up when I created my device.pem?

 

I get the following error message when I try to access the device via https.

 

An error occurred during a connection to 192.168.60.162. SSL peer was unable
to negotiate an acceptable set of security parameters. Error code:
SSL_ERROR_HANDSHAKE_FAILURE_ALERT when I try the browser 

AND

Requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure when trying to sent a
command to the device via python in a Linux terminal.

 

 

 

Warren 

Reply via email to