Hello Robert, here is the output of pound and che content of the PEM file. I also tried converting the PEM to DER but the error is the same.
debug option 5 /root/Pound-3.0e/src/config.c:631 start get_others /root/Pound-3.0e/src/config.c:563 start get_backends /root/Pound-3.0e/src/config.c:123 addr pound.comunefaenza.local /root/Pound-3.0e/src/config.c:139 port 885 /root/Pound-3.0e/src/config.c:142 push /root/Pound-3.0e/src/config.c:168 addr easytraffic.comunefaenza.local /root/Pound-3.0e/src/config.c:139 port 80 /root/Pound-3.0e/src/config.c:142 push /root/Pound-3.0e/src/config.c:168 start get_http /root/Pound-3.0e/src/config.c:277 addr 192.168.1.72 /root/Pound-3.0e/src/config.c:291 port 888 /root/Pound-3.0e/src/config.c:294 start get_services /root/Pound-3.0e/src/config.c:209 HeadRequire Host: .*apps.* /root/Pound-3.0e/src/config.c:237 URL .*/google0a441f3c9d875eed.html /root/Pound-3.0e/src/config.c:228 push /root/Pound-3.0e/src/config.c:258 push /root/Pound-3.0e/src/config.c:320 start get_https /root/Pound-3.0e/src/config.c:488 address 192.168.1.72 /root/Pound-3.0e/src/config.c:509 port 890 /root/Pound-3.0e/src/config.c:512 start get_certificates /root/Pound-3.0e/src/config.c:451 start get_one(/etc/pound/comune.faenza.ra.it.pem) /root/Pound-3.0e/src/config.c:377 SNI: can't read key /etc/pound/comune.faenza.ra.it.pem, PK - Invalid key tag or value -----BEGIN CERTIFICATE----- MIIHizCCBXOgAwIBAgIQS02wKH/WeiTmw37ODrURRTANBgkqhkiG9w0BAQsFADCB iTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtB Y3RhbGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMB4XDTIw MDgxNDE1NTEyMFoXDTIxMDcwNTA2NTEyMFowgZcxCzAJBgNVBAYTAklUMRAwDgYD VQQIDAdSYXZlbm5hMQ8wDQYDVQQHDAZGYWVuemExJjAkBgNVBAoMHVVuaW9uZSBk ZWxsYSBSb21hZ25hIEZhZW50aW5hMR0wGwYDVQQLDBRTZXJ2aXppbyBJbmZvcm1h dGljYTEeMBwGA1UEAwwVKi5jb211bmUuZmFlbnphLnJhLml0MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp08Nr2L9tpgft1KJxN4NvoOmTW4qwyioYzv 74Hp4kghjq5dh1xAAUbyGvRN3e/4RpTUaWGkB0BwTxwz2hXYtI8Pb+96XFVsaiOt ecOwN7FlZNk7DHhySTxUIocWLrCbMW1weyT9fDy9dKZhg5CO+S+EPv2Hqq2QehHC 6rTWrOJ/rezjJbNdY3wcB2E4fsz5ClWDlBMCiIIqhT9lqajXTgq89eDWGqUeG6gN JWpvYq7PqcBWYULHiyL/1A/Vj20ksydSdtG/QHf3492n9mRe3oL19VJ2XyG5BY6r C94bdoM/2pdkVqfsrbb3sJip6Dte7AujAowxkNn7EOoirKteMQIDAQABo4IC3TCC AtkwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSfirG18bHegvQnfL6Izd6pQ4Gj SzB+BggrBgEFBQcBAQRyMHAwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jYWNlcnQuYWN0 YWxpcy5pdC9jZXJ0cy9hY3RhbGlzLWF1dGhvdmczMDEGCCsGAQUFBzABhiVodHRw Oi8vb2NzcDA5LmFjdGFsaXMuaXQvVkEvQVVUSE9WLUczMDUGA1UdEQQuMCyCFSou Y29tdW5lLmZhZW56YS5yYS5pdIITY29tdW5lLmZhZW56YS5yYS5pdDBRBgNVHSAE SjBIMDwGBiuBHwETATAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz Lml0L2FyZWEtZG93bmxvYWQwCAYGZ4EMAQICMB0GA1UdJQQWMBQGCCsGAQUFBwMC BggrBgEFBQcDATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsMDkuYWN0YWxp cy5pdC9SZXBvc2l0b3J5L0FVVEhPVi1HMy9nZXRMYXN0Q1JMMB0GA1UdDgQWBBTL O/sXravPyQYjMI5Kn4MlYd6ObDAOBgNVHQ8BAf8EBAMCBaAwggEEBgorBgEEAdZ5 AgQCBIH1BIHyAPAAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAA AXPttEI5AAAEAwBIMEYCIQDIjAXgqi/N5OeuN5Ly86EjojiYQ2KQZos33qajjafu PQIhAOnqKe72kuGNqJII3qwJw9VSqSw/zGeBZbpnd9fP8HDCAHUAfT7y+I//iFVo JMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAFz7bRCEgAABAMARjBEAiAPYpVRbrLk gLs8zzHklHEDwh5d5uHKjKOr98u25uqpLQIgMUjQKd8Lr6T6KZpjJGgBljEs0JHJ T4JhDxHUV+T6gMwwDQYJKoZIhvcNAQELBQADggIBACc9oUHkROnDHQJYEEhlQqfh pkS6dQv9lsiLGTDWkUEFbmXgSfZmoh8us7HcxD5X+OQTYAsdYmTOe4Lglr99KuZR DRoC0RZrNQrHGyTsUCEp+nJsvEO83CWzEMDxBD9QXWTu3NTJbFjyEYk4YkMto/3I SVExTHBQS1RK0tMZ8KHxBXIgc74DJS57xl6KT1dJzJzxfBTO8KmRQ3nm0m9jZPzM vpEV7he2JRwN27k7iPtPqcsRKw/r6/bWgrMflQqR43KYvmT5OjYCNNB8OSXSsNsh r6ZBlhlUknGPoCf/Fp5j0+6R8uL38BSi6Undi4zqXvegJXSjK+p0nqh4M//D17/v BKTThShfs/VvsgBXSnOu3Zo4QG3OEszStHzdWBkgF8zamIx6lY9DRF9jij+JfVu9 I4akOlKW+RdHgWDYvqGpSBVYT6mCLtXWIdrVNwshOY+p85KdCf647BigPKgxqSgH EjRyDWVE05vXhvIWtZsVKLmFLQxpwvHxTCagJRS2UcYfSmuxVihiesTD6H36qPDf SR3DUpohUd3Kk1gBYQPiY1qJJdRlvzSprXut3p+mpm/Q+yz/BhCKZGH5UiIxLG38 DwneyyNs8WoT/DnXNG2caaCv9AtCCK9u0+f+Rmbz5lWmk6sUHFarTN9/RZKjIWrW KK6QawmLAQnPNOe2nX2J -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHdTCCBV2gAwIBAgIQXDs/N638KP4Pz9Or+D+FUTANBgkqhkiG9w0BAQsFADBr MQswCQYDVQQGEwJJVDEOMAwGA1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMg Uy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQDDB5BY3RhbGlzIEF1dGhlbnRpY2F0 aW9uIFJvb3QgQ0EwHhcNMjAwNzA2MDcyMDU1WhcNMzAwOTIyMTEyMjAyWjCBiTEL MAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNh biBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtBY3Rh bGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMIICIjANBgkq hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs73Ch+t2owm3ayTkyqy0OPuCTiybxTyS 4cU4y0t2RGSwCNjLh/rcutO0yoriZxVtPrNMcIRQ544BQhHFt/ypW7e+t8wWKrHa r3BkKwSUbqNwpDWP1bXs7IJTVhHXWGAm7Ak1FhrrBmtXk8QtdzTzDDuxfFBK7sCL N0Jdqoqb1V1z3wsWqAvr4KlSCFW05Nh4baWm/kXOmb8U+XR6kUmuoVvia3iBhotR TzAHTO9SWWkgjTcir/nhBvyL2RoqkgYyP/k50bznaVOGFnFWzfl0XnrM/salfCBh O0/1vNaoU8elR6AtbdCFAupgQy95GuFIRVS8n/cF0QupfPjUl+kGSLzvGAc+6oNE alpAhKIS/+P0uODzRrS9Eq0WX1iSj6KHtQMNN4ZKsS4nsuvYCahnAc0QwQyoduAW iU/ynhU9WTIEe1VIoEDE79NPOI2/80RqbZqdpAKUaf0FvuqVXhEcjiJJu+d0w9YN b7gurd6xkaSXemW/fP4idBiNkd8aCVAdshGQYn6yh+na0Lu5IG88Z2kSIFcXDtwy zjcxkW86pwkO6GekEomVBNKcv0Cey2Smf8uhpZk15TSCeyFDrZBWH9OsDst/Tnhz pN156Huw3M3RRdEegt33fcyPykgt0HThxrEv9DwOzhs6lCQ5RNQJO7ZvZF1ZiqgT FOJ6vs1xMqECAwEAAaOCAfQwggHwMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw FoAUUtiIOsifeGbtifN7OHCUyQICNtAwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUF BzABhiVodHRwOi8vb2NzcDA1LmFjdGFsaXMuaXQvVkEvQVVUSC1ST09UMEUGA1Ud IAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz Lml0L2FyZWEtZG93bmxvYWQwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB MIHjBgNVHR8EgdswgdgwgZaggZOggZCGgY1sZGFwOi8vbGRhcDA1LmFjdGFsaXMu aXQvY24lM2RBY3RhbGlzJTIwQXV0aGVudGljYXRpb24lMjBSb290JTIwQ0EsbyUz ZEFjdGFsaXMlMjBTLnAuQS4lMmYwMzM1ODUyMDk2NyxjJTNkSVQ/Y2VydGlmaWNh dGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwPaA7oDmGN2h0dHA6Ly9jcmwwNS5hY3Rh bGlzLml0L1JlcG9zaXRvcnkvQVVUSC1ST09UL2dldExhc3RDUkwwHQYDVR0OBBYE FJ+KsbXxsd6C9Cd8vojN3qlDgaNLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B AQsFAAOCAgEAJbygMnKJ5M6byr5Ectq05ODqwNMtky8TEF3O55g6RHhxblf6OegZ 4ui4+ElHNOIXjycbeuUGuFA4LScCC9fnI1Rnn8TI2Q7OP5YWifEfnrdp99t/tJzQ hfdi7ZTdRRZZGV9x+grfR/RtjT2C3Lt9X4lcbuSxTea3PHAwwi0A3bYRR1L5ciPm eAnYtG9kpat8/RuC22oxiZZ5FdjU6wrRWkASRLiIwNcFIYfvpUbMWElaCUhqaB2y YvWF8o02pnaYb4bvTCg4cVabVnojUuuXH81LeQhhsSXLwcdwSdew0NL4zCiNCn2Q iDZpz2biCWDggibmWxsUUF6AbqMHnwsdS8vsKXiFQJHeAdNAhA+kwpqYAdhUiCdj RTUdtRNUucLvZEN1OAvVYyog9xYCfhtkqgXQROMANP+Z/+yaZahaP/Vgak/V00se Hdh7F+B6h5HVdwdh+17E2jl+aMTfyvBFcg2H/9Qjyl4TY8NW/6v0DPK52sVt8a35 I+7xLGLPohAl4z6pEf2OxgjMNfXXCXS33smRgz1dLQFo8UpAb3rf84zkXaqEI6Qi 2P+5pibVFQigRbn4RcE+K2a/nm2M/o+WZTSio+E+YXacnNk71VcO82biOof+jBKT iC3Xi7rAlypmme+QFBw9F1J89ig3smV/HaN8tO0lfTpvm7Zvzd5TkMs= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- [Unione della Romagna Faentina] [cid:3fc5fe72-f36b-49e1-8f93-362975ba17bc] dr. Alessandro Baldoni [cid:cc9ddba0-6197-4edf-8b6a-8a82c90c2e10] Servizio Informatica Via Severoli 7 48018 Faenza RA [cid:af5282a0-32fb-422d-bb9c-84ee30423b6c] 0546 691224 [cid:7ca1bc1b-f1f0-4482-9894-ed41171a30d5] alessandro.bald...@romagnafaentina.it [cid:2e3e3331-f4e0-4191-a7a9-3625725bf282] p...@cert.romagnafaentina.it ________________________________ From: Robert Segall via pound <pound@apsis.ch> Sent: Tuesday, October 13, 2020 18:29 To: pound@apsis.ch <pound@apsis.ch> Cc: Robert Segall <ro...@apsis.ch> Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hallo Alessandro Please run Pound with debug level 5 and show the result here, as well as the PEM file in question (leave out the CONTENT of the private key) and/or the certificate in human-readable form. On Tue, 2020-10-13 at 16:21 +0000, Alessandro Baldoni via pound wrote: > Hello, I'm a pound 2 user and I'm trying out pound 3.0e. > In my test environment, when pound tries to read a PEM file (public > certificate+ca+private key) I get the error: > > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem > > I've tinkered a bit with the source to get a more readable error: > > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem, PK - Invalid > key tag or value > > The same file is correctly used by pound 2. > > Kind regards, > > Alessandro -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
-- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch