Hi Scott, It worked fine once I switched it to the live certificate instead of the self-signed one used for testing.
Much appreciated. Francoise From: Scott McKeown <sc...@loadbalancer.org<mailto:sc...@loadbalancer.org>> Reply-To: "pound@apsis.ch<mailto:pound@apsis.ch>" <pound@apsis.ch<mailto:pound@apsis.ch>> Date: Wednesday, 19 September 2012 10:40 To: "pound@apsis.ch<mailto:pound@apsis.ch>" <pound@apsis.ch<mailto:pound@apsis.ch>> Subject: Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate Hi Francoise, This looks more like a Certificate issue than a Pound issue. What type of certificate have you created? I would have another go at creating the PEM file myself and if you have paid for a certificate from a CA you may need the intermediate and root chains. This site is a good reference on the creation of the PEM files. http://www.digicert.com/ssl-support/pem-ssl-creation.htm 9 time out of 10 I would use the full PEM file listed right at the bottom of the page. ~Yours, Scott On 19 September 2012 10:11, Francoise Dehinbo <francoise.dehi...@foxtons.co.uk<mailto:francoise.dehi...@foxtons.co.uk>> wrote: Hi All, My OS is debian squeeze which have Pound version 2.5 installed. I downloaded the latest stable version 2.6 from http://www.apsis.ch/pound/Pound-2.6.tgz and applied the BEAST attack patch from https://github.com/goochjj/pound/commit/2f69c71b0314538f2a6218f624bdd2b954e5dbc8.patch After installing 2.6 and start up pound (as root), it fails with the following error: /etc/pound/pound.cfg line 15: ListenHTTPS: could not get certificate CN Line 15 is: Cert "/etc/pound/dev.pem" But /etc/pound/dev.pem does exist so I don't understand why it cannot read it: >ls -la /etc/pound/dev.pem -rw-r--r-- 1 root root 1.9K May 22 15:29 /etc/pound/dev.pem Here is my config for pound: User "web" Group "web" # If the backend disappears check for it to come back every 'Alive' seconds. Alive 5 # no logging of individual requests # start up etc errors are still logged to daemon.log LogLevel 2 ListenHTTPS Address 0.0.0.0 Port 443 Cert "/etc/pound/dev.pem" Ciphers "ALL:!aNULL:!ADH:!eNULL:!EXPORT56:RC4+RSA:HIGH:MEDIUM:!LOW:!SSLv2:!EXP:!eNUL:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5" AddHeader "X-Secure-Connection: true" Service BackEnd Address 127.0.0.1 Port 6000 End End End Any help would be greatly appreciated. Many thanks Francoise Privacy and Confidentiality Notice: This is strictly confidential and intended solely for the person or organisation to whom it is addressed. It may contain privileged and confidential information and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this message in error, please notify us as soon as possible and delete it and any attached files from your system. The views and opinions expressed in this email message are the author's own and may not reflect the views and opinions of the author's employer. Foxtons Limited is registered in England and Wales (registered number 01680058). Our registered office is at Building One, Chiswick Park, 566 Chiswick High Road, London, W4 5BE. _____________________________________________________________________ This e-mail has been scanned for viruses by MessageLabs. -- To unsubscribe send an email with subject unsubscribe to pound@apsis.ch<mailto:pound@apsis.ch>. Please contact ro...@apsis.ch<mailto:ro...@apsis.ch> for questions. -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org _____________________________________________________________________ This e-mail has been scanned for viruses by MessageLabs. Privacy and Confidentiality Notice: This is strictly confidential and intended solely for the person or organisation to whom it is addressed. It may contain privileged and confidential information and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this message in error, please notify us as soon as possible and delete it and any attached files from your system. The views and opinions expressed in this email message are the author's own and may not reflect the views and opinions of the author's employer. Foxtons Limited is registered in England and Wales (registered number 01680058). Our registered office is at Building One, Chiswick Park, 566 Chiswick High Road, London, W4 5BE. _____________________________________________________________________ This e-mail has been scanned for viruses by MessageLabs. -- To unsubscribe send an email with subject unsubscribe to pound@apsis.ch. Please contact ro...@apsis.ch for questions.
