I Have had this issue over several refreshes, and finally just broke it
out into a more manageable setup.
Cert "/etc/pki/tls/certs/quest-pound.pem"
VerifyList "/etc/pki/tls/certs/incommon_interm.pem"
CAlist "/etc/pki/tls/certs/incommon_interm.pem"
I am running 2.6 and keep the cert/key pem as one, and the other certs in
the order provided by my issuer. chain order with the CA last in the
interim. I put the key first, then the cert in the Cert directive
suggested file.
I hope this helps, as it did make my setup much more manageable.
----------------------------------------------------------------
D. Hampton Finger loc...@austin.utexas.edu
Sr. Systems Administrator PH: 512-636-1701
College of Natural Sciences The University of Texas at Austin
----------------------------------------------------------------
On Tue, 1 Aug 2017, Warren Perdue wrote:
*** UPDATE **
Hey guys,
I need your help. I am trying to create a Cert Directive for my server and no
matter what I try I cannot get the sequence right.
Do you all know the order in which I have to place the keys and certs being
private, intermediate, chain and server?
I have:
ca.key.pem
ca.cert.pem
intermediate.key.pem
intermediate.cert.pem
ca-chain.pem (above CA chain)
server.key.pem
server.cert.pem
What is the correct order do I have to place these in in order to create a CA
directive to place in my CAList directory on my server so that my server will
recognize server.cert.pem?
I have tried every combination there is and no luck and I was wondering if any
of you could help. What am I forgetting to do or what I need to do.
Warren
-----Original Message-----
From: Warren Perdue [mailto:wper...@valcom.com]
Sent: Tuesday, July 25, 2017 9:13 AM
To: pound@apsis.ch
Subject: [Pound Mailing List] Follow-Up to help with Pound, Web browsers and
Certificates
Hi Joe and anyone else that can help,
I have a question and hopefully you can answer it.
I have my CA set up and the Key and Pem for it. I also created my certificate
and signed it with the CA.
I loaded the CA.pem to the VerifyList and have ClientCert 2 2 but I still get
the error message : SSL_ERROR_HANDSHAKE_FAILURE_ALERT
What am I doing wrong?
I used the procedures you gave me, I also follow this link step by step
http://www.octaldream.com/scottm/talks/ssl/opensslca.html , and even used this
web app https://makoserver.net/download/linux-x86/ to create the CA and Sign my
cert and I still get the
SSL_ERROR_HANDSHAKE_FAILURE_ALERT
I have gotten this to work on Mac, Windows, and Linux machines but not my
server which is embedded server running BOA and Pound with OPenSSL support and
need Pound for load balancing.
I have my cakey.pem, cacert.pem so what else do I have to include in my Cert
Directive. I am a little confused as to how to construct the Cert Directive to
work with pound. I can make my plan work on other software and OS's and do not
understand what I am doing wrong to get it work with Pound.
If any of you can help me, I could surely use your help.
Warren
-----Original Message-----
From: Joe Gooch [mailto:joseph.go...@sapphirek12.com]
Sent: Thursday, June 01, 2017 4:13 PM
To: pound@apsis.ch
Subject: Re: [Pound Mailing List] Limit amount of Processes Pound can create
using fork()
Uhm... Doesn't that just mean you want
ThreadModel pool
Threads 5
------
Joe
From: Warren Perdue <wper...@valcom.com>
Organization: Valcom, Inc.
Reply-To: "pound@apsis.ch" <pound@apsis.ch>
Date: Thursday, June 1, 2017 at 4:06 PM
To: "pound@apsis.ch" <pound@apsis.ch>
Subject: [Pound Mailing List] Limit amount of Processes Pound can create using
fork()
Hey guys,
I have been wrecking my brain on how to limit Pound from creating additional
processes. I want pound to accept only one input at a time and only allow one
process to run beyond its current 4 processes. Do any of you have any idea on
how I can accomplish that.
I have tried setrlimit, limiting the number of forks Pound can do, add
additional code to track the processes and kill any additional processes over
6. I have also tried running it as a Daemon and limit the threads but nothing
works.
So do any of you have any ideas on how I can get Pound to limit the number of
processes that are created by Pound with incoming commands?
Warren
N r z u + y?? m?u >W ? z + *
--
To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
Please contact ro...@apsis.ch for questions.
--
To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
Please contact ro...@apsis.ch for questions.
--
To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
Please contact ro...@apsis.ch for questions.