/ Zope / Apsis / Pound Mailing List / Archive / 2005 / 2005-03 / Using Pound for Secure

[ << ] [ >> ]

[ BT Messaging Anti-Virus Alert / ... ] [ OWA and SSL problem / "Oscar Fowler" ... ]

Using Pound for Secure
"MW Mike Weiner \(5028\)" <MWeiner(at)ag.com>		 2005-03-03 17:54:12 [ FULL ] 
I am trying to use pound to load balance between two secure webservers,
and for some reason i keep seeing the folloiwing in the log file:
 
dev-ng.americangreetings.com - - [03/Mar/2005:11:51:01 -0500] "GET
/mod_ssl:error:HTTP-request HTTP/1.0" 400 562

I have in my pound.cfg.secure, the following:
 
ListenHTTPS 10.10.240.201,443 /usr/share/ssl/certs/bma.pem
LogLevel 3
 
UrlGroup    ".*"
HeadRequire Host    ".*dev.bluemountain.com.*"
BackEnd     10.10.240.201,16043,1
BackEnd     10.10.240.124,443,1
EndGroup

Is there anything wrong with this setup? Or is this erroring on the
apache side of the house?
 
 <http://www.interactive.ag.com/>
	 ... Says it Best.
<http://www.americangreetings.com/>
	
	
Michael Weiner, Linux+, Linux+ SME
Senior Systems Administrator 	AmericanGreetings.com
One American Road
Cleveland, OH 44144
MWeiner(at)ag.com
IM: hUnTeRoZe
Re: Using Pound for Secure
Sascha Ottolski <sascha.ottolski(at)gallileus.de>		 2005-03-03 18:28:32 [ FULL ] 
Am Donnerstag, 3. März 2005 17:54 schrieb MW Mike Weiner (5028):[...]

If I'm not mistaken, then your backends are listening for ssl-connections, 
while pound talks plain, unencrypted http with them. Try to adjust your 
config to something like

BackEnd     10.10.240.124,80,1

that is, port 80 rather than port 443.


Cheers,

Sascha
RE: Using Pound for Secure
"MW Mike Weiner \(5028\)" <MWeiner(at)ag.com>		 2005-03-03 19:03:34 [ FULL ] 
----Original Message-----
From: Sascha Ottolski [mailto:sascha.ottolski(at)gallileus.de] 
Sent: Thursday, March 03, 2005 12:29 PM
To: pound(at)apsis.ch
Subject: Re: Using Pound for Secure

Am Donnerstag, 3. März 2005 17:54 schrieb MW Mike Weiner (5028):[...]

If I'm not mistaken, then your backends are listening for ssl-connections,
while pound talks plain, unencrypted http with them. Try to adjust your config
to something like

BackEnd     10.10.240.124,80,1

that is, port 80 rather than port 443.
--
DUH, that makes sense, thank you for your response
RE: Using Pound for Secure
"MW Mike Weiner \(5028\)" <MWeiner(at)ag.com>		 2005-03-03 19:48:44 [ FULL ] 
-----Original Message-----
From: MW Mike Weiner (5028) [mailto:MWeiner(at)ag.com] 
Sent: Thursday, March 03, 2005 1:04 PM
To: Sascha Ottolski; pound(at)apsis.ch
Subject: RE: Using Pound for Secure

----Original Message-----
From: Sascha Ottolski [mailto:sascha.ottolski(at)gallileus.de]
Sent: Thursday, March 03, 2005 12:29 PM
To: pound(at)apsis.ch
Subject: Re: Using Pound for Secure

Am Donnerstag, 3. März 2005 17:54 schrieb MW Mike Weiner (5028):[...]

If I'm not mistaken, then your backends are listening for ssl-connections,
while pound talks plain, unencrypted http with them. Try to adjust your config
to something like

BackEnd     10.10.240.124,80,1

that is, port 80 rather than port 443.
--
OK, changed my config to the following:


Now I get an alert complaining about:

Could not establish an encrypted connection because your certificate was
rejected by dev.bluemountain.com. Error Code: -12271

So one step closer, thank you. Does this indicate a bad pem file per chance?

Michael Weiner
MailBoxer