/ Zope / Apsis / Pound Mailing List / Archive / 2005 / 2005-07 / pound and SSL wildcard certs [scanned]

[ << ] [ >> ]

[ concurrent connections / extreme traffic problem ... ] [ --version? / Ximon Eighteen ... ]

pound and SSL wildcard certs [scanned]
Veit Wahlich <cru(at)zodia.de>		 2005-07-07 15:57:47 [ FULL ] 
Hi list!

I plan to use wildcard certificates with pound, so I generated a self-
signed cert for "*.foo.bar" for test purposes.

But applying this cert to pound breaks it, also bundling the pseudo-CAs
cert with the PEM cert/key file still gives the following OpenSSL error
message:

pound: starting...
pound: SSL_CTX_use_certificate_chain_file failed - aborted

I tried every possible order of cert, CA-cert and key in the pem file,
but nothing changed except OpenSSL claims the error
"SSL_CTX_use_PrivateKey_file" on some orders.

Do pound or OpenSSL have problems with wildcard certs (or especially the
*)? Or any other problem?

Thankful for any hints and with best regards,
// Veit Wahlich
Attachments:  
signature.asc application/pgp-signature 190 Bytes
Re: [Pound Mailing List] pound and SSL wildcard certs [scanned]
Robert Segall <roseg(at)apsis.ch>		 2005-07-07 17:42:25 [ FULL ] 
On Thu, 07 Jul 2005 15:57:47 +0200 Veit Wahlich <cru(at)zodia.de> wrote:
[...]

There are no problems with "wild-card" certificates. The problems you
see are really at the file/format level - somehow you give Pound the
wrong data.

From Pound's (or OpenSSL's) point of view the "wild-card" is just a
certificate for a server named "*.xxx.com". Whether your browser
recognizes or accepts that is a different question.[...]
MailBoxer