|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2008
/
2008-10
/
Re: [Pound Mailing List] Generate CSR
[
Generate CSR / "Victor E. Ftanou" ... ]
[
error copy server cont (again) / "Jacob ... ]
Re: [Pound Mailing List] Generate CSR
Dave Steinberg <dave(at)redterror.net> |
2008-10-06 15:13:40 |
[ SNIP ]
|
Victor E. Ftanou wrote:
> Dear,
>
> I use the pound and behind this is my LAN including my mail -exchange
> server. What is the best way to request a certificate (csr) from an
> authorized provider? To request for the pound or for the exchange
> srv? Please advise. In the way of request csr for the pound how can I
> export the file (csr)?
Pound isn't involved in CSR generation, just generate it using openssl
like you would if you were going to use Apache or anything else really.
My favorite instructions are here:
http://urlenco.de/ysvvv
Look in the section titled "GENERATING RSA SERVER CERTIFICATES FOR WEB
SERVERS". Do *not* encrypt your key.
Once you have your CSR, just go to any SSL provider and paste that in
the box when they ask you for it.
Regards,
--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
|
|
|
Re: [Pound Mailing List] Disabling SSLv2
Ondra Kudlik <kepi(at)orthank.net> |
2008-10-08 04:06:24 |
[ SNIP ]
|
I think you have been looking for Ciphers "acceptable:cipher:list",
just use same format as openssl (see man 1 ciphers). It is in pound
documentation...
Regards,
--
.''`. Ondra 'Kepi' Kudlik
: :' : Debian GNU/Linux User
`. `'
`- http://www.nosoftwarepatents.com/cz/m/intro/index.html
Tue, Oct 07, 2008 ve 04:04:51PM -0400, Albert napsal:
> Is there a way to disable SSLv2 for HTTPS requests in pound? Pound is
> using SSLv23_server_method() to create a new SSL_CTX object, but I don't
> see any other calls to disable SSLv2.
> In apache, I can specify the following options to allow SSLv3 and TSLv1
> only:
>
> SSLProtocol -ALL +SSLv3 +TLSv1
>
> If pound doesn't support something similar, can it be added?
>
|
|
|
Re: [Pound Mailing List] Disabling SSLv2
Albert <pound(at)alacra.com> |
2008-10-10 04:01:21 |
[ SNIP ]
|
Thank you it worked. I actually had tried it before, and it didn't work
for me originally. I have 2 certs, and in my second ListenHTTPS I was
allowing SSLv2. The second "Ciphers" directive was overriding the first
one. I guess this should be put in the man page for future reference.
Ondra Kudlik wrote:
> I think you have been looking for Ciphers "acceptable:cipher:list",
> just use same format as openssl (see man 1 ciphers). It is in pound
> documentation...
>
> Regards,
>
>
|
|
|
|
|
|
