|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2010
/
2010-01
/
certificate confusion
[
Help Please / "Paul Farrar" ... ]
[
Request for latest Sample configuration file / ... ]
certificate confusion
"Paul Farrar" <paul.farrar(at)stepstone.com> |
2010-01-20 13:00:48 |
[ SNIP ]
|
Can somebody please clarify what I need to do about certificates when using
HTTPS in Pound, I think I have confused myself by reading so much about it.
I have a windows web site that I am successfully using pound to proxy traffic
to over HTTP
I now need to do the same for HTTPS traffic.
The windows server has a certxxx.pfx file that I have copied to my pound
server. I have used
"openssl pkcs12 -in certxxx.pfx -out certxxx.pem" to create a certxxx.pem file.
I have put the path to this file in my pound.cfg file.
Is this all I have to do ?
Paul Farrar
Operations Engineer
Tel: +44 (0) 1582816483
Mobile: +44 (0) 7841167934
Email: paul.farrar(at)stepstone.com
http://www.stepstone.com
StepStone Solutions (UK) Limited
475 The Boulevard
Capability Green
Luton
LU1 3LU
England
Registered in England and Wales
|
|
|
Re: [Pound Mailing List] certificate confusion
"Simon Matter" <simon.matter(at)invoca.ch> |
2010-01-20 13:33:52 |
[ SNIP ]
|
> Can somebody please clarify what I need to do about certificates when
> using HTTPS in Pound, I think I have confused myself by reading so much
> about it.
>
> I have a windows web site that I am successfully using pound to proxy
> traffic to over HTTP
> I now need to do the same for HTTPS traffic.
>
> The windows server has a certxxx.pfx file that I have copied to my pound
> server. I have used
> "openssl pkcs12 -in certxxx.pfx -out certxxx.pem" to create a certxxx.pem
> file.
>
> I have put the path to this file in my pound.cfg file.
>
> Is this all I have to do ?
I'm not an expert here but I think that's it. Does it not work?
I have no experience with the new Pound RC which can do HTTPS to the
backend. When doing HTTP to the backend, problems can arise if your webapp
is smart and believes you are not running HTTPS, therefore it may refuse
to do security sensitive things. If that's the case you have to let your
webserver/app know that the traffic is still secure.
Regards,
Simon
>
> Paul Farrar
> Operations Engineer
> Tel: +44 (0) 1582816483
> Mobile: +44 (0) 7841167934
> Email: paul.farrar(at)stepstone.com
> http://www.stepstone.com
> StepStone Solutions (UK) Limited
> 475 The Boulevard
> Capability Green
> Luton
> LU1 3LU
> England
> Registered in England and Wales
>
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
|
|
|
Re: [Pound Mailing List] certificate confusion
Emilio Campos <emilio.campos.martin(at)gmail.com> |
2010-01-20 22:51:32 |
[ SNIP ]
|
I have pound for iis backends with a https Listener, same to you, i
changed pfx file to pem and it is running ok!!
POUND with HTTPS LISTENER (https conections) with PEM CERT (exported from
pfx) send conections to IIS BACKEND (http conections)
Paul can you put your pound code for https listener?
2010/1/20 Simon Matter <simon.matter(at)invoca.ch>
> > Can somebody please clarify what I need to do about certificates when
> > using HTTPS in Pound, I think I have confused myself by reading so much
> > about it.
> >
> > I have a windows web site that I am successfully using pound to proxy
> > traffic to over HTTP
> > I now need to do the same for HTTPS traffic.
> >
> > The windows server has a certxxx.pfx file that I have copied to my pound
> > server. I have used
> > "openssl pkcs12 -in certxxx.pfx -out certxxx.pem" to create a certxxx.pem
> > file.
> >
> > I have put the path to this file in my pound.cfg file.
> >
> > Is this all I have to do ?
>
> I'm not an expert here but I think that's it. Does it not work?
> I have no experience with the new Pound RC which can do HTTPS to the
> backend. When doing HTTP to the backend, problems can arise if your webapp
> is smart and believes you are not running HTTPS, therefore it may refuse
> to do security sensitive things. If that's the case you have to let your
> webserver/app know that the traffic is still secure.
>
> Regards,
> Simon
>
> >
> > Paul Farrar
> > Operations Engineer
> > Tel: +44 (0) 1582816483
> > Mobile: +44 (0) 7841167934
> > Email: paul.farrar(at)stepstone.com
> > http://www.stepstone.com
> > StepStone Solutions (UK) Limited
> > 475 The Boulevard
> > Capability Green
> > Luton
> > LU1 3LU
> > England
> > Registered in England and Wales
> >
> >
> >
> > --
> > To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> > Please contact roseg(at)apsis.ch for questions.
> >
>
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
|
|
|
|
|
|
