pound SSL: please help, anything I need to know if I'm using Thawte or Versign as the Certifying Authority? / Joe Dsuzea <ravenx334@yahoo.com>

/ Zope / Apsis / Pound Mailing List / Archive / 2011 / 2011-01 / pound SSL: please help, anything I need to know if I'm using Thawte or Versign as the Certifying Authority?

[ installing pound-2.6c / Grzegorz Mrzyglod ... ] [ FIN not sent / Sylvester De Paiva ... ]

pound SSL: please help, anything I need to know if I'm using Thawte or Versign as the Certifying Authority?
Joe Dsuzea <ravenx334(at)yahoo.com>

2011-01-26 16:56:28

[ FULL ]

I will be using these steps to generate the key and csr:
# openssl genrsa -out /etc/ssl/private/server.key 2048
(without des3 so I get no password prompt)

# openssl req -new -key server.key -out domain.server.csr

I will then cat the above server.key and the returned .crt from thawte (or
verisgn) then create a PEM file.
Then this directive will be added in pound.cfg;
Cert    "/etc/pound/host.pem"

Do I need to worry about the CA file?

Previously we had a thawte cert where I did not need to deal with any CA file
for POUND.  Just the server private key and the return CRT pem'd together
worked fine.

anyone have experience with Thawte/Verisgn and POUND?

TIA

Re: [Pound Mailing List] pound SSL: please help, anything I need to know if I'm using Thawte or Versign as the Certifying Authority?
Dave Steinberg <dave(at)redterror.net>

2011-01-26 17:09:47

[ FULL ]

On 1/26/2011 10:56 AM, Joe Dsuzea wrote:[...]

I don't have direct experience with Thawte/Verisign certs, but the 
principles ought to be universal.  If they give you intermediate 
certificates, append them onto your PEM file.  Pound's configuration 
doesn't change.  I.e.:

$ cat server.key server.crt intermediate1.crt intermediate2.crt ... > 
server.pem

That should be all that's required.

Regards,[...]