Hi Alan,
I'm sure that you will need to include the Private Key Chain in your PEM file to resolve this error.

Have a look at http://www.digicert.com/ssl-support/pem-ssl-creation.htm which shows the different ways of creating the PEM file.

Although now that I think about it, I don't remember if I had to include this in mine the last time I created a Self Signed certificate so I could be wrong on the self signed front. However, I would recommend the full PEM file when you go live.


~Scott


On 27 September 2012 10:16, Alan McGinlay <alanm@sics.se> wrote:
Hi All,

I have been getting this error now no matter what I do when trying to setup and HTTPS listener with a self signed cert.

"/etc/pound/pound.cfg line 56: SSL_CTX_use_PrivateKey_file failed - aborted"

I have generated the ssl cert in myriad different ways, always with the same result. I have tried with pound 2.5 and 2.6 (from ubuntu precise and quantal respectively) but there is no change! The certificates test ok with the openssl command line so I am at a complete loss!

Most of the info I have found on the net is from a few years back, could this be a new bug?

pound.cfg listeners:

ListenHTTP
    Address 199.10.64.8
    Port    80
    #Cert    "/etc/ssl/certs/server.crt"
    Service
        HeadRequire "Host:.*redneck001-ext.example.se.*"
        BackEnd
            Address localhost
            Port    81
        End
    End

END

ListenHTTPS
    Address 193.10.64.8
    Port    443
    Cert    "/etc/ssl/certs/redneck001-ext.example.se.cert"
    Service
        HeadRequire "Host:.*redneck001-ext.example.se.*"
        BackEnd
            Address localhost
            Port    81
        End
    End
End

Please help!

/Alan

--
To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
Please contact roseg@apsis.ch for questions.



--
With Kind Regards.

Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org