Hi Alan,
Your more than welcome.
Some of the messages from Pound can be a little confusing until you've been playing with it for a while.

Any further issues just drop us a line and I'm sure someone will be able to help.


~Scott


On 27 September 2012 11:14, Alan McGinlay <alanm@sics.se> wrote:
Fixed! thanks for the link, it put me on the right track.

All that was required was to concatenate the key, the crt and output a .pem file which i put in the ssl store and referenced it from pound.cfg.

I also ran "update-ca-certificates --verbose --fresh"

And restarted pound, success! This is just a test, the live site will use a "real" ssl cert.

Thanks,

Alan

2012-09-27 11:57, Scott McKeown skrev:
Hi Alan,
I'm sure that you will need to include the Private Key Chain in your PEM
file to resolve this error.

Have a look at http://www.digicert.com/ssl-support/pem-ssl-creation.htm
which shows the different ways of creating the PEM file.

Although now that I think about it, I don't remember if I had to include
this in mine the last time I created a Self Signed certificate so I
could be wrong on the self signed front. However, I would recommend the
full PEM file when you go live.


~Scott


On 27 September 2012 10:16, Alan McGinlay <alanm@sics.se
<mailto:alanm@sics.se>> wrote:

    Hi All,

    I have been getting this error now no matter what I do when trying
    to setup and HTTPS listener with a self signed cert.

    "/etc/pound/pound.cfg line 56: SSL_CTX_use_PrivateKey_file failed -
    aborted"

    I have generated the ssl cert in myriad different ways, always with
    the same result. I have tried with pound 2.5 and 2.6 (from ubuntu
    precise and quantal respectively) but there is no change! The
    certificates test ok with the openssl command line so I am at a
    complete loss!

    Most of the info I have found on the net is from a few years back,
    could this be a new bug?

    pound.cfg listeners:

    ListenHTTP
         Address 199.10.64.8
         Port    80
         #Cert    "/etc/ssl/certs/server.crt"
         Service
             HeadRequire "Host:.*redneck001-ext.__example.se.*"

             BackEnd
                 Address localhost
                 Port    81
             End
         End

    END

    ListenHTTPS
         Address 193.10.64.8
         Port    443
         Cert    "/etc/ssl/certs/redneck001-__ext.example.se.cert"
         Service
             HeadRequire "Host:.*redneck001-ext.__example.se.*"

             BackEnd
                 Address localhost
                 Port    81
             End
         End
    End

    Please help!

    /Alan

    --
    To unsubscribe send an email with subject unsubscribe to
    pound@apsis.ch <mailto:pound@apsis.ch>.
    Please contact roseg@apsis.ch <mailto:roseg@apsis.ch> for questions.





--
With Kind Regards.

Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org


--
To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
Please contact roseg@apsis.ch for questions.



--
With Kind Regards.

Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org