/ Zope / Apsis / Pound Mailing List / Archive / 2012 / 2012-09 / SSL_CTX_use_PrivateKey_file Driving me insane

[ << ] [ >> ]

[ RFC5789, support for HTTP PATCH method? / Paul ... ] [ How to deny attacker? / "Jaroslav ... ]

SSL_CTX_use_PrivateKey_file Driving me insane
Alan McGinlay <alanm(at)sics.se>
2012-09-27 11:16:21 [ SNIP ]
Hi All,

I have been getting this error now no matter what I do when trying to 
setup and HTTPS listener with a self signed cert.

"/etc/pound/pound.cfg line 56: SSL_CTX_use_PrivateKey_file failed - aborted"

I have generated the ssl cert in myriad different ways, always with the 
same result. I have tried with pound 2.5 and 2.6 (from ubuntu precise 
and quantal respectively) but there is no change! The certificates test 
ok with the openssl command line so I am at a complete loss!

Most of the info I have found on the net is from a few years back, could 
this be a new bug?

pound.cfg listeners:

ListenHTTP
     Address 199.10.64.8
     Port    80
     #Cert    "/etc/ssl/certs/server.crt"
     Service
         HeadRequire "Host:.*redneck001-ext.example.se.*"
         BackEnd
             Address localhost
             Port    81
         End
     End

END

ListenHTTPS
     Address 193.10.64.8
     Port    443
     Cert    "/etc/ssl/certs/redneck001-ext.example.se.cert"
     Service
         HeadRequire "Host:.*redneck001-ext.example.se.*"
         BackEnd
             Address localhost
             Port    81
         End
     End
End

Please help!

/Alan

Re: [Pound Mailing List] SSL_CTX_use_PrivateKey_file Driving me insane
Scott McKeown <scott(at)loadbalancer.org>
2012-09-27 11:57:42 [ SNIP ]
Hi Alan,
I'm sure that you will need to include the Private Key Chain in your PEM
file to resolve this error.

Have a look at http://www.digicert.com/ssl-support/pem-ssl-creation.htmwhich
shows the different ways of creating the PEM file.

Although now that I think about it, I don't remember if I had to include
this in mine the last time I created a Self Signed certificate so I could
be wrong on the self signed front. However, I would recommend the full PEM
file when you go live.


~Scott


On 27 September 2012 10:16, Alan McGinlay <alanm(at)sics.se> wrote:

> Hi All,
>
> I have been getting this error now no matter what I do when trying to
> setup and HTTPS listener with a self signed cert.
>
> "/etc/pound/pound.cfg line 56: SSL_CTX_use_PrivateKey_file failed -
> aborted"
>
> I have generated the ssl cert in myriad different ways, always with the
> same result. I have tried with pound 2.5 and 2.6 (from ubuntu precise and
> quantal respectively) but there is no change! The certificates test ok with
> the openssl command line so I am at a complete loss!
>
> Most of the info I have found on the net is from a few years back, could
> this be a new bug?
>
> pound.cfg listeners:
>
> ListenHTTP
>     Address 199.10.64.8
>     Port    80
>     #Cert    "/etc/ssl/certs/server.crt"
>     Service
>         HeadRequire "Host:.*redneck001-ext.**example.se.*"
>         BackEnd
>             Address localhost
>             Port    81
>         End
>     End
>
> END
>
> ListenHTTPS
>     Address 193.10.64.8
>     Port    443
>     Cert    "/etc/ssl/certs/redneck001-**ext.example.se.cert"
>     Service
>         HeadRequire "Host:.*redneck001-ext.**example.se.*"
>         BackEnd
>             Address localhost
>             Port    81
>         End
>     End
> End
>
> Please help!
>
> /Alan
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>



-- 
With Kind Regards.

Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org

Attachments:  
text.html text/html 2726 Bytes

Re: [Pound Mailing List] SSL_CTX_use_PrivateKey_file Driving me insane
Alan McGinlay <alanm(at)sics.se>
2012-09-27 12:14:46 [ SNIP ]
Fixed! thanks for the link, it put me on the right track.

All that was required was to concatenate the key, the crt and output a 
.pem file which i put in the ssl store and referenced it from pound.cfg.

I also ran "update-ca-certificates --verbose --fresh"

And restarted pound, success! This is just a test, the live site will 
use a "real" ssl cert.

Thanks,

Alan

2012-09-27 11:57, Scott McKeown skrev:
> Hi Alan,
> I'm sure that you will need to include the Private Key Chain in your PEM
> file to resolve this error.
>
> Have a look at http://www.digicert.com/ssl-support/pem-ssl-creation.htm
> which shows the different ways of creating the PEM file.
>
> Although now that I think about it, I don't remember if I had to include
> this in mine the last time I created a Self Signed certificate so I
> could be wrong on the self signed front. However, I would recommend the
> full PEM file when you go live.
>
>
> ~Scott
>
>
> On 27 September 2012 10:16, Alan McGinlay <alanm(at)sics.se
> <mailto:alanm(at)sics.se>> wrote:
>
>     Hi All,
>
>     I have been getting this error now no matter what I do when trying
>     to setup and HTTPS listener with a self signed cert.
>
>     "/etc/pound/pound.cfg line 56: SSL_CTX_use_PrivateKey_file failed -
>     aborted"
>
>     I have generated the ssl cert in myriad different ways, always with
>     the same result. I have tried with pound 2.5 and 2.6 (from ubuntu
>     precise and quantal respectively) but there is no change! The
>     certificates test ok with the openssl command line so I am at a
>     complete loss!
>
>     Most of the info I have found on the net is from a few years back,
>     could this be a new bug?
>
>     pound.cfg listeners:
>
>     ListenHTTP
>          Address 199.10.64.8
>          Port    80
>          #Cert    "/etc/ssl/certs/server.crt"
>          Service
>              HeadRequire "Host:.*redneck001-ext.__example.se.*"
>              BackEnd
>                  Address localhost
>                  Port    81
>              End
>          End
>
>     END
>
>     ListenHTTPS
>          Address 193.10.64.8
>          Port    443
>          Cert    "/etc/ssl/certs/redneck001-__ext.example.se.cert"
>          Service
>              HeadRequire "Host:.*redneck001-ext.__example.se.*"
>              BackEnd
>                  Address localhost
>                  Port    81
>              End
>          End
>     End
>
>     Please help!
>
>     /Alan
>
>     --
>     To unsubscribe send an email with subject unsubscribe to
>     pound(at)apsis.ch <mailto:pound(at)apsis.ch>.
>     Please contact roseg(at)apsis.ch <mailto:roseg(at)apsis.ch> for
questions.
>
>
>
>
> --
> With Kind Regards.
>
> Scott McKeown
> Loadbalancer.org
> http://www.loadbalancer.org
>

Re: [Pound Mailing List] SSL_CTX_use_PrivateKey_file Driving me insane
Scott McKeown <scott(at)loadbalancer.org>
2012-09-27 12:25:27 [ SNIP ]
Hi Alan,
Your more than welcome.
Some of the messages from Pound can be a little confusing until you've been
playing with it for a while.

Any further issues just drop us a line and I'm sure someone will be able to
help.


~Scott


On 27 September 2012 11:14, Alan McGinlay <alanm(at)sics.se> wrote:

> Fixed! thanks for the link, it put me on the right track.
>
> All that was required was to concatenate the key, the crt and output a
> .pem file which i put in the ssl store and referenced it from pound.cfg.
>
> I also ran "update-ca-certificates --verbose --fresh"
>
> And restarted pound, success! This is just a test, the live site will use
> a "real" ssl cert.
>
> Thanks,
>
> Alan
>
> 2012-09-27 11:57, Scott McKeown skrev:
>
>> Hi Alan,
>> I'm sure that you will need to include the Private Key Chain in your PEM
>> file to resolve this error.
>>
>> Have a look at
http://www.digicert.com/ssl-**support/pem-ssl-creation.htm<http://www.digicert.com/ssl-support/pem-ssl-creation.htm>
>> which shows the different ways of creating the PEM file.
>>
>> Although now that I think about it, I don't remember if I had to include
>> this in mine the last time I created a Self Signed certificate so I
>> could be wrong on the self signed front. However, I would recommend the
>> full PEM file when you go live.
>>
>>
>> ~Scott
>>
>>
>> On 27 September 2012 10:16, Alan McGinlay <alanm(at)sics.se
>> <mailto:alanm(at)sics.se>> wrote:
>>
>>     Hi All,
>>
>>     I have been getting this error now no matter what I do when trying
>>     to setup and HTTPS listener with a self signed cert.
>>
>>     "/etc/pound/pound.cfg line 56: SSL_CTX_use_PrivateKey_file failed -
>>     aborted"
>>
>>     I have generated the ssl cert in myriad different ways, always with
>>     the same result. I have tried with pound 2.5 and 2.6 (from ubuntu
>>     precise and quantal respectively) but there is no change! The
>>     certificates test ok with the openssl command line so I am at a
>>     complete loss!
>>
>>     Most of the info I have found on the net is from a few years back,
>>     could this be a new bug?
>>
>>     pound.cfg listeners:
>>
>>     ListenHTTP
>>          Address 199.10.64.8
>>          Port    80
>>          #Cert    "/etc/ssl/certs/server.crt"
>>          Service
>>              HeadRequire "Host:.*redneck001-ext.__**example.se.*"
>>
>>              BackEnd
>>                  Address localhost
>>                  Port    81
>>              End
>>          End
>>
>>     END
>>
>>     ListenHTTPS
>>          Address 193.10.64.8
>>          Port    443
>>          Cert    "/etc/ssl/certs/redneck001-__**ext.example.se.cert"
>>          Service
>>              HeadRequire "Host:.*redneck001-ext.__**example.se.*"
>>
>>              BackEnd
>>                  Address localhost
>>                  Port    81
>>              End
>>          End
>>     End
>>
>>     Please help!
>>
>>     /Alan
>>
>>     --
>>     To unsubscribe send an email with subject unsubscribe to
>>     pound(at)apsis.ch <mailto:pound(at)apsis.ch>.
>>     Please contact roseg(at)apsis.ch <mailto:roseg(at)apsis.ch> for
questions.
>>
>>
>>
>>
>>
>> --
>> With Kind Regards.
>>
>> Scott McKeown
>> Loadbalancer.org
>> http://www.loadbalancer.org
>>
>>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>



-- 
With Kind Regards.

Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org

Attachments:  
text.html text/html 4842 Bytes

MailBoxer