{"id":446,"date":"2011-03-22T13:20:45","date_gmt":"2011-03-22T13:20:45","guid":{"rendered":"http:\/\/blog.designed79.co.uk\/?p=446"},"modified":"2011-05-16T12:58:19","modified_gmt":"2011-05-16T12:58:19","slug":"pound-ssl-and-real-certificates","status":"publish","type":"post","link":"https:\/\/blog.designed79.co.uk\/?p=446","title":{"rendered":"Pound, SSL, and real Certificates"},"content":{"rendered":"<h2><span style=\"font-weight: normal; font-size: 13px;\">Recently, I have been working with setting up some web servers, using\u00a0<a href=\"http:\/\/www.apsis.ch\/pound\/\">Pound<\/a> as the front-end. The idea is that there are multiple back-end servers, and the single front-end that controls which server requests go to. One of the problems is using SSL for HTTPS pages. All of the documentation I can find online covered creating a self-signed certificate.<\/span><\/h2>\n<div>\n<p>But if anyone has followed the\u00a0<a href=\"http:\/\/lauren.vortex.com\/archive\/000402.html\">self signed<\/a> certificate\u00a0<a href=\"http:\/\/royal.pingdom.com\/2008\/08\/19\/new-ssl-policy-in-firefox-hurting-tens-of-thousands-of-sites\/\">problem<\/a> knows that this is not a great idea, especially if the site is to be used by anyone. \u00a0Poking around, I finally found my answer, partly through an older post on the\u00a0<a href=\"http:\/\/www.apsis.ch\/pound\/pound_list\/archive\/2004\/2004-05\/1085055594000\">Pound mailing list<\/a>.<\/p>\n<p>Your first step is to make sure that Pound is up and running all on it\u2019s own. That is not the focus of this article, so don\u2019t complain. Also, you will need to have openssl installed on the server.<\/p>\n<p>Now, you need to generate an RSA private key for the server.<\/p>\n<pre>\n\n<div class=\"codecolorer-container text default\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"text codecolorer\">openssl genrsa -out server.key 1024<\/div><\/div>\n\n<\/pre>\n<p>Then, you need to create the Certificate Signing Request file, or CSR.<\/p>\n<pre>\n\n<div class=\"codecolorer-container text default\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"text codecolorer\">openssl req -new -key server.key -out server.csr<\/div><\/div>\n\n<\/pre>\n<p>Now, you go online, find yourself a certificate vendor, and fill out the form to request a certificate. In that form will be a text field for the csr data, just open up your server.csr file, and copy and paste that data. It should start with:<\/p>\n<p>\u2014\u2013BEGIN CERTIFICATE REQUEST\u2014\u2013<br \/>\nand end with:<br \/>\n\u2014\u2013END CERTIFICATE REQUEST\u2014\u2013<\/p>\n<p>Once that is done, you wait. Eventually you will get a response that includes the certificate. That will have BEGIN CERTIFICATE and END CERTIFICATE lines with encrypted data. Just save this as a text file named server.crt.<\/p>\n<p>Now, you will want to verify the certificate:<\/p>\n<pre>\n\n<div class=\"codecolorer-container text default\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"text codecolorer\">openssl x509 -in server.crt -text<\/div><\/div>\n\n<\/pre>\n<p>If that outputs something real, and not an error message, you can now create the PEM file for Pound:<\/p>\n<pre>\n\n<div class=\"codecolorer-container text default\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"text codecolorer\">openssl x509 -in server.crt -out server.pem<\/div><\/div>\n\n<\/pre>\n<p>Now you need to add the key to the PEM file:<\/p>\n<pre>\n\n<div class=\"codecolorer-container text default\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"text codecolorer\">openssl rsa -in server.key &amp;gt;&amp;gt; server.pem<\/div><\/div>\n\n<\/pre>\n<p>Now, copy your new PEM file to the correct location (as per the pound.cfg file) and restart pound. Now, connect to the HTTPS port for your server, and see if it works.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Recently, I have been working with setting up some web servers, using\u00a0Pound as the front-end. The idea is that there are multiple [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-446","post","type-post","status-publish","format-standard","hentry","category-info-on-tech"],"_links":{"self":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=446"}],"version-history":[{"count":0,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/446\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}