Am 19.12.2012 15:08, schrieb Nicolás Valera:
the public client-side
ssl_mode ssl_listen
We have a setup running perdition 1.19rc4 using libssl0.9.8 with just:
ssl_cert_file /etc/perdition/xxx.crt
ssl_key_file /etc/perdition/xxx.key
Options ssl_ca_file and ssl_ca_path are not set.
The ssl_cert_file contains the certificates (PEM format!) in the
following order: server cert, intermediates, root cert.
The key file is owned by root and has permissions 600. It might be
important that it's not world readable.
In addition, the following options are set, but AFAIK they are for the
connection between perdition and the real servers:
ssl_cert_accept_self_signed
ssl_cert_accept_expired
ssl_cert_accept_not_yet_valid
ssl_no_cert_verify
ssl_no_cn_verify
What about some logging output, how do you test? What does "does not
work" exactly mean?
Regards
Matthias
--
Dipl.-Inf. Matthias Hunstock
UniRZ der TU Ilmenau, Raum 07
Tel.: +49 3677 69-1289