search for: ssl_certificate_key

...wing error: 400 Bad Request The SSL certificate error ------------------------------------------------------------------------ nginx/0.6.39 I've tried the following: server { listen 8443; ssl on; ssl_certificate /etc/httpd/ssl/proxy-ssl.cer; ssl_certificate_key /etc/httpd/ssl/server.key; ssl_client_certificate /etc/httpd/ssl/ca-bundle.crt; ssl_verify_client on ............................................................................................. ............................................................................................

...server primaryca:8140; server secondaryca:8140 backup; } server { listen 192.168.122.14:8140; server_name loadbalancer01; ssl on; ssl_session_timeout 5m; ssl_certificate /var/lib/puppet/ssl/certs/loadbalancer01.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/ loadbalancer01.pem; ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP; ssl_prefer_server_ciphers on; ssl_verify_client optional...

...listen 443 ssl; > server_name software.mydomain.com; > ssl_protocols TLSv1.3 TLSv1.2; > ssl_stapling off; > ssl_stapling_verify on; > ssl_certificate /etc/letsencrypt/live/ > software.mydomain.com/fullchain.pem; > ssl_certificate_key /etc/letsencrypt/live/ > software.mydomain.com/privkey.pem; > ssl_ciphers > ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RS...

...ssue is : how to be sure things stay secure in the way that the proxy should be the one speaking ssl and making client ssl certificate signature verification. I read the pound and the ngnix wiki article and i am a bit confused here. Lets see for nginx: ssl_certificate cert.pem; ssl_certificate_key cert.key; ssl_client_certificate /etc/puppet/ssl/ca/ca_crt.pem (and ssl_verify_client on; in the server setting) So here i took the debian default ssl config and added the last line ''ssl_client_certificate'' with the same cert used on the pound wiki. Does it...

...; #tcp_nopush on; server { listen 80; server_name localhost; root /var/www/dashboard/current/public; passenger_enabled on; passenger_min_instances 1; # listen 443; # ssl on; # ssl_certificate /opt/nginx/conf/server.crt; # ssl_certificate_key /opt/nginx/conf/server.key; # Rails error pages error_page 500 502 503 504 /500.html; location = /500.html { root /var/www/dashboard/current/public; } } } In my dev env, app running on webrick, when the app generate a http 500 error I get the cus...

...unix:/var/run/puppet/puppetmasterd. 3.sock; server unix:/var/run/puppet/puppetmasterd. 4.sock; } server { listen 8140; ssl on; ssl_certificate /var/lib/puppet/ssl/certs/ something.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/ something.pem; ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:- EXP; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; ssl_verify_client on; root /var/empty; access_log...

..._min_instances 5; access_log logs/puppet_access.log; error_log logs/puppet_error.log; root /etc/puppet/rack/public; ssl_certificate /var/lib/puppet/ssl/certs/bangvmpllda02.XXXXX.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXX.com.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; ssl_prefer_server_c...

...w, it is as simple as the following configuration: upstream puppet-production { server 127.0.0.1:18140; server 127.0.0.1:18141; } server { listen 8140; ssl on; ssl_session_timeout 5m; ssl_certificate /var/lib/puppet/ssl/certs/puppetmaster.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppetmaster.pem; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; # allow authenticated and client without certs ssl_verify_client optional; # obey to the Puppet CRL ssl_crl /v...

Over the years many shops have come to start running puppet via cron to address memory leaks in earlier versions of Ruby, but the official position was that puppet was meant to be run as a continually running service. I am wondering if the official position has changed. On one hand many if not all of the early Ruby issues have been fixed, on the other, the addition of mcollective into the mix as