How to enable HTTPS on Pound

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)

Easily enable SSL certificate on the Pound reverse-proxy server

The Pound is an open source reverse-proxy server platform. It is also used as an application firewall as well as a load balancer. It doesn’t serve the content on its own but it acts as a front-end server. It accepts requests from HTTP/HTTPS clients and distributes them to the back-end servers.

One of the advantages of using pound is the security that it provides. Unlike other servers, it filters the data coming from clients. Any bad or malicious request is filtered out before transferring them to the web server(s).

Recently, we have been getting a lot of questions regarding SSL certificate configuration on Pound proxy server. Therefore, we have come up with this blog. This blog will guide you through the entire SSL certificate installation process.

Let’s get started.

1. Combine the certificate files

Before getting on with the process, you must make sure that you have the Private Key and Certificate files. You should have received the certificate files from the certificate authority (CA) and your private key during the CSR generation process. All the files will be in .pem format. You must concatenate or combine the Private Key and all the certificate files into a single new .pem file. You must concatenate the Private Key, Certificate file and Intermediate certificate.

Keep in mind that the order is of utmost importance here.

The Server Certificate must be at the top of that new .pem file and the Intermediate at the bottom.

Lets’ assume that the Certificate files are stored in /etc/test/ssl location.

Private key:

$ cat /etc/test/ssl/private_keys/host_key.pem >> /etc/test/ssl/pound/host_key_and_cert_chain.pem


Server Certificate:

$ cat /etc/test/ssl/certs/host_cert.pem >> /etc/test/ssl/pound/host_key_and_cert_chain.pem


Intermediate certificate:

$ cat /etc/test/ssl/ca/intermediate.pem >> /etc/test/ssl/pound/host_key_and_cert_chain.pem

2. Configure the pound.cfg file

Now open pound.cfg file and add the following line of code.



3. Restart Pound

pound -f /etc/pound/pound.cfg -p /var/run/


Finally, Pound is ready to transmit your HTTPS traffic.

Important Resources


green pad lockHere, we learn the steps to enable the SSL Certificate in Pound. As the Pound server only accepts the genuine SSL Certificate, you must install a trusted SSL.

How to View SSL Certificate Information in Safari
The 7 Ultimate SSL Certificate Tools for Effortless SSL Management
This entry was posted in SSLSecurity by Mit Gajjar. Bookmark the permalink.

About Mit Gajjar

I have been working as SSL security expert for 6 years and i have assisted to plenty of users to solve their technical issues while installation of SSL certificates on their web servers. It’s really great experience working with Platinum Partner Company CheapSSLSecurity to offer the most reliable SSL certificate security solution on the internet. Being Platinum Partner Company of Symantec, GeoTrust Thawte, Comodo, and RapidSSL, CheapSSLSecurity offers the cheapest SSL certificates security on the internet which starts at just only $3.20/yr.