Easily enable SSL certificate on the Pound reverse-proxy server
The Pound is an open source reverse-proxy server platform. It is also used as an application firewall as well as a load balancer. It doesn’t serve the content on its own but it acts as a front-end server. It accepts requests from HTTP/HTTPS clients and distributes them to the back-end servers.
One of the advantages of using pound is the security that it provides. Unlike other servers, it filters the data coming from clients. Any bad or malicious request is filtered out before transferring them to the web server(s).
Recently, we have been getting a lot of questions regarding SSL certificate configuration on Pound proxy server. Therefore, we have come up with this blog. This blog will guide you through the entire SSL certificate installation process.
Let’s get started.
1. Combine the certificate files
Before getting on with the process, you must make sure that you have the Private Key and Certificate files. You should have received the certificate files from the certificate authority (CA) and your private key during the CSR generation process. All the files will be in .pem format. You must concatenate or combine the Private Key and all the certificate files into a single new .pem file. You must concatenate the Private Key, Certificate file and Intermediate certificate.
Keep in mind that the order is of utmost importance here.
The Server Certificate must be at the top of that new .pem file and the Intermediate at the bottom.
Lets’ assume that the Certificate files are stored in /etc/test/ssl location.
Private key:
$ cat /etc/test/ssl/private_keys/host_key.pem >> /etc/test/ssl/pound/host_key_and_cert_chain.pem
Server Certificate:
$ cat /etc/test/ssl/certs/host_cert.pem >> /etc/test/ssl/pound/host_key_and_cert_chain.pem
Intermediate certificate:
$ cat /etc/test/ssl/ca/intermediate.pem >> /etc/test/ssl/pound/host_key_and_cert_chain.pem
2. Configure the pound.cfg file
Now open pound.cfg file and add the following line of code.
"/etc/puppet/ssl/pound/host_key_and_cert_chain.pem"
3. Restart Pound
pound -f /etc/pound/pound.cfg -p /var/run/pound.pid
Finally, Pound is ready to transmit your HTTPS traffic.
Important Resources
- Check SSL Certificate Information & Installation
- Generate CSR for Pound
- Convert SSL Certificate files into .PEM
Here, we learn the steps to enable the SSL Certificate in Pound. As the Pound server only accepts the genuine SSL Certificate, you must install a trusted SSL.