Pen and SSL issues

From: Nathan Butcher <>
Date: Fri, 10 Nov 2006 10:01:20 +0900

I'm trying to figure out a way to use SSL and VRRP as well across two
servers running tomcat. I'm not too experienced with SSL, so I need some

If I can set both servers up to use the same certificate file under
tomcat, despite them both having different FQDN and IPs, then great. I'm
hoping that pen will simply pass on the requests to each of the tomcat
servers and let them deal with the SSL specifics. But will the SSL
function properly with a mismatched DNS?

Pen has this SSL compatibility feature (albiet experimental). What
exactly does the -Z option do? The pen HOWTO says I can get away with
using -E and a PEM certificate and leave it at that.
For testing, I generated my own private key, cert request, and then used
that to sign my own cert. Then concactenated both private key and signed
cert into a "server.pem" file and used "-E server.pem" in pen's config.
Pen started up with an SSL debug line (mentioning something about being
unable to validate the cert) and I could access my servers from a
webbrowser - but the contents of my test webpage never appeared. I got a
blank screens, but pen's logging seemed OK. The apache in my test
environment was ordinary apache with no SSL modifications. Will I need
apache+modssl running for this to work?

Has someone managed to get SSL to work across a pen/vrrp setup?
Received on Fri Nov 10 2006 - 02:05:00 CET

This archive was generated by hypermail 2.2.0 : Fri Nov 10 2006 - 02:05:02 CET