Discussion:
[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue
(too old to reply)
Ludolf Holzheid
2016-05-17 08:01:01 UTC
Permalink
Hello,
I've found Stunnel as a potential answer to securely moving traffic between two machines.
But I'm having some difficulties configuring the software.
I've installed it on to the client machine and configured the client to connect to 127.0.0.1:8449 while the Server to which the client needs to connect is 192.168.220.72:8447
[custom]
accept = 127.0.0.1:8449
connect = 192.168.220.72:8447
cert = 220.72.cer
TIMEOUTclose = 0
2016.05.16 19:14:04 LOG3[main]: error queue: 140B0009: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
2016.05.16 19:14:04 LOG3[main]: SSL_CTX_use_PrivateKey_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line
David,

Stunnel doesn't like your key file.

Maybe it's not in PEM format, or it does not contain a private key.

Try to open it with a text editor. There should be lines reading
"-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----"
with some base64 coded stuff in between.

(There also should be a certificate enclosed in
"-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", but for
now, stunnel is missing the private key.)

HTH,

Ludolf
--
Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:***@bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796
Ludolf Holzheid
2016-05-17 11:02:34 UTC
Permalink
Hello Ludolf,
I've printed the content of certificate file and the lines: "-----BEGIN CERTIFICATE-----" "-----END CERTIFICATE-----" exist.
In addition, I've compared the default certificate provided by Stunnel with the one I wish to use, they're structure is identical.
Hello David,

Please reply to the list, so others are able to comment too.

I don't know the 'default certificate provided by Stunnel'. I expect
it to be depending on the distribution.

However, if there are "BEGIN/END CERTIFICATE" lines in your file, but
no "BEGIN/END RSA PRIVATE KEY", then the file is in PEM format, but
the key is missing. Maybe you have separate files for private key and
certificate. If this is the case, you may either concatenate key and
certificate to a single file or specify both files in the stunnel
key = my-private-key.pem
cert = my-certificate.pem
Ludolf
--
Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:***@bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796
Loading...