root@ns0:/etc/stunnel# service stunnel4 start<br>Starting SSL tunnels: [Started: /etc/stunnel/base.conf] [Started: /etc/stunnel/mansonthomas.com.conf] stunnel.<br><br><br>Yes !<br><br>In fact, my config file was missing the private key : <br>
<br><span style="font-family:courier new,monospace">[<a href="http://mansonthomas.com/" target="_blank">mansonthomas.com</a>]</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">cert = /etc/stunnel/sites/<a href="http://mansonthomas.com/mansonthomas.com.crt" target="_blank">mansonthomas.com/mansonthomas.com.crt</a></span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">accept = <a href="http://88.190.217.117:443/" target="_blank">88.190.217.117:443</a></span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">connect = <a href="http://127.0.0.1:82/" target="_blank">127.0.0.1:82</a></span><br style="font-family:courier new,monospace">
<br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">TIMEOUTclose = 0<br><br>I've added the key, and now it starts ;)<br><br>Thanks for your help !<br><br>Regards,<br>Thomas.<br>
</span><br><div class="gmail_quote">On Thu, Feb 23, 2012 at 09:39, Ludolf Holzheid <span dir="ltr"><<a href="mailto:lholzheid@bihl-wiedemann.de">lholzheid@bihl-wiedemann.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Wed, 2012-02-22 23:38:53 +0000, Thomas Manson wrote:<br>
> [..]<br>
<div class="im">><br>
> the CRT file is generated by my registrar. If it's in the wrong format,<br>
> How can I convert it?<br>
><br>
</div>> [..]<br>
<div class="im">><br>
> Key file: /etc/stunnel/sites/<a href="http://mansonthomas.com/mansonthomas.com.crt" target="_blank">mansonthomas.com/mansonthomas.com.crt</a><br>
> error queue: 140B0009 : error:140B0009:SSL<br>
> routines:SSL_CTX_use_PrivateKey_file:PEM lib<br>
> SSL_CTX_use_PrivateKey_file: 906D06C: error:0906D06C:PEM<br>
> routines:PEM_read_bio:no start line<br>
</div>> [..]<br>
<div class="im">><br>
> root@ns0:/etc/stunnel/sites/<a href="http://mansonthomas.com#" target="_blank">mansonthomas.com#</a> cat mansonthomas.com.crt<br>
> -----BEGIN CERTIFICATE-----<br>
</div>> [..]<br>
<div class="im">> -----END CERTIFICATE-----<br>
> -----BEGIN DH PARAMETERS-----<br>
> .....<br>
> -----END DH PARAMETERS-----<br>
<br>
</div>Thomas,<br>
<br>
If there is no "-----BEGIN RSA PRIVATE KEY-----" in<br>
mansonthomas.com.crt, then there is no key in.<br>
<br>
You should be provided with a file containing the key.<br>
<br>
If this is in DER format (*.pfx or *.p12), you'll have to convert it<br>
first:<br>
<br>
openssl pkcs12 -in <der file> -out <pem file><br>
<br>
HTH,<br>
<br>
Ludolf<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
<br>
---------------------------------------------------------------<br>
Ludolf Holzheid Tel: <a href="tel:%2B49%20621%20339960" value="+49621339960">+49 621 339960</a><br>
Bihl+Wiedemann GmbH Fax: <a href="tel:%2B49%20621%203392239" value="+496213392239">+49 621 3392239</a><br>
Floßwörthstraße 41 e-mail: <a href="mailto:lholzheid@bihl-wiedemann.de">lholzheid@bihl-wiedemann.de</a><br>
D-68199 Mannheim, Germany<br>
---------------------------------------------------------------<br>
</font></span></blockquote></div><br>