Hello there,
I have installed stunnel server on FreeBSD. I configure it like this
cert=server_cert.pem
key=private\server_key.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
verify=2
CAfile=test_cert.pem
[ssl_host_proxy]
accept=172.24.150.15:1234
connect=192.168.1.1:10500
TIMEOUTidle=120
Client side is not a computer it's small device. I generate client
certificates in this manor:
echo off
del test_ck.pem /q # delete previous test.ck.pem file
echo Starting New test_ck file Generation
C:\OpenSSL\bin\openssl.exe req -new -x509 -newkey rsa:2048 -sha1 -out
test_cert.pem -keyout test_key.pem -nodes -config sample_ck.cnf -days
1825 -batch
C:\OpenSSL\bin\openssl.exe pkcs8 -in test_key.pem -topk8 -out
test_pk8.pem -passout pass:"TestPassword0001" -noiter -v1 PBE-SHA1-3DES
del test_key.pem /q
copy test_cert.pem+test_pk8.pem test_ck.pem /y
del test_pk8.pem /q
Echo New test_ck.pem file has the following sections:
findstr "BEGIN END" test_ck.pem
pause
test_cert.pem is on a stunnel server as CAfile and test_ck.pem is on my
small device which is capable to connect via stunnel.
And I generate other self-signed CA, and generate one certificate
request and sign it via this CA, and install that key and certificate on
server.
cert=server_cert.pem
key=private\server_key.pem
All is working fine, but after one year my server certificate has
expired, when I regenerate new server certificate and try to connect, I
see in server log this:
Child process 6094 finished with code 0
SSL state (accept): before accept initialization
SSL state (accept): SSLv3 read client hello A
SSL state (accept): SSLv3 write server hello A
SSL state (accept): SSLv3 write certificate A
SSL state (accept): SSLv3 write server done A
SSL state (accept): SSLv3 flush data
SSL_accept: Peer suddenly disconnected
And my device can't connect to the server, I haven't any client side
logs and error messages, only NOT DELIVERED in my device. :(
Can you please help me to solve this problem, I am trying many many
times, I was very angry..
Thank you very much.
Victor Harutyunyan.
P.S. Sorry for my bad english.