I've another issue, it's quite close to be fully working.
I've the base.conf and mansonthomas.com.conf and extranet.oneothersite.com.conf
when all 3 config file are activated (ie ends with .conf), then I only see
find below all the details!
root@ns0:/etc/stunnel# service stunnel4 start
Starting SSL tunnels: [Started: /etc/stunnel/base.conf] [Started: /etc/stunnel/mansonthomas.com.conf] stunnel.
Yes !
In fact, my config file was missing the private key :TIMEOUTclose = 0
[mansonthomas.com]
cert = /etc/stunnel/sites/mansonthomas.com/mansonthomas.com.crt
accept = 88.190.217.117:443
connect = 127.0.0.1:82
I've added the key, and now it starts ;)
Thanks for your help !
Regards,
Thomas.
On Thu, Feb 23, 2012 at 09:39, Ludolf Holzheid <lholzheid@bihl-wiedemann.de> wrote:
On Wed, 2012-02-22 23:38:53 +0000, Thomas Manson wrote:
> [..]
>> [..]
> the CRT file is generated by my registrar. If it's in the wrong format,
> How can I convert it?
>
>> [..]
> Key file: /etc/stunnel/sites/mansonthomas.com/mansonthomas.com.crt
> error queue: 140B0009 : error:140B0009:SSL
> routines:SSL_CTX_use_PrivateKey_file:PEM lib
> SSL_CTX_use_PrivateKey_file: 906D06C: error:0906D06C:PEM
> routines:PEM_read_bio:no start line
>> [..]
> root@ns0:/etc/stunnel/sites/mansonthomas.com# cat mansonthomas.com.crt
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----Thomas,
> -----BEGIN DH PARAMETERS-----
> .....
> -----END DH PARAMETERS-----
If there is no "-----BEGIN RSA PRIVATE KEY-----" in
mansonthomas.com.crt, then there is no key in.
You should be provided with a file containing the key.
If this is in DER format (*.pfx or *.p12), you'll have to convert it
first:
openssl pkcs12 -in <der file> -out <pem file>
HTH,
Ludolf
--
---------------------------------------------------------------
Ludolf Holzheid Tel: +49 621 339960
Bihl+Wiedemann GmbH Fax: +49 621 3392239
Floßwörthstraße 41 e-mail: lholzheid@bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------