2016-01-14 16:51 GMT+08:00 Michal Trojnara Michal.Trojnara@stunnel.org:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi Hongyi,
My hint:
$ curl -s http://localhost:3000/ Cannot GET /
$ curl -s -H 'Host: coolaj86.com' http://localhost:3000/
Thanks a lot, I still have some issues:
1- Why must we use the ''-H 'Host: coolaj86.com' '' in this command for getting the correct result?
2- If I want to use internet explorer, such as firefox/chrome to open the corresponding url, i.e., http://localhost:3000/, how should I do?
3- There are 3 certificates given by the owner of the website https://coolaj86.com/. They are all stored here:
https://gist.github.com/coolaj86/327cee3eee6fc119b389/
Just as you can see, the 3 certificates are named as follows:
cert.pem chain.pem root.pem
What's the relationship between the above 3 certificates?
And the first certificate, i.e., the cert.pem, is the one used for the website https://coolaj86.com/.
So, I just want to know why we must the root.pem in the stunnel's conf file?
Regards
<!DOCTYPE html>
<html lang="en"> <head> <meta charset="utf-8"> <title>AJ ONeal</title> ...
Best regards, Mike
On 14.01.2016 05:51, Hongyi Zhao wrote:
Hi all,
Based on the descriptions on the following webpage:
http://plug.org/pipermail/plug/2015-August/033939.html
I do the following testing:
1- Complile and install the lastest stunnel, i.e., the stunnel-5.29.
2- Obtaining the root cert
wget -q https://gist.githubusercontent.com/coolaj86/327cee3eee6fc119b389/raw/r
oot.pem
- -O /tmp/root.pem
3- Prepare the following config file for stunnel:
pid = /tmp/stunnel-tlsvpn.pid
client = yes verify = 1 foreground = yes
[tlsvpn] accept = localhost:3000 sni = coolaj86.com connect = coolaj86.com:443 CAfile = /tmp/root.pem
4- Starting the stunnel:
$ stunnel ./stunnel-tlsvpn.conf
5- Testing:
At this moment, I use the firefox to open the following url:
But the firefox will only give the following line in its windows:
Cannot GET /
Any hints on this issue?
Regards
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCAAGBQJWl2GYAAoJEC78f/DUFuAUwlAP/3w4sq5u4Wp1SV9mbB4Sr7D4 nP++WO10HLpSFQRnO85BaX2XHwU5aC+AxDI9wztvkEXLE9gup3KfT9Dvk9cfrHHv Vb+EmOnspKslsOI1X/pHbSxB7tuc816aqqW9Q2Vmwh9RoVnt0djFIIB/GpKQa/0m YhJrfcpT+WmZ3xrKQUcsahVFTzgxWxZCbDO26c/B3n/ORSmCvs4lRuYXtAuqfGlX q0+qHt4+gi69lc6PMLeGWEonFhgHCl3Mc2Oa5Y3atb52uWG3KS2b4KF+ZQWfhPFK qMggrXNnGgtxrb52rTw8C0/e14v3ZmENB2NX3qZGOvgiS4YujbjE2yGOgjeJzaxo x/UEOFY2X879TECrThEWS87e6BiMog5iKYw8VneJ6rAYn40vGPEji5Lg8kTUU3kC Du5u2zyIdPmqHhTKqpSoIgFKt1w80VpM7wZ/Z8H12yJJh1MHvh7EFUZTZ987nMpt UNf8wCTTDxMEnQI/kMODLBLO9ntGnCHF0PXQ3s24zQ10/BftLyNbTMMTs14bktQG hyWV/aGqF7+dtgcTgirLn1cypxKW5wrF8JOt5I/B1c3/fafHny/I4NyuF5MQuEB9 GDDjYwbcQrU4shSA4Hoe5mWQDpdBJUBb5+8wHkgZg2neU8wcfyzEPucS960eG46Q zSbvpAgUjmvP91qZhWyI =oyVS -----END PGP SIGNATURE-----