Hi Jose,
You’re right. Sorry. I did not realize the current owner of the private key is the root user. You can change the file owner to the user running stunnel with chown command or follow Mike‘s advice in his answer to your post. In any case, the file should not be workd readable.
regards Jose
On 29/11/2021, at 9:52 AM, jose isaias cabrera jicman@gmail.com wrote:
On Mon, Nov 29, 2021 at 9:34 AM Josealf.rm josealf@rocketmail.com wrote: Hola Jose,
Private key should be readable just for the user running stunnel. Try
chmod 600 /etc/ssl/private.key
regards,
Gracias, José. The problem now is this: [ ] Loading private key from file: /etc/ssl/private.key [!] error queue: ../ssl/ssl_rsa.c:540: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib [!] error queue: ../crypto/bio/bss_file.c:290: error:20074002:BIO routines:file_ctrl:system lib [!] SSL_CTX_use_PrivateKey_file: ../crypto/bio/bss_file.c:288: error:0200100D:system library:fopen:Permission denied [!] Service [https]: Failed to initialize TLS context
So, I don't think that is right. I will set it back to 644.
On 29/11/2021, at 9:13 AM, jose isaias cabrera jicman@gmail.com wrote:
Greetings!
I have duckduckgo'ed and I have not found an answer, but what should be the permissions for the private key since the stunnel is giving me a warning/error regarding that: ... [ ] Loading private key from file: /etc/ssl/private.key [:] Insecure file permissions on /etc/ssl/private.key [ ] Private key loaded from file: /etc/ssl/private.key ...
this is that I have set: jic@web:~$ ls -l /etc/ssl/private.key -rw-r--r-- 1 root www-data 1702 Oct 13 02:54 /etc/ssl/private.key
the www-data is the user that runs the website. All is running well, apparently, but, I would like to set the correct permission on the private.key file. Thanks for your support.
josé
--
What if eternity is real? Where will you spend it? Hmmmm... _______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
--
What if eternity is real? Where will you spend it? Hmmmm...