On 14/09/2011 4:24 PM, David van Zijl wrote:
Hi Jose
It looks like you haven't told stunnel where to find the certificate you generated. Try adding the following either in the global section or inside the service definition:
cert=/your/path/to/pem key=/your/path/to/key
Cheers Dave
On Thu, Sep 15, 2011 at 7:50 AM, JOSEjtc@totaltravelmarketing.com wrote:
Hi
I am trying to get stunnel stunnel 4.36 on ia64-hp-hpux11.23 with OpenSSL 0.9.8o 01 Jun 2010 working on this server and so far I have generated a new pem file as per the instructions, but it is the time to make to run, it keeps looking for a certificate for one of the services:
bash-3.2# /opt/iexpress/stunnel/bin/stunnel /opt/iexpress/stunnel/etc/stunnel/stunnel.conf Reading configuration from file /opt/iexpress/stunnel/etc/stunnel/stunnel.conf Snagged 64 random bytes from /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd Wrote 1024 new random bytes to /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd PRNG seeded successfully Line 37: End of section revnet_preprod_sunquest: SSL server needs a certificate
my conf file is as follows: bash-3.2# more /opt/iexpress/stunnel/etc/stunnel/stunnel.conf # Sample stunnel configuration file
#RNDfile=/opt/hpws/apache/stunnel/.stunnel.rnd RNDfile=/opt/iexpress/stunnel/etc/stunnel/stunnel.rnd # Chroot #chroot = /var/chroot/stunnel/
# PID is created inside chroot jail #pid = /opt/hpws/apache/logs/stunnel.pid pid = /opt/iexpress/stunnel/etc/stunnel/stunnel.pid # Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS
# Client Authentication #verify = 2 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /certs # or simply use CAfile instead: #CAfile = /opt/hpws/apache/conf/certs.pem
# Some debugging stuff debug = 7 output = /opt/hpws/apache/logs/stunnel.log
# Use in client mode client = no
# Run in the background foreground = no
# Service-level configuration [revnet_preprod_sunquest] accept = 10.99.10.37:8011 connect = 127.0.0.1:18011 #connect = 18011
[revnet_preprod_funsun] accept = 10.99.10.37:8017 connect = 127.0.0.1:18017 #connect = 18017
any help or tips would be welcome
Thanks
Jose _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
.
Hi David,
You are correct, I just got it running, I have an older version running on parallel on the same machine, and that one does not mind not having that option on the config file
Thanks a lot for your help
Jose