On Mon, Nov 29, 2021 at 9:34 AM Josealf.rm josealf@rocketmail.com wrote:
Hola Jose,
Private key should be readable just for the user running stunnel. Try
chmod 600 /etc/ssl/private.key
regards,
Gracias, José. The problem now is this: [ ] Loading private key from file: /etc/ssl/private.key [!] error queue: ../ssl/ssl_rsa.c:540: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib [!] error queue: ../crypto/bio/bss_file.c:290: error:20074002:BIO routines:file_ctrl:system lib [!] SSL_CTX_use_PrivateKey_file: ../crypto/bio/bss_file.c:288: error:0200100D:system library:fopen:Permission denied [!] Service [https]: Failed to initialize TLS context
So, I don't think that is right. I will set it back to 644.
On 29/11/2021, at 9:13 AM, jose isaias cabrera jicman@gmail.com wrote:
Greetings!
I have duckduckgo'ed and I have not found an answer, but what should be
the permissions for the private key since the stunnel is giving me a warning/error regarding that:
... [ ] Loading private key from file: /etc/ssl/private.key [:] Insecure file permissions on /etc/ssl/private.key [ ] Private key loaded from file: /etc/ssl/private.key ...
this is that I have set: jic@web:~$ ls -l /etc/ssl/private.key -rw-r--r-- 1 root www-data 1702 Oct 13 02:54 /etc/ssl/private.key
the www-data is the user that runs the website. All is running well,
apparently, but, I would like to set the correct permission on the private.key file. Thanks for your support.
josé
--
What if eternity is real? Where will you spend it? Hmmmm... _______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org