Hi,

 

After overcoming some initial more obvious problems I have still been unable to get this client’s stunnel configured correctly.

 

“No certificate or private key specified” – is this significant?

 

Stunnel.conf looks like the below:

 

debug = 2

output = stunnel.log

 

CAfile=.\ca-verisign.crt

client=yes

verify=0

sslVersion = TLSv1.2

options = NO_SSLv2

options = NO_SSLv3

 

[TRD]

accept=16002

connect= our.ip.com:443

 

[INV]

accept=16003

connect= our.ip.com:443

 

Stunnel output log below

 

2017.10.12 10:53:22 LOG7[main]: Found 1 ready file descriptor(s)

2017.10.12 10:53:22 LOG7[main]: FD=276 ifds=r-x ofds=---

2017.10.12 10:53:22 LOG7[main]: FD=284 ifds=r-x ofds=---

2017.10.12 10:53:22 LOG7[main]: Dispatching signals from the signal pipe

2017.10.12 10:53:22 LOG7[main]: Processing SIGNAL_RELOAD_CONFIG

2017.10.12 10:53:22 LOG7[main]: Running on Windows 6.1

2017.10.12 10:53:22 LOG5[main]: Reading configuration from file stunnel.conf

2017.10.12 10:53:22 LOG5[main]: UTF-8 byte order mark detected

2017.10.12 10:53:22 LOG5[main]: FIPS mode disabled

2017.10.12 10:53:22 LOG7[main]: Compression disabled

2017.10.12 10:53:22 LOG7[main]: Snagged 64 random bytes from C:/.rnd

2017.10.12 10:53:22 LOG7[main]: Wrote 1024 new random bytes to C:/.rnd

2017.10.12 10:53:22 LOG7[main]: PRNG seeded successfully

2017.10.12 10:53:22 LOG6[main]: Initializing service [TRD]

2017.10.12 10:53:22 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2

2017.10.12 10:53:22 LOG7[main]: TLS options: 0x03000004 (+0x03000000, -0x00000000)

2017.10.12 10:53:22 LOG7[main]: No certificate or private key specified

2017.10.12 10:53:22 LOG4[main]: Service [TRD] needs authentication to prevent MITM attacks

2017.10.12 10:53:22 LOG6[main]: Initializing service [INV]

2017.10.12 10:53:22 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2

2017.10.12 10:53:22 LOG7[main]: TLS options: 0x03000004 (+0x03000000, -0x00000000)

2017.10.12 10:53:22 LOG7[main]: No certificate or private key specified

2017.10.12 10:53:22 LOG4[main]: Service [INV] needs authentication to prevent MITM attacks

2017.10.12 10:53:22 LOG5[main]: Configuration successful

2017.10.12 10:53:22 LOG7[main]: Closing service [TRD]

2017.10.12 10:53:22 LOG7[main]: Service [TRD] closed (FD=284)

2017.10.12 10:53:22 LOG7[main]: Service [TRD] closed

2017.10.12 10:53:22 LOG7[main]: Closing service [INV]

2017.10.12 10:53:22 LOG7[main]: Service [INV] closed (FD=276)

2017.10.12 10:53:22 LOG7[main]: Service [INV] closed

 

We tried giving the certification a hard location but still it seems unable to find it. Is there anything in the cfg you can see missing? Bearing in mind this is standard cfg for our clients connecting in.

 

Kind regards,

 

Hugo Darley

 

The information contained in and accompanying this communication is strictly confidential and intended solely for the use of the intended recipient(s). If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its content to anyone. MarketAxess reserves the right to monitor the content of emails sent to or from its systems. Any comments or statements made are not necessarily those of MarketAxess. For more information, please visit www.marketaxess.com. MarketAxess Europe Limited is authorised and regulated by the UK Financial Conduct Authority, registered in England no. 4017610, registered office at 5 Aldermanbury Square, London EC2V 7HR. Telephone (020) 7709 3100. MarketAxess Corporation is regulated in the USA by the SEC and FINRA, incorporated in Delaware, executive offices at 299 Park Avenue, New York, NY 10171. Telephone (1) 212 813 6000.