Hi
I am trying to get stunnel stunnel 4.36 on ia64-hp-hpux11.23 with OpenSSL 0.9.8o 01 Jun 2010 working on this server and so far I have generated a new pem file as per the instructions, but it is the time to make to run, it keeps looking for a certificate for one of the services:
bash-3.2# /opt/iexpress/stunnel/bin/stunnel /opt/iexpress/stunnel/etc/stunnel/stunnel.conf Reading configuration from file /opt/iexpress/stunnel/etc/stunnel/stunnel.conf Snagged 64 random bytes from /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd Wrote 1024 new random bytes to /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd PRNG seeded successfully Line 37: End of section revnet_preprod_sunquest: SSL server needs a certificate
my conf file is as follows: bash-3.2# more /opt/iexpress/stunnel/etc/stunnel/stunnel.conf # Sample stunnel configuration file
#RNDfile=/opt/hpws/apache/stunnel/.stunnel.rnd RNDfile=/opt/iexpress/stunnel/etc/stunnel/stunnel.rnd # Chroot #chroot = /var/chroot/stunnel/
# PID is created inside chroot jail #pid = /opt/hpws/apache/logs/stunnel.pid pid = /opt/iexpress/stunnel/etc/stunnel/stunnel.pid # Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS
# Client Authentication #verify = 2 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /certs # or simply use CAfile instead: #CAfile = /opt/hpws/apache/conf/certs.pem
# Some debugging stuff debug = 7 output = /opt/hpws/apache/logs/stunnel.log
# Use in client mode client = no
# Run in the background foreground = no
# Service-level configuration [revnet_preprod_sunquest] accept = 10.99.10.37:8011 connect = 127.0.0.1:18011 #connect = 18011
[revnet_preprod_funsun] accept = 10.99.10.37:8017 connect = 127.0.0.1:18017 #connect = 18017
any help or tips would be welcome
Thanks
Jose
Hi Jose
It looks like you haven't told stunnel where to find the certificate you generated. Try adding the following either in the global section or inside the service definition:
cert=/your/path/to/pem key=/your/path/to/key
Cheers Dave
On Thu, Sep 15, 2011 at 7:50 AM, JOSE jtc@totaltravelmarketing.com wrote:
Hi
I am trying to get stunnel stunnel 4.36 on ia64-hp-hpux11.23 with OpenSSL 0.9.8o 01 Jun 2010 working on this server and so far I have generated a new pem file as per the instructions, but it is the time to make to run, it keeps looking for a certificate for one of the services:
bash-3.2# /opt/iexpress/stunnel/bin/stunnel /opt/iexpress/stunnel/etc/stunnel/stunnel.conf Reading configuration from file /opt/iexpress/stunnel/etc/stunnel/stunnel.conf Snagged 64 random bytes from /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd Wrote 1024 new random bytes to /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd PRNG seeded successfully Line 37: End of section revnet_preprod_sunquest: SSL server needs a certificate
my conf file is as follows: bash-3.2# more /opt/iexpress/stunnel/etc/stunnel/stunnel.conf # Sample stunnel configuration file
#RNDfile=/opt/hpws/apache/stunnel/.stunnel.rnd RNDfile=/opt/iexpress/stunnel/etc/stunnel/stunnel.rnd # Chroot #chroot = /var/chroot/stunnel/
# PID is created inside chroot jail #pid = /opt/hpws/apache/logs/stunnel.pid pid = /opt/iexpress/stunnel/etc/stunnel/stunnel.pid # Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS
# Client Authentication #verify = 2 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /certs # or simply use CAfile instead: #CAfile = /opt/hpws/apache/conf/certs.pem
# Some debugging stuff debug = 7 output = /opt/hpws/apache/logs/stunnel.log
# Use in client mode client = no
# Run in the background foreground = no
# Service-level configuration [revnet_preprod_sunquest] accept = 10.99.10.37:8011 connect = 127.0.0.1:18011 #connect = 18011
[revnet_preprod_funsun] accept = 10.99.10.37:8017 connect = 127.0.0.1:18017 #connect = 18017
any help or tips would be welcome
Thanks
Jose _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
On 14/09/2011 4:24 PM, David van Zijl wrote:
Hi Jose
It looks like you haven't told stunnel where to find the certificate you generated. Try adding the following either in the global section or inside the service definition:
cert=/your/path/to/pem key=/your/path/to/key
Cheers Dave
On Thu, Sep 15, 2011 at 7:50 AM, JOSEjtc@totaltravelmarketing.com wrote:
Hi
I am trying to get stunnel stunnel 4.36 on ia64-hp-hpux11.23 with OpenSSL 0.9.8o 01 Jun 2010 working on this server and so far I have generated a new pem file as per the instructions, but it is the time to make to run, it keeps looking for a certificate for one of the services:
bash-3.2# /opt/iexpress/stunnel/bin/stunnel /opt/iexpress/stunnel/etc/stunnel/stunnel.conf Reading configuration from file /opt/iexpress/stunnel/etc/stunnel/stunnel.conf Snagged 64 random bytes from /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd Wrote 1024 new random bytes to /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd PRNG seeded successfully Line 37: End of section revnet_preprod_sunquest: SSL server needs a certificate
my conf file is as follows: bash-3.2# more /opt/iexpress/stunnel/etc/stunnel/stunnel.conf # Sample stunnel configuration file
#RNDfile=/opt/hpws/apache/stunnel/.stunnel.rnd RNDfile=/opt/iexpress/stunnel/etc/stunnel/stunnel.rnd # Chroot #chroot = /var/chroot/stunnel/
# PID is created inside chroot jail #pid = /opt/hpws/apache/logs/stunnel.pid pid = /opt/iexpress/stunnel/etc/stunnel/stunnel.pid # Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS
# Client Authentication #verify = 2 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /certs # or simply use CAfile instead: #CAfile = /opt/hpws/apache/conf/certs.pem
# Some debugging stuff debug = 7 output = /opt/hpws/apache/logs/stunnel.log
# Use in client mode client = no
# Run in the background foreground = no
# Service-level configuration [revnet_preprod_sunquest] accept = 10.99.10.37:8011 connect = 127.0.0.1:18011 #connect = 18011
[revnet_preprod_funsun] accept = 10.99.10.37:8017 connect = 127.0.0.1:18017 #connect = 18017
any help or tips would be welcome
Thanks
Jose _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
.
Hi David,
You are correct, I just got it running, I have an older version running on parallel on the same machine, and that one does not mind not having that option on the config file
Thanks a lot for your help
Jose
-
David van Zijl -
JOSE