Hello all. I am trying to set up stunnel for use on my machine. I shouldn't have a problem with iptables. But I do run tor/privoxy on a regular basis if that matters. I also have set up my gpg keys too.
The following is the error I get. I did do some Googling but I'm not quite understanding what I'm looking for to change or modify. I know the error is the SSL CTX RSA private key.
Wed Mar 25, 19:39 # /etc/rc.d/stunnel start :: Starting stunnel [BUSY] 2009.03.25 19:39:21 LOG7[7490:3082353408]: Snagged 64 random bytes from /root/.rnd 2009.03.25 19:39:21 LOG7[7490:3082353408]: Wrote 1024 new random bytes to /root/.rnd 2009.03.25 19:39:21 LOG7[7490:3082353408]: RAND_status claims sufficient entropy for the PRNG 2009.03.25 19:39:21 LOG7[7490:3082353408]: PRNG seeded successfully 2009.03.25 19:39:21 LOG7[7490:3082353408]: Certificate: /etc/stunnel/mail.pem 2009.03.25 19:39:21 LOG7[7490:3082353408]: Certificate loaded 2009.03.25 19:39:21 LOG7[7490:3082353408]: Key file: /etc/stunnel/mail.pem 2009.03.25 19:39:21 LOG3[7490:3082353408]: error stack: 140B3009 : error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib 2009.03.25 19:39:21 LOG3[7490:3082353408]: SSL_CTX_use_RSAPrivateKey_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line
stunnel 4.25-1
Linux vampypengy 2.6.28-ARCH #1 SMP PREEMPT Tue Mar 17 06:42:43 UTC 2009 i686 Genuine Intel(R) CPU T2060 @ 1.60GHz GenuineIntel GNU/Linux
glibc 2.9-4
Using built-in specs. Target: i686-pc-linux-gnu Configured with: ../configure --prefix=/usr --enable-shared --enable-languages=c,c++,fortran,objc,obj-c++,treelang --enable-threads=posix --mandir=/usr/share/man --infodir=/usr/share/info --enable-__cxa_atexit --disable-multilib --libdir=/usr/lib --libexecdir=/usr/lib --enable-clocale=gnu --disable-libstdcxx-pch --with-tune=generic Thread model: posix gcc version 4.3.3 (GCC)
OpenSSL 0.9.8j 07 Jan 2009
perl-net-ssleay 1.30-2
Hello, it seems that your private key is not in a correct format. Have a look at http://www.stunnel.org/faq/certs.html to see how to create a key and verify your key. Verify also that the key is readable only by its owner (chmod 600 key.pem).
It seems sir you are a wizard indeed. That page helped get my key going and stunnel started with no problems. Now just tweaking to do on my end.
GK
On Thu, 2009-03-26 at 09:50 +0100, Christophe Nanteuil wrote:
Hello, it seems that your private key is not in a correct format. Have a look at http://www.stunnel.org/faq/certs.html to see how to create a key and verify your key. Verify also that the key is readable only by its owner (chmod 600 key.pem).
I am using stunnel over thttpd.
My stunnel config file is this:
foreground=yes client=no cert=/scratch/stunnel/pem [https] accept=443 connect=80
I started stunnel this way:
/scratch # /exos/bin/stunnel /scratch/stunnel.cfg 2009.03.27 09:02:22 LOG4[944:1024]: Wrong permissions on /scratch/stunnel.pem 2009.03.27 09:02:22 LOG5[944:1024]: stunnel 4.26 on i686-pc-linux-gnu with OpenS SL 0.9.7d 17 Mar 2004 2009.03.27 09:02:22 LOG5[944:1024]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IP v6 2009.03.27 09:02:22 LOG5[944:1024]: 500 clients allowed
But when I typed "https://10.255.43.101/
I got "The page cannot be displayed" error message. I did not see any error logging from stunnel which is running on the foreground.
But when I typed "http://10.255.43.101/ and it worked.
Any suggestion for debugging my problem? Thanks!
-Joe
DISCLAIMER: This e-mail and any attachments to it may contain confidential and proprietary material and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.
Hello, In order to allow us to help you better, can you : 1/ set debug=7 in your config file so the logs will be complete ; 2/ run netstat -tanpe | grep 443 to see if stunnel is really active on port 443 3/ run chmod 600 /scratch/stunnel.pem to remove warning line about permissions in logs
-
Christophe Nanteuil -
G K -
Joe Lau