[stunnel-users] Small challenge with version 4.26 and a commercial certificate
editor
editor at cellmail.com
Sun Feb 14 06:44:48 CET 2010
Hi:
I decided to spend the money and get a commercial certificate from
Thawte. It was not a bad price. I have installed in the Sun host and
while it works perfectly for Apache but I can not get the file to work
for stunnel. The idea is to allow mobile users to access their mail
without annoying certificate warnings.
This is what happens:
# /usr/local/bin/stunnel &
[1] 13704
# Enter PEM pass phrase:
2010.02.14 05:32:46 LOG7[13704:1]: Snagged 64 random bytes from
/export/home/kgreene/.rnd
2010.02.14 05:32:46 LOG7[13704:1]: Wrote 1024 new random bytes to
/export/home/kgreene/.rnd
2010.02.14 05:32:46 LOG7[13704:1]: RAND_status claims sufficient entropy
for the PRNG
2010.02.14 05:32:46 LOG7[13704:1]: PRNG seeded successfully
2010.02.14 05:32:46 LOG7[13704:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2010.02.14 05:32:46 LOG7[13704:1]: Certificate loaded
2010.02.14 05:32:46 LOG7[13704:1]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2010.02.14 05:32:46 LOG3[13704:1]: error stack: 140B3009 :
error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
2010.02.14 05:32:46 LOG3[13704:1]: error stack: 906A068 :
error:0906A068:PEM routines:PEM_do_header:bad password read
2010.02.14 05:32:46 LOG3[13704:1]: SSL_CTX_use_RSAPrivateKey_file:
906406D: error:0906406D:PEM routines:PEM_def_callback:problems getting
password
[1]+ Exit 1 /usr/local/bin/stunnel
#
It never pauses to let me enter the PEM pass phase. As in instructed in
the man pages, I created the pem file by merging the private key and the
certificate from Thawte.
This is the version statement:
# /usr/local/bin/stunnel -version
stunnel 4.26 on sparc-sun-solaris2.9 with OpenSSL 0.9.8l 5 Nov 2009
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /usr/local/etc/stunnel/stunnel.pem
ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key = /usr/local/etc/stunnel/stunnel.pem
session = 300 seconds
stack = 65536 bytes
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
-------------------------------
Any ideas would be great. Thanks.
Kevin
More information about the stunnel-users
mailing list