[stunnel-users] stunnel claims it needs certificate

David van Zijl davidvz at gmail.com
Wed Sep 14 22:24:33 CEST 2011


Hi Jose

It looks like you haven't told stunnel where to find the certificate
you generated. Try adding the following either in the global section
or inside the service definition:

cert=/your/path/to/pem
key=/your/path/to/key

Cheers
Dave

On Thu, Sep 15, 2011 at 7:50 AM, JOSE <jtc at totaltravelmarketing.com> wrote:
>
> Hi
>
> I am trying to get stunnel stunnel 4.36 on ia64-hp-hpux11.23 with OpenSSL
> 0.9.8o 01 Jun 2010 working on this server and so far I have generated a new
> pem file as per the instructions, but it is the time to make to run, it
> keeps looking for a certificate for one of the services:
>
> bash-3.2# /opt/iexpress/stunnel/bin/stunnel
> /opt/iexpress/stunnel/etc/stunnel/stunnel.conf
> Reading configuration from file
> /opt/iexpress/stunnel/etc/stunnel/stunnel.conf
> Snagged 64 random bytes from /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd
> Wrote 1024 new random bytes to /opt/iexpress/stunnel/etc/stunnel/stunnel.rnd
> PRNG seeded successfully
> Line 37: End of section revnet_preprod_sunquest: SSL server needs a
> certificate
>
>
>
> my conf file is as follows:
> bash-3.2# more /opt/iexpress/stunnel/etc/stunnel/stunnel.conf
> # Sample stunnel configuration file
>
> #RNDfile=/opt/hpws/apache/stunnel/.stunnel.rnd
> RNDfile=/opt/iexpress/stunnel/etc/stunnel/stunnel.rnd
> # Chroot
> #chroot = /var/chroot/stunnel/
>
> # PID is created inside chroot jail
> #pid = /opt/hpws/apache/logs/stunnel.pid
> pid = /opt/iexpress/stunnel/etc/stunnel/stunnel.pid
> # Workaround for Eudora bug
> #options = DONT_INSERT_EMPTY_FRAGMENTS
>
> # Client Authentication
> #verify = 2
> # don't forget about c_rehash CApath
> # it is located inside chroot jail:
> #CApath = /certs
> # or simply use CAfile instead:
> #CAfile = /opt/hpws/apache/conf/certs.pem
>
> # Some debugging stuff
> debug = 7
> output = /opt/hpws/apache/logs/stunnel.log
>
> # Use in client mode
> client = no
>
> # Run in the background
> foreground = no
>
> # Service-level configuration
> [revnet_preprod_sunquest]
> accept  = 10.99.10.37:8011
> connect = 127.0.0.1:18011
> #connect = 18011
>
> [revnet_preprod_funsun]
> accept  = 10.99.10.37:8017
> connect = 127.0.0.1:18017
> #connect = 18017
>
> any help or tips would be welcome
>
> Thanks
>
> Jose
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>



More information about the stunnel-users mailing list