Configuring Stunnel to work between client and server - possible certificate issue
Hello, I've found Stunnel as a potential answer to securely moving traffic between two machines. But I'm having some difficulties configuring the software. I've installed it on to the client machine and configured the client to connect to 127.0.0.1:8449 while the Server to which the client needs to connect is 192.168.220.72:8447 In the stunnel.conf I've set the following: [custom] accept = 127.0.0.1:8449 connect = 192.168.220.72:8447 cert = 220.72.cer TIMEOUTclose = 0 Upon initializing Stunnel I get the following error: 2016.05.16 19:14:04 LOG3[main]: error queue: 140B0009: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib 2016.05.16 19:14:04 LOG3[main]: SSL_CTX_use_PrivateKey_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line 2016.05.16 19:14:04 LOG3[main]: Service [custom]: Failed to initialize SSL context 2016.05.16 19:14:04 LOG3[main]: Failed to reload the configuration file What can be the cause? Thanks in advance. Best Regards, David. [logo_tagline_Sig] David Faizulaev | PL/SQL Developer | T +972 (3) 767 3026<tel:%2B97237673012> | M +972 (54) 7314<tel:%2B972528466746>687 Centralized OT Security Management for Distributed SCADA/ICS Networks P Please consider the environment before printing this e-mail
On Mon, 2016-05-16 16:25:04 +0000, David Faizulaev wrote:
Hello,
I've found Stunnel as a potential answer to securely moving traffic between two machines. But I'm having some difficulties configuring the software.
I've installed it on to the client machine and configured the client to connect to 127.0.0.1:8449 while the Server to which the client needs to connect is 192.168.220.72:8447 In the stunnel.conf I've set the following:
[custom] accept = 127.0.0.1:8449 connect = 192.168.220.72:8447 cert = 220.72.cer TIMEOUTclose = 0
Upon initializing Stunnel I get the following error:
2016.05.16 19:14:04 LOG3[main]: error queue: 140B0009: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib 2016.05.16 19:14:04 LOG3[main]: SSL_CTX_use_PrivateKey_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line
David, Stunnel doesn't like your key file. Maybe it's not in PEM format, or it does not contain a private key. Try to open it with a text editor. There should be lines reading "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----" with some base64 coded stuff in between. (There also should be a certificate enclosed in "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", but for now, stunnel is missing the private key.) HTH, Ludolf -- Ludolf Holzheid Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany Tel: +49 621 33996-0 Fax: +49 621 3392239 mailto:lholzheid@bihl-wiedemann.de http://www.bihl-wiedemann.de Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796
participants (2)
-
David Faizulaev -
Ludolf Holzheid