[stunnel-users] Windows Server 2012 stunnel service

Michał Trojnara Michal.Trojnara at stunnel.org
Tue Apr 18 18:29:22 CEST 2017


Hi Guys,

Windows services are started *before* a user logon.  This feature is
incompatible with passphrase-protected private keys.  You either need to
start stunnel as a user application (and not a Windows service), or to
remove the passphrase from your private key.  An empty password should
do the job for a .pfx file.

Best regards,
	Mike

On 04/18/2017 03:14 PM, Carter Browne wrote:
> I think your problem is the password.  Stunnel works fine as a service
> in Windows Server 2012R2, but there is no connection I am aware of
> between an interactive session and the service program.  You might try
> modifying the start up command to include piping in the password from a
> file (which, of course, defeats the purpose of the password) to see if
> that is the issue.
> 
> I have found the delayed start option on the service sometimes works
> better to more sure any needed network services like dhcp are up and
> running before stunnel.
> 
> Good luck.
> 
> Carter
> 
> 
> On 4/18/2017 3:36 AM, Adam Shackleton wrote:
>>
>> Hi All
>>
>>  
>>
>> I’m running stunnel on Windows Server 2012 R2 with the following config:
>>
>>  
>>
>> [test-qa]
>>
>> client = yes
>>
>> accept = 127.0.0.1:8080
>>
>> connect = webaddress.com:443
>>
>> cert = API-q-response.pfx
>>
>> CAfile = ca-certs.pem
>>
>> OCSPaia = yes
>>
>>  
>>
>> When I start the GUI I’m prompted for the certificate password then
>> and then stunnel works fine, but I need it to run as a service. I’ve
>> tried using the start menu stunnel Service Install button, I’ve also
>> tried opening a command prompt in C:\Program Files
>> (x86)\stunnel\config and running C:\Program Files
>> (x86)\stunnel\bin\stunnel.exe –install, and I’ve also tried moving the
>> config file and certs to the \bin directory and running stunnel
>> –install there as well.
>>
>>  
>>
>> In all case the service installs ok, and when you run it, it starts (I
>> can see it in the services tool), you can click the stunnel
>> Configuration File Reload button in the start menu and it says the
>> configuration was successfully reloaded, but it doesn’t work when I
>> try to use it. I’ve noticed two things that might be relevant:
>>
>>  
>>
>> 1.       At no point does it prompt me for the certificate password
>> like it does when I load the GUI
>>
>> 2.       The dialog boxes that open when the service is installed or
>> started say “stunnel 5.40 on Win32 (not configured)
>>
>>  
>>
>>  
>>
>> If anyone has any advice that would be greatly appreciated.
>>
>>  
>>
>> Thanks
>>
>> Adam
>>
>>
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 
> 
> 
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 


More information about the stunnel-users mailing list