[stunnel-users] No certificate or private key specified

Thu Oct 12 11:42:41 CEST 2017

Hi,

After overcoming some initial more obvious problems I have still been unable to get this client's stunnel configured correctly.

"No certificate or private key specified" - is this significant?

Stunnel.conf looks like the below:

debug = 2
output = stunnel.log

CAfile=.\ca-verisign.crt
client=yes
verify=0
sslVersion = TLSv1.2
options = NO_SSLv2
options = NO_SSLv3

[TRD]
accept=16002
connect= our.ip.com:443

[INV]
accept=16003
connect= our.ip.com:443

Stunnel output log below

2017.10.12 10:53:22 LOG7[main]: Found 1 ready file descriptor(s)
2017.10.12 10:53:22 LOG7[main]: FD=276 ifds=r-x ofds=---
2017.10.12 10:53:22 LOG7[main]: FD=284 ifds=r-x ofds=---
2017.10.12 10:53:22 LOG7[main]: Dispatching signals from the signal pipe
2017.10.12 10:53:22 LOG7[main]: Processing SIGNAL_RELOAD_CONFIG
2017.10.12 10:53:22 LOG7[main]: Running on Windows 6.1
2017.10.12 10:53:22 LOG5[main]: Reading configuration from file stunnel.conf
2017.10.12 10:53:22 LOG5[main]: UTF-8 byte order mark detected
2017.10.12 10:53:22 LOG5[main]: FIPS mode disabled
2017.10.12 10:53:22 LOG7[main]: Compression disabled
2017.10.12 10:53:22 LOG7[main]: Snagged 64 random bytes from C:/.rnd
2017.10.12 10:53:22 LOG7[main]: Wrote 1024 new random bytes to C:/.rnd
2017.10.12 10:53:22 LOG7[main]: PRNG seeded successfully
2017.10.12 10:53:22 LOG6[main]: Initializing service [TRD]
2017.10.12 10:53:22 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2
2017.10.12 10:53:22 LOG7[main]: TLS options: 0x03000004 (+0x03000000, -0x00000000)
2017.10.12 10:53:22 LOG7[main]: No certificate or private key specified
2017.10.12 10:53:22 LOG4[main]: Service [TRD] needs authentication to prevent MITM attacks
2017.10.12 10:53:22 LOG6[main]: Initializing service [INV]
2017.10.12 10:53:22 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2
2017.10.12 10:53:22 LOG7[main]: TLS options: 0x03000004 (+0x03000000, -0x00000000)
2017.10.12 10:53:22 LOG7[main]: No certificate or private key specified
2017.10.12 10:53:22 LOG4[main]: Service [INV] needs authentication to prevent MITM attacks
2017.10.12 10:53:22 LOG5[main]: Configuration successful
2017.10.12 10:53:22 LOG7[main]: Closing service [TRD]
2017.10.12 10:53:22 LOG7[main]: Service [TRD] closed (FD=284)
2017.10.12 10:53:22 LOG7[main]: Service [TRD] closed
2017.10.12 10:53:22 LOG7[main]: Closing service [INV]
2017.10.12 10:53:22 LOG7[main]: Service [INV] closed (FD=276)
2017.10.12 10:53:22 LOG7[main]: Service [INV] closed

We tried giving the certification a hard location but still it seems unable to find it. Is there anything in the cfg you can see missing? Bearing in mind this is standard cfg for our clients connecting in.

Kind regards,

Hugo Darley

The information contained in and accompanying this communication is strictly confidential and intended solely for the use of the intended recipient(s). If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its content to anyone. MarketAxess reserves the right to monitor the content of emails sent to or from its systems. Any comments or statements made are not necessarily those of MarketAxess. For more information, please visit www.marketaxess.com. MarketAxess Europe Limited is authorised and regulated by the UK Financial Conduct Authority, registered in England no. 4017610, registered office at 5 Aldermanbury Square, London EC2V 7HR. Telephone (020) 7709 3100. MarketAxess Corporation is regulated in the USA by the SEC and FINRA, incorporated in Delaware, executive offices at 299 Park Avenue, New York, NY 10171. Telephone (1) 212 813 6000.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20171012/77550183/attachment.html>