[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Tue May 17 10:01:01 CEST 2016


On Mon, 2016-05-16 16:25:04 +0000, David Faizulaev wrote:
> Hello,
> 
> I've found Stunnel as a potential answer to securely moving traffic between two machines.
> But I'm having some difficulties configuring the software.
> 
> I've installed it on to the client machine and configured the client to connect to 127.0.0.1:8449 while the Server to which the client needs to connect is 192.168.220.72:8447
> In the stunnel.conf I've set the following:
> 
> [custom]
> accept = 127.0.0.1:8449
> connect = 192.168.220.72:8447
> cert = 220.72.cer
> TIMEOUTclose = 0
> 
> Upon initializing Stunnel I get the following error:
> 
> 2016.05.16 19:14:04 LOG3[main]: error queue: 140B0009: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
> 2016.05.16 19:14:04 LOG3[main]: SSL_CTX_use_PrivateKey_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line

David,

Stunnel doesn't like your key file.

Maybe it's not in PEM format, or it does not contain a private key.

Try to open it with a text editor.  There should be lines reading
"-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----"
with some base64 coded stuff in between.

(There also should be a certificate enclosed in
"-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", but for
now, stunnel is missing the private key.)

HTH,

Ludolf

-- 

Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796


More information about the stunnel-users mailing list