[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

David Faizulaev David.Faizulaev at nextnine.com
Tue May 17 13:15:41 CEST 2016


Sorry but I've was incorrect.
The application cannot send or receive messages, I thought I was able to send messages, but I was wrong.

Best Regards,
David.



David Faizulaev | PL/SQL Developer | T  +972 (3) 767 3026 | M +972 (54) 7314687

Centralized OT Security Management for Distributed SCADA/ICS Networks

 Please consider the environment before printing this e-mail

-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of David Faizulaev
Sent: Tuesday, May 17, 2016 2:13 PM
To: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

I see, I have a keystore file for the server, can it be set as KEY ? can I convert keystore to PEM?

Additionally, I've thought about configuring Stunnel in client mode.
Here is the configuration:

[custom]
client = yes
accept = 127.0.0.1:8449
connect = 192.168.220.72:444
verify = 2
CAfile = server.pem

In this case, my application appears to successfully connect to Stunnel & send messages.
But when it tries to access it in order to collect messages, it fails:

(App in C++)
Error: socketReceive data failed (Requested: 4 bytes, Cur chunk size: 4 bytes. Progress: Got: 0 bytes, Left: 4 bytes): System Err: An unknown error occurred while accessing an unnamed file.

Thank you for your assistance.

Best Regards,
David.



David Faizulaev | PL/SQL Developer | T  +972 (3) 767 3026 | M +972 (54) 7314687

Centralized OT Security Management for Distributed SCADA/ICS Networks

 Please consider the environment before printing this e-mail

-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Ludolf Holzheid
Sent: Tuesday, May 17, 2016 2:03 PM
To: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

On Tue, 2016-05-17 08:29:17 +0000, David Faizulaev wrote:
> Hello Ludolf,
> 
> I've printed the content of certificate file and the lines: "-----BEGIN CERTIFICATE-----" "-----END CERTIFICATE-----" exist.
> In addition, I've compared the default certificate provided by Stunnel with the one I wish to use, they're structure is identical.

Hello David,

Please reply to the list, so others are able to comment too.

I don't know the 'default certificate provided by Stunnel'.  I expect it to be depending on the distribution.

However, if there are "BEGIN/END CERTIFICATE" lines in your file, but no "BEGIN/END RSA PRIVATE KEY", then the file is in PEM format, but the key is missing.  Maybe you have separate files for private key and certificate.  If this is the case, you may either concatenate key and certificate to a single file or specify both files in the stunnel
configuration:

>> key  = my-private-key.pem
>> cert = my-certificate.pem

Ludolf

-- 

Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users


More information about the stunnel-users mailing list