Error Reading Certificate File Stunnel.pem
VeriSign certificate with STunnel Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Hi, Thanks for your response. Here is log file. 2011.12.21 13:31:30 LOG7[5144:2256]: Snagged 64 random bytes from C:/.rnd 2011.12.21 13:31:30 LOG7[5144:2256]: Wrote 1024 new random bytes to C:/.rnd 2011.12.21 13:31:30 LOG7[5144:2256]: RAND_status claims sufficient entropy for the PRNG 2011.12.21 13:31:30 LOG7[5144:2256]: PRNG seeded successfully 2011.12.21 13:31:30 LOG7[5144:2256]: Certificate: zos.pem 2011.12.21 13:31:30 LOG3[5144:2256]: Error reading certificate file: zos.pem 2011.12.21 13:31:30 LOG3[5144:2256]: error stack: 140DC009 : error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib 2011.12.21 13:31:30 LOG3[5144:2256]: error stack: 906700D : error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib 2011.12.21 13:31:30 LOG3[5144:2256]: error stack: D08303A : error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error 2011.12.21 13:31:30 LOG3[5144:2256]: error stack: D07803A : error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error 2011.12.21 13:31:30 LOG3[5144:2256]: SSL_CTX_use_certificate_chain_file: D0680A8: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag 2011.12.21 13:31:30 LOG3[5144:2256]: Server is down Please let me know if you need further information. Thanks, Zubair -----Original Message----- From: stunnel-users-bounces at stunnel.org [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of stunnel-users-request at stunnel.org Sent: Wednesday, December 21, 2011 12:56 PM To: stunnel-users at stunnel.org Subject: stunnel-users Digest, Vol 89, Issue 18 Send stunnel-users mailing list submissions to stunnel-users at stunnel.org To subscribe or unsubscribe via the World Wide Web, visit http://stunnel.mirt.net/mailman/listinfo/stunnel-users or, via email, send a message with subject or body 'help' to stunnel-users-request at stunnel.org You can reach the person managing the list at stunnel-users-owner at stunnel.org When replying, please edit your Subject line so it is more specific than "Re: Contents of stunnel-users digest..." Today's Topics: 1. Unable to make Stunnel on Solaris 10 (ted.pritchard at steria.co.uk) 2. In
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow http://serverfault.com/questions/424619/stunnel-not-reading-configuration-file the company Business Learn more about hiring developers or posting ads with us Server http://stackoverflow.com/questions/3993660/stunnel-configuration-for-ssl-connection Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top STunnel Not Reading Configuration error reading File up vote 3 down vote favorite 1 I generated an SSL certificate as specified on the answer to stunnel: SSL-to-SSL? (for smtp/imap) And have the following configuation file: cert = /home/marshall/stunnels/certs/umistunnel.keys ; protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3 pid = ./stunnel4.pid [https] accept = 4433 connect = 3000 When I run > stunnel config.conf the error I get is: Reading configuration from descriptor 3 Snagged 64 random bytes from error reading certificate /home/marshall/.rnd Wrote 1024 new random bytes to /home/marshall/.rnd PRNG seeded successfully Line 1: End of section stunnel: SSL server needs a certificate If I instead run: > stunnel filethatdoesnotexist.asdf I get the same result. And, if I run stunnel without any parameters, the only change is that the error states Line 0. What am I doing wrong here? linux ssl stunnel share|improve this question asked Sep 5 '12 at 16:35 Marshall Anschutz 17617 What version of stunnel is installed? –Zoredache Sep 5 '12 at 17:31 It looks like version 4.05... –Marshall Anschutz Sep 5 '12 at 18:18 add a comment| 3 Answers 3 active oldest votes up vote 11 down vote You may have both stunnel3 & stunnel4 installed on your system. The default for "stunnel" is to softlink it to stunnel3: root@sibelius:/usr/bin# ls -l stunnel* lrwxrwxrwx 1 root root 8 Oct 18 2011 stunnel -> stunnel3 -rwxr-xr-x 1 root root 2797 Oct 18 2011 stunnel3 -rwxr-xr-x 1 root root 109904 Oct 18 2011 stunnel4 The syntax of the stunnel.conf for stunnel3 is not compatible with the one for stunnel4. Hence the error. Try removing stunnel3. share|improve this answer answered Jan 13 '13 at 20:11 user153252 11113 add a comment| up vote 5 down vote accepted Found my problem... It's not
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Stunnel Configuration for SSL Connection up vote 0 down vote favorite I'm trying to use Stunnel to use a mail client that doesn't support SSL to interface with a mail server that wants to use SSL. I want to be able to use plain POP3/SMTP to some local port that Stunnel sets up and have that forward to the SSL connection on the mail server. I was given the following files by my ISP: username.p12 local_ca.crt I used OpenSSL to convert both files to PEM format (for use with Stunnel) in the following way: openssl pkcs12 -in username.p12 -out certkey.pem -nodes -clcerts openssl x509 -in local_ca.crt -out certificate.pem But I'm not sure how to set up my stunnel.conf file to use these files and act as I described above. My file currently looks like this: 1 cert = /Users/me/.certs/certificate.pem 2 key = /Users/me/.certs/certkey.pem 3 client = yes 4 5 [pop3s] 6 accept = 110 7 connect = remote-server:995 8 9 [ssmtp] 10 accept = 25 11 connect = remote-server:465 However I get the following error when I try to run Stunnel: $ sudo -H ./stunnel stunnel.conf Reading configuration from file stunnel.conf PRNG seeded successfully Certificate: /Users/me/.certs/certificate.pem Certificate loaded Key file: /Users/me/.certs/certkey.pem SSL_CTX_use_PrivateKey_file: B080074: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Thanks in advance for any help you