Re: [opensuse] stunnel certificates
- From: "George Stoianov" <gstoyanoff@xxxxxxxxx>
- Date: Wed, 30 May 2007 09:21:01 -0400
I have used this:
http://www.5dollarwhitebox.org/wiki/index.php/Howtos_Self_Signed_SSL_Certificates
To create a csr and cert etc. I had to only add a flag to generate the
file for the serial number.
I am not sure what is causing this issue, but trying a different
approach may help or llead to a different error message.
HTH
George
On 5/30/07, Koenraad Lelong <k.lelong@xxxxxxxxxxxxxxxxxx> wrote:
Hi,--
I want to secure access to a databese server (Firebird). I want to do
this with stunnel. I'm having troubles with the certificates. This is
what I did, using standard Suse 10.0 stuff (I modified openssl.cnf to
have a number of defaults) :
#in a clean directory create structure :
mkdir demoCA
mkdir demoCA/private
mkdir demoCA/newcerts
touch demoCA/index.txt
echo 00 > demoCA/serial
#Create CA files
openssl req -new -x509 -keyout demoCA/private/cakey.pem -out \
demoCA/cacert.pem
#Create server key & signing request
openssl req -nodes -new -newkey rsa:1024 -keyout server.key -out \
server.req
#sign server certificate
openssl ca -policy policy_anything -notext -in server.req -out \
server.crt
#Create client key & signing request
openssl req -nodes -new -newkey rsa:1024 -keyout client.key -out \
client.req
#sign client certificate
openssl ca -policy policy_anything -notext -in client.req -out \
client.crt
cp demoCA/newcerts/00.pem /etc/stunnel/server.pem
cp demoCA/cacert.pem /etc/stunnel/cacert.pem
chmod 740 /etc/stunnel/server.pem
My stunnel.conf is :
client = no
foreground = yes
debug = 7
verify = 3
CApath = certs
CAfile = cacert.pem
cert = server.pem
[firebird]
accept = 3051
connect = localhost:3050
When I try to start stunnel I get :
ace-cad-3:/etc/stunnel # stunnel stunnel.conf
2007.05.30 12:59:33 LOG7[14071:1076660896]: Snagged 64 random bytes from
/root/.rnd
2007.05.30 12:59:33 LOG7[14071:1076660896]: Wrote 1024 new random bytes
to /root/.rnd
2007.05.30 12:59:33 LOG7[14071:1076660896]: RAND_status claims
sufficient entropy for the PRNG
2007.05.30 12:59:33 LOG6[14071:1076660896]: PRNG seeded successfully
2007.05.30 12:59:33 LOG5[14071:1076660896]: Could not load DH parameters
from server.pem
2007.05.30 12:59:33 LOG4[14071:1076660896]: Diffie-Hellman
initialization failed
2007.05.30 12:59:33 LOG3[14071:1076660896]: Error reading certificate
file: server.pem
2007.05.30 12:59:33 LOG3[14071:1076660896]:
SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM
routines:PEM_read_bio:no start line
ace-cad-3:/etc/stunnel #
This procedure is an adaptation from a document from the Firebird
community. What am I missing ? I think the Diffie-Hellman stuff can be
ignored.
I tried three other documents (from the stunnel-site) but these don't
work either (for me ;-) ).
Anyone can give suggestions, tips, links ? They will be very much
appreciated.
Are there other methods ? I don't want to give ssh access to the users.
I know of zebedee, but this seems old (unsupported ?).
--
Met vriendelijke groeten,
Koenraad Lelong
R&D Manager
ACE electronics n.v.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
- Follow-Ups:
- Re: [opensuse] stunnel certificates [partly solved]
- From: Koenraad Lelong
- Re: [opensuse] stunnel certificates [partly solved]
- References:
- [opensuse] stunnel certificates
- From: Koenraad Lelong
- [opensuse] stunnel certificates
- Prev by Date: Re: [opensuse] iptables config file and reboot
- Next by Date: Re: [opensuse] Undelete
- Previous by thread: [opensuse] stunnel certificates
- Next by thread: Re: [opensuse] stunnel certificates [partly solved]
- Index(es):
Relevant Pages
|
|
