sargas
Reputation: 6180
How to fix "Service [XXX]: SSL server needs a certificate" on an Stunnel server?
I had an Stunnel server configuration that was working fine last week. It seems that after a sudo apt-get update && sudo apt-get upgrade that is not the case anymore.
Version:
$ ls -la /usr/bin/stunnel
?????????? 1 root root 8 Xxx XX 2016 /usr/bin/stunnel -> stunnel4
$ stunnel -version
stunnel 5.30 on x86_64-pc-linux-gnu platform
Compiled with OpenSSL 1.0.2e 3 Dec 2015
Running with OpenSSL 1.0.2g 1 Mar 2016
Update OpenSSL shared libraries or rebuild stunnel
And this is my server stunnel.conf
verify = 2
debug = 7
output = stunnel.log
options = NO_SSLv3
[XXX]
client = no
verify = 0
accept = 9888
connect = localhost:9879
key = path/to/file.key
CAfile = path/to/ca.pem
What was working before, now gives to following error:
$ sudo stunnel stunnel.conf
[ ] Initializing service [XXX]
[!] Service [XXX]: SSL server needs a certificate
Why do I need a certificate now? Isn't this a server? I already provided a private key and CA certificate and thought that was enough.
Please correct me if I'm wrong, but I think an Stunnel server doesn't need the clients' certs on the configuration in order to start a session to listen on.
Whatever the issue is. I appreciate any help.
Upvotes: 0
Views: 4352
Answers (1)
sargas
Reputation: 6180
I got it fixed by changing CAfile to cert:
[XXX]
...
cert = path/to/ca.pem
Upvotes: 1
Related Questions
- Does Stunnel support non-encrypted connection?
- Stunnel error: no start line
- Getting a SSL connection to work with STUNNEL/Win32
- Failed to initialize TLS context
- Stunnel cert rejected
- stunnel https gets redirected to http
- Stunnel SSL23_GET_SERVER_HELLO Error
- Stunnel on Ubuntu 14.04 despite a clean restart
- SslStream client unable to complete handshake with stunnel server
- Bad OpenSSL certificate