我在linux服务器上安装了stunnel版stunnel-5.43.tar.gz。在分配证书路径和stunnel.conf文件后,由于 tlsversion ,我的stunnel无法启动。
看到这是我的stunnel.conf:
[abc]
client = yes cert = /usr/local/etc/stunnel/cert.pem key = /usr/local/etc/stunnel/key.pem CAfile = /usr/local/etc/stunnel/Cert.pem sslVersion = TLSv1.2 accept = 127.0.0.1:5001 connect = x.x.x.x:port
启动stunnel时出现此错误:
[root@test stunnel]# stunnel #Certification loaded here >Loading certificate from file: /usr/local/etc/stunnel/cert.pem >Certificate loaded from file: /usr/local/etc/stunnel/cert.pem >Loading private key from file: /usr/local/etc/stunnel/key.pem >Insecure file permissions on /usr/local/etc/stunnel/key.pem >#Getting here >SSL_CTX_use_PrivateKey_file: B080074: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch >Service [abc]: Failed to initialize TLS context
服务[abc]:无法初始化TLS上下文
答案 0 :(得分:1)
您还可以使用:https://github.com/square/ghostunnel
bin/ghostunnel client --listen localhost:8443 --target fixbeta-rhub.bloomberg.com:8228 --keystore keys/fixbeta-rhub.bloomberg.com.p12 --cacert keys/CACerts.pem --override-server-name=fixbeta.bloomberg.com
答案 1 :(得分:0)
确保您的私钥文件(/usr/local/etc/stunnel/key.pem)具有以下权限设置为600:
{{1}}
来自stunnel手册:
stunnel.pem文件包含密钥(私有数据)和证书(公共数据)。为了在不需要密码的情况下自动启动stunnel,将在没有密码的情况下创建密钥。这意味着任何能够阅读此文件的人都可能会损害您的SSL安全性。 此文件必须只能由root或运行stunnel的用户读取。