Link to home
Start Free TrialLog in
Avatar of Mr-sark
Mr-sark

asked on

Stunnel/SLL bad certificate problem

Let me start from the beginning. I'm setting up a syslog-ng server so i can log my clients logs on a server. I'm using syslog-ng server for both client and server. I'm also using STUNNEL/SSL to encrypt the messages going from client to server.

I'm not very known with SSL/certificates so i followed this guide to setup syslog-ng + stunnel.

[guide]
http://www.stunnel.org/examples/syslog-ng.html
I followed this step by step, and it used to work from 1 machine but not from the 2nd

Lets start with wat i did:

[Server side]
In the [/usr/share/ssl/certs]
make syslog-ng-server.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-server.pem to /etc/stunnel

In the [/etc/stunnel]
Here i've created this file named: stunnel.conf

cert = /etc/stunnel/syslog-ng-server.pem
CAfile = /etc/stunnel/syslog-ng-client.pem
verify = 3
[5140]
accept = 131.xxx.xxx.xxx:5140 (server IP)
connect = 127.0.0.1:514

[client side]
make syslog-ng-client.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-client.pem to /etc/stunnel

In the [/etc/stunnel]
Here i've created this file named: stunnel.conf

client = yes
cert = /etc/stunnel/syslog-ng-client.pem
CAfile = /etc/stunnel/syslog-ng-server.pem
verify = 3
[5140]
accept = 127.0.0.1:514
connect = 131.xxx.xxx.xxx:5140 (server IP)

Ok now i copied from the CLIENT [syslog-ng-client.pem] the certificate into a new file on the server named [syslog-ng-client.pem] ( wich i created with VI and copy/paste with VI)
On the server side i did the same thing, i've created a file on the client named [syslog-ng-server.pem] and copied form the server the certificate syslog-ng-server.pem into [syslog-ng-server.pem].

Now when i start stunnel on both client as server i'l get the error in /var/log/secure:

May  3 08:01:38 c150228 stunnel[6399]: 5140 connected from 131.xxx.xxx.xxx:3328 (client IP)
May  3 08:01:38 c150228 stunnel[6399]: SSL_accept: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate


Please help me out... is stunnel holding some cache i have to empty first or what ?




Avatar of sekargopi
sekargopi

I am not expert in stunnel and SSL encryption either.

I feel the use of VI is the problem. try copying the CLIENT certificate by the same method you used for SERVER.  

My wild guess is that VI does some word wrapping on the certificate which makes the certificate in complete thus resulting in bad certificate.

another guess would be the permission for files /etc/stunnel directory, check the permissions and ensure they are readable by the user running syslog-ng server

Hope this helps,
Gopi
Avatar of Mr-sark

ASKER

Update

I have changed /etc/stunnel.conf on the cliend and the server.

[server]
# Sample stunnel configuration file

cert = /etc/stunnel/stunnel.pem
pid = /var/run/stunnel.pid

[syslog-ngs]
accept = 131.xxx.xxx.xx:5140 (server IP)
connect = 127.0.0.1:514


[client]

# Sample stunnel configuration file

pid = /var/run/stunnel.pid

# Use it for client mode
client = yes

[syslog-ngs]
accept  = 127.0.0.1:514
connect = 131.xxx.xxx.xxx:5140


i have created a new certificate stunnel.pem on the server.

When i check /var/log/secrue it wil show the following output:

/var/log/secure

May  3 09:04:42 c150228 stunnel[6800]: syslog-ngs connected from 131.xxx.xxx.xxx:33781
May  3 09:05:25 c150228 stunnel[6800]: syslog-ngs connected from 131.xxx.xxx.xxx:1128


So this tells me the clients both connect with the syslog server ( they only connect  when I start STUNNEL on the clients. So i'm assuming that they are using a stunnel)

Are they using STUNNEL ? since the message for connecting is differnt from the other messages i got.
ASKER CERTIFIED SOLUTION
Avatar of sekargopi
sekargopi

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial