Stunnel/SLL bad certificate problem

Posted on 2005-05-03
Last Modified: 2012-06-27
Let me start from the beginning. I'm setting up a syslog-ng server so i can log my clients logs on a server. I'm using syslog-ng server for both client and server. I'm also using STUNNEL/SSL to encrypt the messages going from client to server.

I'm not very known with SSL/certificates so i followed this guide to setup syslog-ng + stunnel.

I followed this step by step, and it used to work from 1 machine but not from the 2nd

Lets start with wat i did:

[Server side]
In the [/usr/share/ssl/certs]
make syslog-ng-server.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-server.pem to /etc/stunnel

In the [/etc/stunnel]
Here i've created this file named: stunnel.conf

cert = /etc/stunnel/syslog-ng-server.pem
CAfile = /etc/stunnel/syslog-ng-client.pem
verify = 3
accept = (server IP)
connect =

[client side]
make syslog-ng-client.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-client.pem to /etc/stunnel

In the [/etc/stunnel]
Here i've created this file named: stunnel.conf

client = yes
cert = /etc/stunnel/syslog-ng-client.pem
CAfile = /etc/stunnel/syslog-ng-server.pem
verify = 3
accept =
connect = (server IP)

Ok now i copied from the CLIENT [syslog-ng-client.pem] the certificate into a new file on the server named [syslog-ng-client.pem] ( wich i created with VI and copy/paste with VI)
On the server side i did the same thing, i've created a file on the client named [syslog-ng-server.pem] and copied form the server the certificate syslog-ng-server.pem into [syslog-ng-server.pem].

Now when i start stunnel on both client as server i'l get the error in /var/log/secure:

May  3 08:01:38 c150228 stunnel[6399]: 5140 connected from (client IP)
May  3 08:01:38 c150228 stunnel[6399]: SSL_accept: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate

Please help me out... is stunnel holding some cache i have to empty first or what ?

Question by:Mr-sark
    LVL 2

    Expert Comment

    I am not expert in stunnel and SSL encryption either.

    I feel the use of VI is the problem. try copying the CLIENT certificate by the same method you used for SERVER.  

    My wild guess is that VI does some word wrapping on the certificate which makes the certificate in complete thus resulting in bad certificate.

    another guess would be the permission for files /etc/stunnel directory, check the permissions and ensure they are readable by the user running syslog-ng server

    Hope this helps,
    LVL 1

    Author Comment


    I have changed /etc/stunnel.conf on the cliend and the server.

    # Sample stunnel configuration file

    cert = /etc/stunnel/stunnel.pem
    pid = /var/run/

    accept = (server IP)
    connect =


    # Sample stunnel configuration file

    pid = /var/run/

    # Use it for client mode
    client = yes

    accept  =
    connect =

    i have created a new certificate stunnel.pem on the server.

    When i check /var/log/secrue it wil show the following output:


    May  3 09:04:42 c150228 stunnel[6800]: syslog-ngs connected from
    May  3 09:05:25 c150228 stunnel[6800]: syslog-ngs connected from

    So this tells me the clients both connect with the syslog server ( they only connect  when I start STUNNEL on the clients. So i'm assuming that they are using a stunnel)

    Are they using STUNNEL ? since the message for connecting is differnt from the other messages i got.
    LVL 2

    Accepted Solution

    try increasing the debug level and find out any ssl related communication going through.

    or better try using any network sniffing tool to capture packets between the server and client and see whether it is in encrypted form.


    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
    Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now