• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1227
  • Last Modified:

Stunnel/SLL bad certificate problem

Let me start from the beginning. I'm setting up a syslog-ng server so i can log my clients logs on a server. I'm using syslog-ng server for both client and server. I'm also using STUNNEL/SSL to encrypt the messages going from client to server.

I'm not very known with SSL/certificates so i followed this guide to setup syslog-ng + stunnel.

[guide]
http://www.stunnel.org/examples/syslog-ng.html
I followed this step by step, and it used to work from 1 machine but not from the 2nd

Lets start with wat i did:

[Server side]
In the [/usr/share/ssl/certs]
make syslog-ng-server.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-server.pem to /etc/stunnel

In the [/etc/stunnel]
Here i've created this file named: stunnel.conf

cert = /etc/stunnel/syslog-ng-server.pem
CAfile = /etc/stunnel/syslog-ng-client.pem
verify = 3
[5140]
accept = 131.xxx.xxx.xxx:5140 (server IP)
connect = 127.0.0.1:514

[client side]
make syslog-ng-client.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-client.pem to /etc/stunnel

In the [/etc/stunnel]
Here i've created this file named: stunnel.conf

client = yes
cert = /etc/stunnel/syslog-ng-client.pem
CAfile = /etc/stunnel/syslog-ng-server.pem
verify = 3
[5140]
accept = 127.0.0.1:514
connect = 131.xxx.xxx.xxx:5140 (server IP)

Ok now i copied from the CLIENT [syslog-ng-client.pem] the certificate into a new file on the server named [syslog-ng-client.pem] ( wich i created with VI and copy/paste with VI)
On the server side i did the same thing, i've created a file on the client named [syslog-ng-server.pem] and copied form the server the certificate syslog-ng-server.pem into [syslog-ng-server.pem].

Now when i start stunnel on both client as server i'l get the error in /var/log/secure:

May  3 08:01:38 c150228 stunnel[6399]: 5140 connected from 131.xxx.xxx.xxx:3328 (client IP)
May  3 08:01:38 c150228 stunnel[6399]: SSL_accept: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate


Please help me out... is stunnel holding some cache i have to empty first or what ?




0
Mr-sark
Asked:
Mr-sark
  • 2
1 Solution
 
sekargopiCommented:
I am not expert in stunnel and SSL encryption either.

I feel the use of VI is the problem. try copying the CLIENT certificate by the same method you used for SERVER.  

My wild guess is that VI does some word wrapping on the certificate which makes the certificate in complete thus resulting in bad certificate.

another guess would be the permission for files /etc/stunnel directory, check the permissions and ensure they are readable by the user running syslog-ng server

Hope this helps,
Gopi
0
 
Mr-sarkAuthor Commented:
Update

I have changed /etc/stunnel.conf on the cliend and the server.

[server]
# Sample stunnel configuration file

cert = /etc/stunnel/stunnel.pem
pid = /var/run/stunnel.pid

[syslog-ngs]
accept = 131.xxx.xxx.xx:5140 (server IP)
connect = 127.0.0.1:514


[client]

# Sample stunnel configuration file

pid = /var/run/stunnel.pid

# Use it for client mode
client = yes

[syslog-ngs]
accept  = 127.0.0.1:514
connect = 131.xxx.xxx.xxx:5140


i have created a new certificate stunnel.pem on the server.

When i check /var/log/secrue it wil show the following output:

/var/log/secure

May  3 09:04:42 c150228 stunnel[6800]: syslog-ngs connected from 131.xxx.xxx.xxx:33781
May  3 09:05:25 c150228 stunnel[6800]: syslog-ngs connected from 131.xxx.xxx.xxx:1128


So this tells me the clients both connect with the syslog server ( they only connect  when I start STUNNEL on the clients. So i'm assuming that they are using a stunnel)

Are they using STUNNEL ? since the message for connecting is differnt from the other messages i got.
0
 
sekargopiCommented:
try increasing the debug level and find out any ssl related communication going through.

or better try using any network sniffing tool to capture packets between the server and client and see whether it is in encrypted form.

Gopi
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now