Mr-sark
asked on
Stunnel/SLL bad certificate problem
Let me start from the beginning. I'm setting up a syslog-ng server so i can log my clients logs on a server. I'm using syslog-ng server for both client and server. I'm also using STUNNEL/SSL to encrypt the messages going from client to server.
I'm not very known with SSL/certificates so i followed this guide to setup syslog-ng + stunnel.
[guide]
http://www.stunnel.org/examples/syslog-ng.html
I followed this step by step, and it used to work from 1 machine but not from the 2nd
Lets start with wat i did:
[Server side]
In the [/usr/share/ssl/certs]
make syslog-ng-server.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-server.pem to /etc/stunnel
In the [/etc/stunnel]
Here i've created this file named: stunnel.conf
cert = /etc/stunnel/syslog-ng-ser ver.pem
CAfile = /etc/stunnel/syslog-ng-cli ent.pem
verify = 3
[5140]
accept = 131.xxx.xxx.xxx:5140 (server IP)
connect = 127.0.0.1:514
[client side]
make syslog-ng-client.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-client.pem to /etc/stunnel
In the [/etc/stunnel]
Here i've created this file named: stunnel.conf
client = yes
cert = /etc/stunnel/syslog-ng-cli ent.pem
CAfile = /etc/stunnel/syslog-ng-ser ver.pem
verify = 3
[5140]
accept = 127.0.0.1:514
connect = 131.xxx.xxx.xxx:5140 (server IP)
Ok now i copied from the CLIENT [syslog-ng-client.pem] the certificate into a new file on the server named [syslog-ng-client.pem] ( wich i created with VI and copy/paste with VI)
On the server side i did the same thing, i've created a file on the client named [syslog-ng-server.pem] and copied form the server the certificate syslog-ng-server.pem into [syslog-ng-server.pem].
Now when i start stunnel on both client as server i'l get the error in /var/log/secure:
May 3 08:01:38 c150228 stunnel[6399]: 5140 connected from 131.xxx.xxx.xxx:3328 (client IP)
May 3 08:01:38 c150228 stunnel[6399]: SSL_accept: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:s slv3 alert bad certificate
Please help me out... is stunnel holding some cache i have to empty first or what ?
I'm not very known with SSL/certificates so i followed this guide to setup syslog-ng + stunnel.
[guide]
http://www.stunnel.org/examples/syslog-ng.html
I followed this step by step, and it used to work from 1 machine but not from the 2nd
Lets start with wat i did:
[Server side]
In the [/usr/share/ssl/certs]
make syslog-ng-server.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-server.pem to /etc/stunnel
In the [/etc/stunnel]
Here i've created this file named: stunnel.conf
cert = /etc/stunnel/syslog-ng-ser
CAfile = /etc/stunnel/syslog-ng-cli
verify = 3
[5140]
accept = 131.xxx.xxx.xxx:5140 (server IP)
connect = 127.0.0.1:514
[client side]
make syslog-ng-client.pem and hit enter a few times ( left the fields empty).
Then i move syslog-ng-client.pem to /etc/stunnel
In the [/etc/stunnel]
Here i've created this file named: stunnel.conf
client = yes
cert = /etc/stunnel/syslog-ng-cli
CAfile = /etc/stunnel/syslog-ng-ser
verify = 3
[5140]
accept = 127.0.0.1:514
connect = 131.xxx.xxx.xxx:5140 (server IP)
Ok now i copied from the CLIENT [syslog-ng-client.pem] the certificate into a new file on the server named [syslog-ng-client.pem] ( wich i created with VI and copy/paste with VI)
On the server side i did the same thing, i've created a file on the client named [syslog-ng-server.pem] and copied form the server the certificate syslog-ng-server.pem into [syslog-ng-server.pem].
Now when i start stunnel on both client as server i'l get the error in /var/log/secure:
May 3 08:01:38 c150228 stunnel[6399]: 5140 connected from 131.xxx.xxx.xxx:3328 (client IP)
May 3 08:01:38 c150228 stunnel[6399]: SSL_accept: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:s
Please help me out... is stunnel holding some cache i have to empty first or what ?
ASKER
Update
I have changed /etc/stunnel.conf on the cliend and the server.
[server]
# Sample stunnel configuration file
cert = /etc/stunnel/stunnel.pem
pid = /var/run/stunnel.pid
[syslog-ngs]
accept = 131.xxx.xxx.xx:5140 (server IP)
connect = 127.0.0.1:514
[client]
# Sample stunnel configuration file
pid = /var/run/stunnel.pid
# Use it for client mode
client = yes
[syslog-ngs]
accept = 127.0.0.1:514
connect = 131.xxx.xxx.xxx:5140
i have created a new certificate stunnel.pem on the server.
When i check /var/log/secrue it wil show the following output:
/var/log/secure
May 3 09:04:42 c150228 stunnel[6800]: syslog-ngs connected from 131.xxx.xxx.xxx:33781
May 3 09:05:25 c150228 stunnel[6800]: syslog-ngs connected from 131.xxx.xxx.xxx:1128
So this tells me the clients both connect with the syslog server ( they only connect when I start STUNNEL on the clients. So i'm assuming that they are using a stunnel)
Are they using STUNNEL ? since the message for connecting is differnt from the other messages i got.
I have changed /etc/stunnel.conf on the cliend and the server.
[server]
# Sample stunnel configuration file
cert = /etc/stunnel/stunnel.pem
pid = /var/run/stunnel.pid
[syslog-ngs]
accept = 131.xxx.xxx.xx:5140 (server IP)
connect = 127.0.0.1:514
[client]
# Sample stunnel configuration file
pid = /var/run/stunnel.pid
# Use it for client mode
client = yes
[syslog-ngs]
accept = 127.0.0.1:514
connect = 131.xxx.xxx.xxx:5140
i have created a new certificate stunnel.pem on the server.
When i check /var/log/secrue it wil show the following output:
/var/log/secure
May 3 09:04:42 c150228 stunnel[6800]: syslog-ngs connected from 131.xxx.xxx.xxx:33781
May 3 09:05:25 c150228 stunnel[6800]: syslog-ngs connected from 131.xxx.xxx.xxx:1128
So this tells me the clients both connect with the syslog server ( they only connect when I start STUNNEL on the clients. So i'm assuming that they are using a stunnel)
Are they using STUNNEL ? since the message for connecting is differnt from the other messages i got.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I feel the use of VI is the problem. try copying the CLIENT certificate by the same method you used for SERVER.
My wild guess is that VI does some word wrapping on the certificate which makes the certificate in complete thus resulting in bad certificate.
another guess would be the permission for files /etc/stunnel directory, check the permissions and ensure they are readable by the user running syslog-ng server
Hope this helps,
Gopi