0

我已经在 linux 服务器上安装了 stunnel 版本 stunnel-5.43.tar.gz。分配认证路径和文件后,由于tlsversionstunnel.conf,我的 stunnel 无法启动。看到这是我的 stunnel.conf:

[abc] 
client = yes cert = /usr/local/etc/stunnel/cert.pem key = /usr/local/etc/stunnel/key.pem CAfile = /usr/local/etc/stunnel/Cert.pem sslVersion = TLSv1.2 accept = 127.0.0.1:5001 connect = x.x.x.x:port

启动 stunnel 时出现此错误:

[root@test stunnel]# stunnel #Certification loaded here  >Loading certificate from file: /usr/local/etc/stunnel/cert.pem >Certificate loaded from file: /usr/local/etc/stunnel/cert.pem >Loading private key from file: /usr/local/etc/stunnel/key.pem >Insecure file permissions on /usr/local/etc/stunnel/key.pem >#Getting here >SSL_CTX_use_PrivateKey_file: B080074: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch >Service [abc]: Failed to initialize TLS context

服务 [abc]:无法初始化 TLS 上下文

4

2 回答 2

1

确保您的私钥文件 (/usr/local/etc/stunnel/key.pem) 的权限设置为 600,其中:

chmod 600 /usr/local/etc/stunnel/key.pem

从隧道手册:

stunnel.pem 文件包含您的密钥(私有数据)和证书(公共数据)。为了让 stunnel 无需密码即可自动启动,无需密码即可创建密钥。这意味着任何可以读取此文件的人都可能危及您的 SSL 安全性。此文件必须只能由 root 或运行 stunnel 的用户读取

于 2017-11-17T06:34:14.277 回答
1

你也可以使用: https ://github.com/square/ghostunnel

bin/ghostunnel client  --listen localhost:8443 --target fixbeta-rhub.bloomberg.com:8228 --keystore keys/fixbeta-rhub.bloomberg.com.p12     --cacert keys/CACerts.pem   --override-server-name=fixbeta.bloomberg.com
于 2020-02-12T16:45:05.083 回答