#include
- Ssl_ctx_use_certificate_chain_file Failed
- Ssl_ctx_use_certificate_asn1
- Ssl_ctx_use_certificate_chain_file
Nginx won't reload: SSLCTXusecertificatechainfile failed. Ask Question Asked 4 years, 1 month ago. Active 4 years, 1 month ago. Viewed 2k times 0. 'SSLCTXusecertificate:ca md too weak' While I could ask clients to get a better CA certificate, it takes some of them a long time to do so. I was wondering if there's a way I could compile/configure the OpenSSL on my server to accept those certificates after all.
intSSL_CTX_use_certificate
(SSL_CTX *ctx, X509 *x);
intSSL_CTX_use_certificate_ASN1
(SSL_CTX *ctx, int len, unsigned char *d);
intSSL_CTX_use_certificate_file
(SSL_CTX *ctx, const char *file, int type);
intSSL_use_certificate
(SSL *ssl, X509 *x);
intSSL_use_certificate_ASN1
(SSL *ssl, unsigned char *d, int len);
intSSL_use_certificate_chain_file
(SSL *ssl, const char *file);
intSSL_use_certificate_file
(SSL *ssl, const char *file, int type);
intSSL_CTX_use_certificate_chain_file
(SSL_CTX *ctx, const char *file);
intSSL_CTX_use_certificate_chain_mem
(SSL_CTX *ctx, void *buf, int len);
intSSL_CTX_use_PrivateKey
(SSL_CTX *ctx, EVP_PKEY *pkey);
intSSL_CTX_use_PrivateKey_ASN1
(int pk, SSL_CTX *ctx, unsigned char *d, long len);
intSSL_CTX_use_PrivateKey_file
(SSL_CTX *ctx, const char *file, int type);
intSSL_CTX_use_RSAPrivateKey
(SSL_CTX *ctx, RSA *rsa);
intSSL_CTX_use_RSAPrivateKey_ASN1
(SSL_CTX *ctx, unsigned char *d, long len);
intSSL_CTX_use_RSAPrivateKey_file
(SSL_CTX *ctx, const char *file, int type);
intSSL_use_PrivateKey
(SSL *ssl, EVP_PKEY *pkey);
intSSL_use_PrivateKey_ASN1
(int pk, SSL *ssl, unsigned char *d, long len);
intSSL_use_PrivateKey_file
(SSL *ssl, const char *file, int type);
intSSL_use_RSAPrivateKey
(SSL *ssl, RSA *rsa);
intSSL_use_RSAPrivateKey_ASN1
(SSL *ssl, const unsigned char *d, long len);
intSSL_use_RSAPrivateKey_file
(SSL *ssl, const char *file, int type);
intSSL_CTX_check_private_key
(const SSL_CTX *ctx);
intSSL_check_private_key
(const SSL *ssl);
Hello. I am getting the following error when I try to run stunnel:
[root@doadmzqas stunnel]# stunnel
[ ] Clients allowed=31999
[.] stunnel 5.17 on powerpc-ibm-aix5.2.0.0 platform
[.] Compiled/running with OpenSSL 1.0.1s 1 Mar 2016
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
[ ] errno: (*_Errno())
Ssl_ctx_use_certificate_chain_file Failed
[.] Reading configuration from file /opt/freeware/etc/stunnel/stunnel.conf
![Ssl_ctx_use_certificate_chain_file Ssl_ctx_use_certificate_chain_file](https://www.axigen.com/community/uploads/default/original/1X/c1f23a72c718b2e991802758dd937361074d2b75.png)
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] Snagged 64 random bytes from /home/root/.rnd
[ ] Wrote 1024 new random bytes to /home/root/.rnd
[ ] PRNG seeded successfully
[ ] Initializing service [sapdp3202]
[ ] Loading certificate from file: /opt/freeware/etc/stunnel/stunnel.pem
[!] error queue: 140DC002: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
[!] error queue: 20074002: error:20074002:BIO routines:FILE_CTRL:system lib
[!] SSL_CTX_use_certificate_chain_file: 2001002: error:02001002:system library:fopen:No such file or directory
[!] Service [sapdp3202]: Failed to initialize SSL context
The version is 5.17 as you can see above. My config file looks like this:
; Log file (enable for troubleshooting)
output = /var/log/stunnel.log
; SSL Certificate and key files
cert = /opt/freeware/etc/stunnel/stunnel.pem
key = /opt/freeware/etc/stunnel/stunnel.key
; Restrict to FIPS compliant ciphers only ciphers = FIPS
; Force the SSL version to TLSv1 only
sslVersion = TLSv1
; The cipher list and SSL version restrictions above should make us ; _de_facto_ FIPS compliant; our OpenSSL library is *not* FIPS ; compliant, so
this cannot be set to 'yes'
fips = no
[sapdp3202]
client = yes
Ssl_ctx_use_certificate_asn1
accept = 127.0.0.1:3202
connect = doaprdssl.dot.com.gov:4709
Ssl_ctx_use_certificate_chain_file
The OS is AIX version 7. Does anybody have any idea what this means?
Thanks in advance.