On Mon, Nov 29, 2021 at 9:34 AM Josealf.rm <[email protected]> wrote:
> Hola Jose, > > Private key should be readable just for the user running stunnel. Try > > chmod 600 /etc/ssl/private.key > > regards, > Gracias, José. The problem now is this: [ ] Loading private key from file: /etc/ssl/private.key [!] error queue: ../ssl/ssl_rsa.c:540: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib [!] error queue: ../crypto/bio/bss_file.c:290: error:20074002:BIO routines:file_ctrl:system lib [!] SSL_CTX_use_PrivateKey_file: ../crypto/bio/bss_file.c:288: error:0200100D:system library:fopen:Permission denied [!] Service [https]: Failed to initialize TLS context So, I don't think that is right. I will set it back to 644. > > > On 29/11/2021, at 9:13 AM, jose isaias cabrera <[email protected]> wrote: > > > > > > > > Greetings! > > > > I have duckduckgo'ed and I have not found an answer, but what should be > the permissions for the private key since the stunnel is giving me a > warning/error regarding that: > > ... > > [ ] Loading private key from file: /etc/ssl/private.key > > [:] Insecure file permissions on /etc/ssl/private.key > > [ ] Private key loaded from file: /etc/ssl/private.key > > ... > > > > this is that I have set: > > jic@web:~$ ls -l /etc/ssl/private.key > > -rw-r--r-- 1 root www-data 1702 Oct 13 02:54 /etc/ssl/private.key > > > > the www-data is the user that runs the website. All is running well, > apparently, but, I would like to set the correct permission on the > private.key file. Thanks for your support. > > > > josé > > > > -- > > > > What if eternity is real? Where will you spend it? Hmmmm... > > _______________________________________________ > > stunnel-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > -- What if eternity is real? Where will you spend it? Hmmmm...
_______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
