Here is the error from Stunnel: 2021.08.24 19:34:54 LOG3[5]: SSL_accept: ssl/record/rec_layer_s3.c:1543: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
Blue Iris 5 - Stunnel & HTTPS Issues
- Thread starter NathanUCR
- Start date
I've mostly switched from stunnel to ZeroTier that creates a virtual LAN with point-to-point connectivity. It's easy to set up and doesn't need any maintenance.
I don't think Cloudfare will work for this or I don't get it.
I just bought a ssl through registrar and had it setup in 20min.
$30 for 5 years sure beats me spending time every 3mo renewing it.
I just bought a ssl through registrar and had it setup in 20min.
$30 for 5 years sure beats me spending time every 3mo renewing it.
When creating your own self-signed cert, you can specify how long you want the cert to be valid.... in the following example, 10 years.
I've not used the auto-generation web sites but rather install OpenSSL (windows or linux) and create them myself. The basic steps...
STEP 1:
openssl genrsa -out CertificateAuthority.KEY 4096
STEP 2:
openssl req -new -x509 -days 3650 -key CertificateAuthority.KEY -out CertificateAuthority.CERT -config openssl.cnf
STEP 3:
openssl pkcs12 -export -out CertificateAuthority.p12 -inkey CertificateAuthority.KEY -in CertificateAuthority.CERT
The output files names to contents are:
CertificateAuthority.KEY - text file, private key, no password
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
CertificateAuthority.CERT - text file, certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
ClientCertificate.P12 - p12 binary file, certificate
===============
In depth How-To
How-to: Make Your Own Cert With OpenSSL on Windows
blog.didierstevens.com
The above has instructions/links to download, install, configure the OpenSSL software; i.e. openssl.cnf.
I've not used the auto-generation web sites but rather install OpenSSL (windows or linux) and create them myself. The basic steps...
STEP 1:
openssl genrsa -out CertificateAuthority.KEY 4096
STEP 2:
openssl req -new -x509 -days 3650 -key CertificateAuthority.KEY -out CertificateAuthority.CERT -config openssl.cnf
STEP 3:
openssl pkcs12 -export -out CertificateAuthority.p12 -inkey CertificateAuthority.KEY -in CertificateAuthority.CERT
The output files names to contents are:
CertificateAuthority.KEY - text file, private key, no password
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
CertificateAuthority.CERT - text file, certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
ClientCertificate.P12 - p12 binary file, certificate
===============
In depth How-To
How-to: Make Your Own Cert With OpenSSL on Windows
How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded)
As several things have changed since I published “Howto: Make Your Own Cert With OpenSSL on Windows” 5 years ago, I’m publishing an updated how-to. This time, I’m using the …
blog.didierstevens.com
The above has instructions/links to download, install, configure the OpenSSL software; i.e. openssl.cnf.