Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
APE Project
Home
+ new post
About this group
Join this group
APE + Stunnel + SSL
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   10 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Gino  
View profile  
 More options Apr 3 2012, 7:52 am
From: Gino <gin...@gmail.com>
Date: Tue, 3 Apr 2012 04:52:08 -0700 (PDT)
Local: Tues, Apr 3 2012 7:52 am
Subject: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author
Hi,

I'm currently wrapping up a project but I'm now required to use SSL
for my APE server. Everything has been working fine until I've
implemented SSL on my web server (IIS).
I followed the instructions in http://www.ape-project.org/wiki/index.php/SSL_with_ape

I installed stunnel4 version 4.29-1
on the same server as my APE

my stunnel.conf has the following lines:

cert = /etc/stunnel/my_main_cert.pem
cert = /etc/stunnel/my_ape_cert.pem
cert = /etc/stunnel/my_wildcard_cert.pem
sslVersion = SSLv3

debug = 7
output = /var/log/stunnel4/stunnel.log

[ape]
accept = 443
connect = 6969

I've updated my APE JSF from the latest github version and added the
following lines in my apeClientJS.js

APE.Config.server = 'ape.my-domain.com:442';
APE.Config.secure = true;

Stunnel starts with no errors but when I run the Check tool bundled in
ape-jsf (which is also updated to support the secure parameter)
I fail at contacting https://ape.my-domain:442

When I check the stunnel logs I find the following:

2012.04.03 18:43:04 LOG3[2409:140692054951680]: SSL_accept: Peer
suddenly discon
nected
2012.04.03 18:43:04 LOG5[2409:140692054951680]: Connection reset: 0
bytes sent t
o SSL, 0 bytes sent to socket
2012.04.03 18:43:04 LOG7[2409:140692054951680]: ape finished (0 left)

I'm finding it difficult to find out what exactly is failing during
the test.
Could any one who successfully setup SSL with APE share their
experience?
Been going through the group but haven't been able to find anything.
Any help is greatly appreciated!

Thanks!


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Gino  
View profile  
 More options Apr 10 2012, 8:04 am
From: Gino <gin...@gmail.com>
Date: Tue, 10 Apr 2012 05:04:58 -0700 (PDT)
Local: Tues, Apr 10 2012 8:04 am
Subject: Re: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author
I realized in my previous post I placed the port as 443. That was just
a typo, my configuration has the port set to 442, same port that is
set in my apeClientJS.js
so my stunnel.conf should be:

cert = /etc/stunnel/my_main_cert.pem
cert = /etc/stunnel/my_ape_cert.pem
cert = /etc/stunnel/my_wildcard_cert.pem
sslVersion = SSLv3
debug = 7
output = /var/log/stunnel4/stunnel.log
[ape]
accept = 442
connect = 6969

and I still get an error with the Check tool - fail to contact
https://ape.my-domain.com:442

I still haven't been able to get stunnel to work with APE. I've been
reading what I could find in the internet, but no solution yet.
Could someone share what certificates they have installed in their web
server and stunnel server.
I'm thinking my problem may lie with the certificates I  have. As of
now I'm using certificates made with OpenSSL.

I hope someone can help!


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Matija Hiti  
View profile  
 More options Apr 10 2012, 4:11 pm
From: Matija Hiti <matija.h...@gmail.com>
Date: Tue, 10 Apr 2012 22:11:28 +0200
Local: Tues, Apr 10 2012 4:11 pm
Subject: Re: [APE Project] Re: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author

First try if server replies anything through https. Open
https://0.ape.your-domain.com:442 in your browser. You should get the same
response as with http://0.ape.your-domain.com:6969

If this works, dig into the jsf settings. Otherwise, search for issues on
server.

For the server certificate: you need two of them. One for the apache
serving the files (yourdomain.com) and one wildcard for stunnel (*.
ape.your-domain.com). Stunnel works with bundle file, which includes your
certificate, ca certificate and intermediate certificates, if they exist.
Add foreground=yes or check the stunnel error log for errors when you run
it.

Matija

On 10 April 2012 14:04, Gino <gin...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Gino  
View profile  
 More options Apr 11 2012, 12:37 am
From: Gino <gin...@gmail.com>
Date: Tue, 10 Apr 2012 21:37:50 -0700 (PDT)
Local: Wed, Apr 11 2012 12:37 am
Subject: Re: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author
Thanks Matija for the reply.

I tried opening my browser first to http://0.ape.my-domain.com:6969
and I immediately get the response from APE with the no command given
message.
Then I tried https://0.ape.your-domain.com:442, I get the same results
but it takes extremely long to get a response. It's probably around 1
min until I get the same result.

Based on the logs I see messages like ape connected remote server from
127.0.0.1:60001, and since I get a response I eventually get a
response I take it stunnel and APE is communicating?

But I also noticed the following in the logs:

2012.04.11 12:30:36 LOG7[2409:140692054951680]: Remote FD=15
initialized
2012.04.11 12:30:36 LOG7[2409:140692054951680]: TCP_NODELAY option set
on remote socket
2012.04.11 12:30:36 LOG7[2409:140692054951680]: Socket closed on read
2012.04.11 12:30:36 LOG7[2409:140692054951680]: SSL write shutdown
2012.04.11 12:30:36 LOG7[2409:140692054951680]: SSL alert (write):
warning: close notify
2012.04.11 12:30:36 LOG6[2409:140692054951680]: SSL_shutdown
successfully sent close_notify
2012.04.11 12:30:38 LOG3[2409:140692054882048]: SSL_accept: Peer
suddenly disconnected
2012.04.11 12:30:38 LOG5[2409:140692054882048]: Connection reset: 0
bytes sent to SSL, 0 bytes sent to socket
2012.04.11 12:30:38 LOG7[2409:140692054882048]: ape finished (1 left)
2012.04.11 12:31:36 LOG6[2409:140692054951680]: s_poll_wait timeout:
connectionclose
2012.04.11 12:31:36 LOG5[2409:140692054951680]: Connection closed: 395
bytes sent to SSL, 387 bytes sent to socket

It says that Peer is suddenly disconnected. Is that normal?

The web server I have to use is IIS. It currently has the my-
domain.com cert. In stunnel I placed 3 certs, my-domain.com, *.my-
domain.com, *.ape.my-domian.com.
The wild card certs I made using OpenSSL for now. Would this affect my
setup?

On Apr 11, 4:11 am, Matija Hiti <matija.h...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Michele Vezzoli  
View profile  
 More options Apr 15 2012, 6:17 am
From: Michele Vezzoli <michele.vezz...@var-dump.it>
Date: Sun, 15 Apr 2012 12:17:00 +0200
Subject: Re: [APE Project] Re: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author

Hi gino,
I confirm your test,

I have the same problem :) on debian squeeze

Bye

2012/4/11 Gino <gin...@gmail.com>

--
------------------------------
*Michele Vezzoli*   *IT Manager*

TEL: +39.030.5230600  MOB: +39.328.0555322   FAX: +39.030.5230600  SKYPE:
 michele.vezzoli.vardump
VarDump S.r.l. - www.var-dump.it

This e-mail message does not imply or cause any obligation, unless it is
provided by a previous written agreement. This message is confidential: if
you have received it by mistake, please advise immediately the sender by
e-mail and destroy the message and its attachments. You are hereby notified
that any unauthorized use of the content of this message could constitute a
criminal offence. Thank you.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Matija Hiti  
View profile  
 More options Apr 15 2012, 8:43 am
From: Matija Hiti <matija.h...@gmail.com>
Date: Sun, 15 Apr 2012 14:43:37 +0200
Local: Sun, Apr 15 2012 8:43 am
Subject: Re: [APE Project] Re: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author

Try to add the following line to your stunnel.conf:

delay = no
TIMEOUTclose = 0

Matija

On 15 April 2012 12:17, Michele Vezzoli <michele.vezz...@var-dump.it> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Michele Vezzoli  
View profile  
 More options Apr 16 2012, 6:11 am
From: Michele Vezzoli <michele.vezz...@var-dump.it>
Date: Mon, 16 Apr 2012 12:11:49 +0200
Local: Mon, Apr 16 2012 6:11 am
Subject: Re: [APE Project] Re: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author

Thank you very much!!

this configuration works perfectly!!!

Now I have ape under ssl!!!

Bye!

2012/4/15 Matija Hiti <matija.h...@gmail.com>

--
------------------------------
*Michele Vezzoli*   *IT Manager*

TEL: +39.030.5230600  MOB: +39.328.0555322   FAX: +39.030.5230600  SKYPE:
 michele.vezzoli.vardump
VarDump S.r.l. - www.var-dump.it

This e-mail message does not imply or cause any obligation, unless it is
provided by a previous written agreement. This message is confidential: if
you have received it by mistake, please advise immediately the sender by
e-mail and destroy the message and its attachments. You are hereby notified
that any unauthorized use of the content of this message could constitute a
criminal offence. Thank you.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Michele Vezzoli  
View profile  
 More options Apr 16 2012, 6:22 am
From: Michele Vezzoli <michele.vezz...@var-dump.it>
Date: Mon, 16 Apr 2012 12:22:16 +0200
Local: Mon, Apr 16 2012 6:22 am
Subject: Re: [APE Project] Re: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author

http://www.ape-project.org/wiki/index.php/SSL_with_ape

I  updated the wiki!

2012/4/16 Michele Vezzoli <michele.vezz...@var-dump.it>

--
------------------------------
*Michele Vezzoli*   *IT Manager*

TEL: +39.030.5230600  MOB: +39.328.0555322   FAX: +39.030.5230600  SKYPE:
 michele.vezzoli.vardump
VarDump S.r.l. - www.var-dump.it

This e-mail message does not imply or cause any obligation, unless it is
provided by a previous written agreement. This message is confidential: if
you have received it by mistake, please advise immediately the sender by
e-mail and destroy the message and its attachments. You are hereby notified
that any unauthorized use of the content of this message could constitute a
criminal offence. Thank you.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Matija Hiti  
View profile  
 More options Apr 16 2012, 7:11 am
From: Matija Hiti <matija.h...@gmail.com>
Date: Mon, 16 Apr 2012 13:11:22 +0200
Local: Mon, Apr 16 2012 7:11 am
Subject: Re: [APE Project] Re: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author

Hey Michele,
Great to hear you got it working. And thanks for the wiki update.

Matija

On 16 April 2012 12:22, Michele Vezzoli <michele.vezz...@var-dump.it> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
CCC Jr.  
View profile  
 More options Jan 9, 12:48 am
From: "CCC Jr." <karlin...@gmail.com>
Date: Tue, 8 Jan 2013 21:48:08 -0800 (PST)
Local: Wed, Jan 9 2013 12:48 am
Subject: Re: APE + Stunnel + SSL
Print | Individual message | Show original | Report this message | Find messages by this author

Hi... is the wiki page down? no main content as per checking. tnx


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google