• Hello Everyone,

    Stunnel 5.37 refuses to start on pfSense 2.4.3-RELEASE-p1 (amd64) with this error in the log:

    Sep 9 00:31:03	stunnel		LOG5[ui]: stunnel 5.44 on amd64-portbld-freebsd11.1 platform
    Sep 9 00:31:03	stunnel		LOG5[ui]: Compiled/running with OpenSSL 1.0.2m-freebsd 2 Nov 2017
    Sep 9 00:31:03	stunnel		LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI
    Sep 9 00:31:03	stunnel		LOG5[ui]: Reading configuration from file /usr/local/etc/stunnel/stunnel.conf
    Sep 9 00:31:03	stunnel		LOG5[ui]: UTF-8 byte order mark not detected
    Sep 9 00:31:03	stunnel		LOG4[ui]: Insecure file permissions on /usr/local/etc/stunnel/56b3fec8a19e2.pem
    Sep 9 00:31:03	stunnel		LOG5[ui]: Configuration successful
    Sep 9 00:32:17	check_reload_status		Syncing firewall
    Sep 9 00:32:17	stunnel		LOG5[main]: Terminated

    First, 56b3fec8a19e2.pem does not exist in: /usr/local/etc/stunnel/ which is my webConfigurator default certificate but in the Stunnel menu I have selected the Certificate to be Default:

    0_1536508262668_Screen Shot 2018-09-09 at 11.49.24.png

    which I assumed would be the:

    /usr/local/etc/stunnel/stunnel.pem. Even the: /usr/local/etc/stunnel/stunnel.conf has the stunnel.pem set to be used:

    cert = /usr/local/etc/stunnel/stunnel.pem 
    chroot = /var/tmp/stunnel 
    setuid = stunnel 
    setgid = stunnel

    I'm not sure why Stunnel still wants to use the webConfigurator default certificate and at this point it appears this is preventing Stunnel from starting or is it something else?

  • Would anyone have an idea as to what is going on? I'm kind of stumped at this point.