-
-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to configure TLS #825
Comments
Those lines look fine – and should work. If it doesn’t start, there should be some kind of output. It may, however, not be in the log file you specified but on stderr. This happens for instance if it can’t read your config file. If you start the service via systemd, then this output should appear of you run |
Hi, we see a similar problem, however with an error message:
Config:
Cert and key look fine, however. They also work with our existing reverse proxy (stunnel). |
As it says, the key file doesn’t contain a key (yeah, it could be more helpful, but this is coming from a dependency). Is it perchance using a passphrase? We can’t deal with that. |
We solved with this operations:
After this operation routinator started successsfully. |
It contains a (single) key in PEM format. The exact same key/cert pair works with e.g. stunnel. |
OK, got it working now, it does not like
Removing |
Oh, interesting! That would explain why my tests all succeeded. My test key – generated with OpenSSL – only has the |
Turns out I was “holding it wrong.” We’ll sneak this one into the upcoming 0.12.1 with a new release candidate following soon. |
Great, thanks! Glad that I wasn't holding it wrong and you already fixed it in no time :) |
When we add to /etc/routinator/routinator.conf the following lines:
http-tls-listen = ["IPv4:8324", "[IPv6]:8324"]
http-tls-cert = "/etc/ssl/certificate.crt"
http-tls-key = "/etc/sss/private.key"
log = "file"
log-file = "/var/log/routinator.log"
log-level = "debug"
the service doesn't start and any debug log is written.
Could you tell us if we are configuring it wrong or if there is some mispell?
Both certificate and private key are in PEM format.
The text was updated successfully, but these errors were encountered: