Re: tls with relayd (on 5.7) and key without password
Does not work for me. #/etc/relayd.conf relayd_addr=127.0.0.1 relayd_port=8080 prefork 10 http protocol httpfilter { # Return HTTP/HTML error pages to the client return error # Block disallowed sites match request label URL filtered! block request quick url www.example.com/ value * } http protocol http_tls { tls tlsv1 tls ca key /etc/ssl/private/ca.key password secret tls ca cert /etc/ssl/ca.crt } relay httpproxy { # Listen on localhost, accept diverted connections from pf(4) listen on $relayd_addr port $relayd_port protocol httpfilter # Forward to the original target host forward to destination } relay sslproxy { listen on 127.0.0.1 port 8443 tls protocol http_tls transparent forward with tls to destination } #EOF #Error messages # relayd -d -vv -f /etc/relayd.conf startup socket_rlimit: max open files 1024 relay_load_certfiles: using ca certificate /etc/ssl/ca.crt socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca key /etc/ssl/private/ca.key /etc/relayd.conf:40: cannot load certificates for relay sslproxy ca exiting, pid 1218 ca exiting, pid 23391 ca exiting, pid 2336 ca exiting, pid 19464 ca exiting, pid 11404 ca exiting, pid 17412 hce exiting, pid 27069 ca exiting, pid 21514 ca exiting, pid 1904 ca exiting, pid 17808 ca exiting, pid 28847 pfe exiting, pid 818 relay exiting, pid 19581 relay exiting, pid 424 relay exiting, pid 29429 relay exiting, pid 13760 relay exiting, pid 4374 relay exiting, pid 3337 relay exiting, pid 11683 relay exiting, pid 5846 relay exiting, pid 22453 relay exiting, pid 2398 #EOF 2015-05-03 18:51 GMT-03:00 Comète com...@daknet.org: That works ! Thanks a lot ! 3 mai 2015 20:50 mxb a écrit: Try to create symlink in /etc/ssl/private. ln -s mydomain.org (http://mydomain.org).key 1.2.3.4.key, where “1.2.3.4” is your address in $ext_addr. //mxb On 3 maj 2015, at 13:04, Comète wrote: Hi, my tls key has no password and i already use it for other stuff, so i try to enable TLS with relayd like this: http protocol http_tls { tls tlsv1 tls ca key /etc/ssl/private/mydomain.org.key password tls ca cert /etc/ssl/mydomain.org.crt } relay transptls { listen on $ext_addr port 443 tls protocol http_tls transparent forward with tls to 127.0.0.1 port http } but i get this error: startup socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key /etc/relayd.conf:24: cannot load certificates for relay transptls no actions, nothing to do ca exiting, pid 29173 pfe exiting, pid 19946 ca exiting, pid 3806 ca exiting, pid 24689 hce exiting, pid 32289 relay exiting, pid 22936 relay exiting, pid 25790 So, is it possible to use a tls key without password with relayd ? Thank you Morgan -- Antonio Feitosa (http://twitter.com/teebsd) #Security Consultant, #OpenBSD addicted, #ARM hobbyst and #Blues #Musician. #P2P is the real #cloudcomputing. Rio de Janeiro, Brazil · Github: https://github.com/TeeBSD Blog: http://teebsd.github.io/
Re: tls with relayd (on 5.7) and key without password
Someone else with that issue? 2015-05-30 17:28 GMT-03:00 Antonio Feitosa antonio@gmail.com: Does not work for me. #/etc/relayd.conf relayd_addr=127.0.0.1 relayd_port=8080 prefork 10 http protocol httpfilter { # Return HTTP/HTML error pages to the client return error # Block disallowed sites match request label URL filtered! block request quick url www.example.com/ value * } http protocol http_tls { tls tlsv1 tls ca key /etc/ssl/private/ca.key password secret tls ca cert /etc/ssl/ca.crt } relay httpproxy { # Listen on localhost, accept diverted connections from pf(4) listen on $relayd_addr port $relayd_port protocol httpfilter # Forward to the original target host forward to destination } relay sslproxy { listen on 127.0.0.1 port 8443 tls protocol http_tls transparent forward with tls to destination } #EOF #Error messages # relayd -d -vv -f /etc/relayd.conf startup socket_rlimit: max open files 1024 relay_load_certfiles: using ca certificate /etc/ssl/ca.crt socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca key /etc/ssl/private/ca.key /etc/relayd.conf:40: cannot load certificates for relay sslproxy ca exiting, pid 1218 ca exiting, pid 23391 ca exiting, pid 2336 ca exiting, pid 19464 ca exiting, pid 11404 ca exiting, pid 17412 hce exiting, pid 27069 ca exiting, pid 21514 ca exiting, pid 1904 ca exiting, pid 17808 ca exiting, pid 28847 pfe exiting, pid 818 relay exiting, pid 19581 relay exiting, pid 424 relay exiting, pid 29429 relay exiting, pid 13760 relay exiting, pid 4374 relay exiting, pid 3337 relay exiting, pid 11683 relay exiting, pid 5846 relay exiting, pid 22453 relay exiting, pid 2398 #EOF 2015-05-03 18:51 GMT-03:00 Comète com...@daknet.org: That works ! Thanks a lot ! 3 mai 2015 20:50 mxb a écrit: Try to create symlink in /etc/ssl/private. ln -s mydomain.org (http://mydomain.org).key 1.2.3.4.key, where “1.2.3.4” is your address in $ext_addr. //mxb On 3 maj 2015, at 13:04, Comète wrote: Hi, my tls key has no password and i already use it for other stuff, so i try to enable TLS with relayd like this: http protocol http_tls { tls tlsv1 tls ca key /etc/ssl/private/mydomain.org.key password tls ca cert /etc/ssl/mydomain.org.crt } relay transptls { listen on $ext_addr port 443 tls protocol http_tls transparent forward with tls to 127.0.0.1 port http } but i get this error: startup socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key /etc/relayd.conf:24: cannot load certificates for relay transptls no actions, nothing to do ca exiting, pid 29173 pfe exiting, pid 19946 ca exiting, pid 3806 ca exiting, pid 24689 hce exiting, pid 32289 relay exiting, pid 22936 relay exiting, pid 25790 So, is it possible to use a tls key without password with relayd ? Thank you Morgan -- Antonio Feitosa (http://twitter.com/teebsd) #Security Consultant, #OpenBSD addicted, #ARM hobbyst and #Blues #Musician. #P2P is the real #cloudcomputing. Rio de Janeiro, Brazil · Github: https://github.com/TeeBSD Blog: http://teebsd.github.io/ -- Antonio Feitosa (http://twitter.com/teebsd) #Security Consultant, #OpenBSD addicted, #ARM hobbyst and #Blues #Musician. #P2P is the real #cloudcomputing. Rio de Janeiro, Brazil · Github: https://github.com/TeeBSD Blog: http://teebsd.github.io/
Re: tls with relayd (on 5.7) and key without password
That works ! Thanks a lot ! 3 mai 2015 20:50 mxb a écrit:  Try to create symlink in /etc/ssl/private. ln -s mydomain.org (http://mydomain.org).key 1.2.3.4.key, where â1.2.3.4â is your address in $ext_addr.  //mxb   On 3 maj 2015, at 13:04, Comète wrote: Hi, my tls key has no password and i already use it for other stuff, so i try to enable TLS with relayd like this: http protocol http_tls {    tls tlsv1    tls ca key /etc/ssl/private/mydomain.org.key password    tls ca cert /etc/ssl/mydomain.org.crt } relay transptls {    listen on $ext_addr port 443 tls    protocol http_tls    transparent forward with tls to 127.0.0.1 port http } but i get this error: startup socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key /etc/relayd.conf:24: cannot load certificates for relay transptls no actions, nothing to do ca exiting, pid 29173 pfe exiting, pid 19946 ca exiting, pid 3806 ca exiting, pid 24689 hce exiting, pid 32289 relay exiting, pid 22936 relay exiting, pid 25790 So, is it possible to use a tls key without password with relayd ? Thank you Morgan  Â
tls with relayd (on 5.7) and key without password
Hi, my tls key has no password and i already use it for other stuff, so i try to enable TLS with relayd like this: http protocol http_tls { tls tlsv1 tls ca key /etc/ssl/private/mydomain.org.key password tls ca cert /etc/ssl/mydomain.org.crt } relay transptls { listen on $ext_addr port 443 tls protocol http_tls transparent forward with tls to 127.0.0.1 port http } but i get this error: startup socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key /etc/relayd.conf:24: cannot load certificates for relay transptls no actions, nothing to do ca exiting, pid 29173 pfe exiting, pid 19946 ca exiting, pid 3806 ca exiting, pid 24689 hce exiting, pid 32289 relay exiting, pid 22936 relay exiting, pid 25790 So, is it possible to use a tls key without password with relayd ? Thank you Morgan
Re: tls with relayd (on 5.7) and key without password
Try to create symlink in /etc/ssl/private. ln -s mydomain.org http://mydomain.org/.key 1.2.3.4.key, where â1.2.3.4â is your address in $ext_addr. //mxb On 3 maj 2015, at 13:04, Comète com...@daknet.org wrote: Hi, my tls key has no password and i already use it for other stuff, so i try to enable TLS with relayd like this: http protocol http_tls { tls tlsv1 tls ca key /etc/ssl/private/mydomain.org.key password tls ca cert /etc/ssl/mydomain.org.crt } relay transptls { listen on $ext_addr port 443 tls protocol http_tls transparent forward with tls to 127.0.0.1 port http } but i get this error: startup socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key /etc/relayd.conf:24: cannot load certificates for relay transptls no actions, nothing to do ca exiting, pid 29173 pfe exiting, pid 19946 ca exiting, pid 3806 ca exiting, pid 24689 hce exiting, pid 32289 relay exiting, pid 22936 relay exiting, pid 25790 So, is it possible to use a tls key without password with relayd ? Thank you Morgan