I have a client application. The server application gave me a PEM file, and require me to connect using SSL. I use stunnel and specified the certification file to be the PEM file, and set client=yes. When I run stunnel I see the following error at startup:
[!] error queue: : error: :SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib [!] SSL_CTX_use_PrivateKey_file: : error: :PEM routines:PEM_read_bio:no start line
The PEM file looks ok, it has -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. I use
openssl x509 -inform PERM -in filename.pem -text
to view the content and it looks ok.
Any idea what could go wrong?
I guess you want to use the given certificate to verify the connection and thus you need to specify it as CAfile. What you probably did instead was to specify it as a client certificate which gets send to the server to authenticate the client. But this is just a guess, because you did not provide the configuration in your question.
If you really want to use client authentication then you also have to provide the private key matching the certificate. If you don't specify a key it will look for it in the cert file, and in your case it did not find it there.