I need help getting SSL to worh with HFS beta build 253 pls

[ninjapimp]

I've tried for a few hours but i can't make it work.

i get this error from the stunnel log:
2010.02.10 14:27:13 LOG7[3828:2352]: Snagged 64 random bytes from C:/.rnd
2010.02.10 14:27:13 LOG7[3828:2352]: Wrote 1024 new random bytes to C:/.rnd
2010.02.10 14:27:13 LOG7[3828:2352]: RAND_status claims sufficient entropy for the PRNG
2010.02.10 14:27:13 LOG7[3828:2352]: PRNG seeded successfully
2010.02.10 14:27:13 LOG7[3828:2352]: Certificate: stunnel.pem
2010.02.10 14:27:13 LOG7[3828:2352]: Certificate loaded
2010.02.10 14:27:13 LOG7[3828:2352]: Key file: stunnel.pem
2010.02.10 14:27:13 LOG7[3828:2352]: Private key loaded
2010.02.10 14:27:13 LOG7[3828:2352]: SSL context initialized for service https
2010.02.10 14:27:13 LOG5[3828:2352]: stunnel 4.29 on x86-pc-mingw32-gnu with OpenSSL 0.9.8l 5 Nov 2009
2010.02.10 14:27:13 LOG5[3828:2352]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2010.02.10 14:27:13 LOG5[3828:1048]: No limit detected for the number of clients
2010.02.10 14:27:13 LOG7[3828:1048]: FD 200 in non-blocking mode
2010.02.10 14:27:13 LOG7[3828:1048]: SO_REUSEADDR option set on accept socket
2010.02.10 14:27:13 LOG3[3828:1048]: Error binding https to 0.0.0.0:443
2010.02.10 14:27:13 LOG3[3828:1048]: bind: Permission denied (WSAEACCES) (10013)

2010.02.10 14:27:13 LOG3[3828:1048]: Server is down
--------------------------------------------------------
i download stunnel from here: ftp://stunnel.mirt.net/stunnel/
i create a fresh PEM file from here: http://www.stunnel.org/pem/
here is my list of what I've done to set it up thus far:
1. make a new fodler called HFS_2
2. put a copy of hfs253.exe in it and rename it to HFS_SSL_253.exe
3. download stunnel and extract it to same folder as hfs
4. place the created PEM file in same folder as HFS
5. i then read http://www.rejetto.com/wiki/index.php?title=HFS:_Secure_your_server
6. edit/create the stunnel.conf file which looks like this:
; Lines preceded with a “;” are comments
; Empty lines are ignored
; For more options and details: see the manual (stunnel.html)

; File with certificate and private key
cert = stunnel.pem
key = stunnel.pem

; Log (1= minimal, 5=recommended, 7=all) and log file)
; Preceed with a “;” to disable logging
debug = 5
output = stunnel.log

; Some performance tuning
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Data compression algorithm: zlib or rle
compression = zlib

; SSL bug options / NO SSL:v2 (SSLv3 and TLSv1 is enabled)
options = ALL
options = NO_SSLv2

; Service-level configuration
; Stunnel listens to port 443 (HTTPS) to any IP
; and connects to port 44300 (HFS) on localhost
[https]
accept = 0.0.0.0:443
connect = 127.0.0.1:44300
TIMEOUTclose = 0

7. in HFS i change IP address to 127.0.0.1
8. In HFS i change port to 443
9. my router firewall is also forwarding port 443


if i type the url of my site it fails
https://xxx.server.com:443    says page not found
i'm not ahving much luck. stunnel seems to accept the stunnel.pem file fine
http://xxx.server.com:443   this works but its not in SSL..how to make it go into SSL?

what am I doing wrong. I believe I have all the proper files in the folder as they should be and followed the wiki step by step except I created online my key i did not use openssl.

can someone take pity and point out the obvious mistake im making.

note: i did go back and try to create my own PEM file using openssl but could not amke it work
openssl.exe req -new -x509 -days 3650 -nodes -config pem.conf -out stunnel.pem -keyout stunnel.pem

problem is theres no such file openssl.exe
i dowbload openssl-0.9.8l.tar.gz and extract and search for openssl.exe but its not there.

can i bypass using openssl to make my key and just use the website to create one for me? i was told that would work just as good to.

[mudputty]

One thing I did as far as the certificates go is I got a free one from StartCom. It was easy to do, and now my site is secure with no certificate errors.

[ninjapimp]

but i dont see a cert error

[r][m]

ninjapimp
What port do you have HFS set to ?
Looking at your stunnel config file,
You have Stunnel set to accept connection from any IP on default 443.
It looks like stunnel is set to connect to HFS on 127.0.0.1:44300,
So HFS should be listening on 127.0.0.1:44300.

[ninjapimp]

ninjapimp
What port do you have HFS set to ?
Looking at your stunnel config file,
You have Stunnel set to accept connection from any IP on default 443.
It looks like stunnel is set to connect to HFS on 127.0.0.1:44300,
So HFS should be listening on 127.0.0.1:44300.

HFS is set to port 443

any ideas how to fix or make this work>
the stunnel log clearly shows the cert is loading properly but i dont know why it says server down.
i launch stunnel, gives me error. i launch HFS
if i try HFS first then stunnel same error ( server down)

[SilentPliz]

accept = 443  ->   is the open port in your router and it communicates with Stunnel.

connect = 44300  ->   is the listening port of HFS to set ... in HFS...  don't open this port in your router.


In HFS :

- Accept connections : 127.0.0.1 or Any adress

- IP adress : 127.0.0.1

- Menu > Limits > Bans ... enter \127.0.0.1  and the local IP of your PC ; frequently 192.168.xxx.xxx

eg :

\127.0.0.1;192.168.1.6
or
\127.0.0.1;192.168.*.*  

color red= ip sample
------------------------------------------------

To connect you locally :

eg :

http :

http://127.0.0.1:44300  or http://localhost:44300 ...etc...

https (SSL) :

https://localhost:443 or https://192.168.1.6:443 or https://xxx.server.com:443...etc..

------------------------------------------------

Users connect from outside at your server like that (and only SSL) :

https://xxx.server.com or https://xxx.server.com:443 or https://your_external_ip:443

[ninjapimp]

accept = 443 ->   is the open port in your router and it communicates with Stunnel

this port is being forwarded.


connect = 44300  ->   is the listening port of HFS to set ... in HFS...  don't open this port in your router.
i did nothing on this..

In HFS:

- Accept connections : 127.0.0.1or Any adress
i set it to any address

- IP adress : 127.0.0.1
yes its set to that exact number

- Menu> Limits[ > Bans ... enter \127.0.0.1 and the local IP of your PC ; frequently 192.168.xxx.xxx
yes i add 2 bans, 127.0.0.1 and 192.168.0.100

still fails
not having any luck

[r][m]

ninjapimp
If everything is still set like your first post HFS should be set to port 44300.
Is It?

If that doesn't work try setting every thing to default.
Stunnel config
[https]
accept  = 0.0.0.0:443
connect = 127.0.0.1:80

Set HFS to port 80

Set your router to open port 80 for HFS and port 443 for stunnel.
You should be able to connect to HFS on http://youripaddress/
and stunnel to HFS on  https://youripaddress/  from the internet.

Inside your lan it may be  http://127.0.0.1/ and https://127.0.0.1/
or something like 192.168.1. xx,
If you get it to work then you can work your way backwards to make the ports,
links, etc work as you want. I doubt your connection problem is the cert. I think
when stunnel says server is down, it means it cant connect to HFS?

[ninjapimp]

where do I set 44300. that part I don't get??
I have IIS 7 on my server which uses port 80 so I run my non ssl hfs on port 80
when I try local address in browser it fails but if I click on browse button on hfs it works but it's not in ssl mode

[r][m]

where do I set 44300. that part I don't get??
I have IIS 7 on my server which uses port 80 so I run my non ssl hfs on port 80
when I try local address in browser it fails but if I click on browse button on hfs it works but it's not in ssl mode

Look at the HFS window beside "Menu" is Port. Click on it and change it to 44300.
If it solves the problem, eventually you'd want to "Save Options".
 
If you try the default settings you will have to shut IIS 7 down first, to run the test so the port
wont be in use. Acctually, I'm not sure that running both servers as http:// on port 80 will ever
work properly long term.

[ninjapimp]

I've had hfs running on port 2000 now for a couple of months with iis on port 80 and all seems ok
the only prob I've seen if ppl get access denied on the hfs
I've taken all limits off this prob only comes when I use the rawr template though

I'll go into hfs and set. port to 44300 and retest

[ninjapimp]

http://127.0.0.1:44300
with port 44300 on HFS but page will not display, still fails
i double check the stunnel.conf and it reads
[https]
accept = 0.0.0.0:443
connect = 127.0.0.1:44300

i've double checke all other settings and they are exactly as they should be according to what ya posted.

if i change the ip address and use my static ip...http://64.218.49.xx:44300   then the page does appear

if i try https://64.218.49.27:44300   the page wont appear

i have my first instance of HFS running on port 2000

and my second instance is running on port 443 while i try to get SSL up and running.

so i know my HFS is set to work properly in non ssl mode on port 2000.
and my IIS works fine on port 80

but i'm unable to get hfs and stunnel to work via port 443 or any port for that matter

if i disable IIS and run HFS on port 80 for ssl, same exact problem

i've tried from scratch, but same exact thing, the page will not display if i try :
http://127.0.0.1:44300  or http://localhost:44300  ...etc...

https (SSL) :

https://localhost:443 or https://192.168.1.6:443 or https://xxx.server.com:443...etc..

[ninjapimp]

if i open the stunnel log i see:
2010.02.10 15:14:48 LOG3[3444:3904]: Error binding https to 0.0.0.0:443
2010.02.10 15:14:48 LOG3[3444:3904]: bind: Permission denied (WSAEACCES) (10013)

2010.02.10 15:14:48 LOG3[3444:3904]: Server is down
so theres some error that it cant find 0.0.0.0:443

i dunno i'm stumped
what i thought would be easy to do has turned out to be very hard with very little way to find out how to fix it alas

[ninjapimp]

ninjapimp
If everything is still set like your first post HFS should be set to port 44300.
Is It?

If that doesn't work try setting every thing to default.
Stunnel config
[https]
accept  = 0.0.0.0:443
connect = 127.0.0.1:80

Set HFS to port 80

Set your router to open port 80 for HFS and port 443 for stunnel.
You should be able to connect to HFS on http://youripaddress/
and stunnel to HFS on  https://youripaddress/  from the internet.

Inside your lan it may be  http://127.0.0.1/ and https://127.0.0.1/
or something like 192.168.1. xx,
If you get it to work then you can work your way backwards to make the ports,
links, etc work as you want. I doubt your connection problem is the cert. I think
when stunnel says server is down, it means it cant connect to HFS?

in HFS i set to port 44300
and on my router I have my server set to DMZ now
DMZ simply forwards everything, its wide open.
when i try http://127.0.0.1/  it fails
but if i use the static ip address it works

how to fix this?

how to make ti work on 127.0.0.1 ??

[SilentPliz]

- Menu > Limits > Bans ... enter \127.0.0.1  with the \

exactly : \127.0.0.1;192.168.*.*

--------------------------------------------------------------

try for connect :

http://127.0.0.1:44300

or

http://localhost:44300

or

https://your_192.168...:443