Blue Iris 5 - Stunnel & HTTPS Issues

[OgRoar]

Here is the error from Stunnel: 2021.08.24 19:34:54 LOG3[5]: SSL_accept: ssl/record/rec_layer_s3.c:1543: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown

 

[majones]

I've mostly switched from stunnel to ZeroTier that creates a virtual LAN with point-to-point connectivity. It's easy to set up and doesn't need any maintenance.

 

[OgRoar]

I don't think Cloudfare will work for this or I don't get it.

I just bought a ssl through registrar and had it setup in 20min.

$30 for 5 years sure beats me spending time every 3mo renewing it.

 

[jmhmcse]

When creating your own self-signed cert, you can specify how long you want the cert to be valid.... in the following example, 10 years.

I've not used the auto-generation web sites but rather install OpenSSL (windows or linux) and create them myself. The basic steps...

STEP 1:
openssl genrsa -out CertificateAuthority.KEY 4096

STEP 2:
openssl req -new -x509 -days 3650 -key CertificateAuthority.KEY -out CertificateAuthority.CERT -config openssl.cnf

STEP 3:
openssl pkcs12 -export -out CertificateAuthority.p12 -inkey CertificateAuthority.KEY -in CertificateAuthority.CERT

The output files names to contents are:

CertificateAuthority.KEY - text file, private key, no password
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

CertificateAuthority.CERT - text file, certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

ClientCertificate.P12 - p12 binary file, certificate

===============
In depth How-To
How-to: Make Your Own Cert With OpenSSL on Windows

How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded)

As several things have changed since I published “Howto: Make Your Own Cert With OpenSSL on Windows” 5 years ago, I’m publishing an updated how-to. This time, I’m using the …

blog.didierstevens.com

The above has instructions/links to download, install, configure the OpenSSL software; i.e. openssl.cnf.