Hi All,
I'm trying to create SSl tunnel between my server (Win 2008 R2, 4.56
version of stunnel) and remote application server - I have merged both
root and sub certificate into 1 file and it looks like it can verify
them and accept them as well, but then it tries to verify it at
depth=0 and says certificate not found in local repository. Am I
missing anything here ? (I modified messages to not disclose details
of certificates in the debug below).
Thank you!
BR,
Roman
2013.06.18 11:22:34 LOG7[272:2156]: Service [SZX] started
2013.06.18 11:22:34 LOG5[272:2156]: Service [SZX] accepted connection
from 127.0.0.1:49397
2013.06.18 11:22:34 LOG6[272:2156]: connect_blocking: connecting 10.254.0.21:443
2013.06.18 11:22:34 LOG7[272:2156]: connect_blocking: s_poll_wait
10.254.0.21:443: waiting 10 seconds
2013.06.18 11:22:34 LOG5[272:2156]: connect_blocking: connected 10.254.0.21:443
2013.06.18 11:22:34 LOG5[272:2156]: Service [SZX] connected remote
server from 192.168.20.23:49398
2013.06.18 11:22:34 LOG7[272:2156]: Remote socket (FD=396) initialized
2013.06.18 11:22:34 LOG7[272:2156]: SNI: sending servername: 10.254.0.21
2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect):
before/connect initialization
2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): SSLv3 write
client hello A
2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): SSLv3 read
server hello A
2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification:
depth=2, /CN=xxx RootCA
2013.06.18 11:22:34 LOG5[272:2156]: Certificate accepted: depth=2,
/CN=xxx RootCA
2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification:
depth=1, /CN=xxx
2013.06.18 11:22:34 LOG5[272:2156]: Certificate accepted: depth=1,
/CN=xxx SubCA1
2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification:
depth=0, /C=zzz
2013.06.18 11:22:34 LOG4[272:2156]: CERT: Certificate not found in
local repository
2013.06.18 11:22:34 LOG4[272:2156]: Certificate check failed: depth=0, /C=zzz
2013.06.18 11:22:34 LOG7[272:2156]: SSL alert (write): fatal:
certificate unknown
2013.06.18 11:22:34 LOG3[272:2156]: SSL_connect: 14090086:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
2013.06.18 11:22:34 LOG5[272:2156]: Connection reset: 0 byte(s) sent
to SSL, 0 byte(s) sent to socket
2013.06.18 11:22:34 LOG7[272:2156]: Remote socket (FD=396) closed
2013.06.18 11:22:34 LOG7[272:2156]: Local socket (FD=376) closed
2013.06.18 11:22:34 LOG7[272:2156]: Service [SZX] finished (0 left)