[stunnel-users] certificate verify failed

Hi All,

I'm trying to create SSl tunnel between my server (Win 2008 R2, 4.56 version of stunnel) and remote application server - I have merged both root and sub certificate into 1 file and it looks like it can verify them and accept them as well, but then it tries to verify it at depth=0 and says certificate not found in local repository. Am I missing anything here ? (I modified messages to not disclose details of certificates in the debug below).

Thank you! BR, Roman

2013.06.18 11:22:34 LOG7[272:2156]: Service [SZX] started

2013.06.18 11:22:34 LOG5[272:2156]: Service [SZX] accepted connection from 127.0.0.1:49397

2013.06.18 11:22:34 LOG6[272:2156]: connect_blocking: connecting 10.254.0.21:443

2013.06.18 11:22:34 LOG7[272:2156]: connect_blocking: s_poll_wait 10.254.0.21:443: waiting 10 seconds

2013.06.18 11:22:34 LOG5[272:2156]: connect_blocking: connected 10.254.0.21:443

2013.06.18 11:22:34 LOG5[272:2156]: Service [SZX] connected remote server from 192.168.20.23:49398

2013.06.18 11:22:34 LOG7[272:2156]: Remote socket (FD=396) initialized

2013.06.18 11:22:34 LOG7[272:2156]: SNI: sending servername: 10.254.0.21

2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): before/connect initialization

2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): SSLv3 write client hello A

2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): SSLv3 read server hello A

2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification: depth=2, /CN=xxx RootCA

2013.06.18 11:22:34 LOG5[272:2156]: Certificate accepted: depth=2, /CN=xxx RootCA

2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification: depth=1, /CN=xxx

2013.06.18 11:22:34 LOG5[272:2156]: Certificate accepted: depth=1, /CN=xxx SubCA1

2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification: depth=0, /C=zzz

2013.06.18 11:22:34 LOG4[272:2156]: CERT: Certificate not found in local repository

2013.06.18 11:22:34 LOG4[272:2156]: Certificate check failed: depth=0, /C=zzz

2013.06.18 11:22:34 LOG7[272:2156]: SSL alert (write): fatal: certificate unknown

2013.06.18 11:22:34 LOG3[272:2156]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

2013.06.18 11:22:34 LOG5[272:2156]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket

2013.06.18 11:22:34 LOG7[272:2156]: Remote socket (FD=396) closed

2013.06.18 11:22:34 LOG7[272:2156]: Local socket (FD=376) closed

2013.06.18 11:22:34 LOG7[272:2156]: Service [SZX] finished (0 left)