Hello. I want to repost this because I have heard nothing in response although it was posted a few days ago. I am new to using this group and not certain how long I should expect to wait. Excuse the reposting if I should seem impatient, as I do not mean it in that way. But I do want to be sure that I am posting it correctly too. Thanks.
John
From: stunnel-users-bounces@stunnel.org [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of John A. Wallace Sent: Tuesday, January 17, 2012 3:03 AM To: stunnel-users@stunnel.org Subject: [stunnel-users] certificate authentications Importance: High
I have two questions, which I think may be related, regarding how to use the information from stunnel log. I use stunnel to connect to an SMTP server on the internet from my home network, and in particular from my Windows laptop. My stunnel version is this:
stunnel 4.50 on x86-pc-mingw32-gnu platform
Compiled/running with OpenSSL 0.9.8r-fips 8 Feb 2011
It works well for my purposes, and I can see, by using a program for monitoring process and network connections, that the connections are now secured as expected. However, I believe it can be made more secure if I can utilize the certificate that is offered by the server, but I am not sure how to make that happen.
In my stunnel log for the connection, I get this message:
Client-mode smtp protocol negotiations started
Client-mode smtp protocol negotiations succeeded
No peer certificate received
SSL connected: new session negotiated
Negotiated ciphers: ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
My first question is, how should I go about getting that "No peer certificate received" issue corrected and how do I install it? Secondly, when I issue this command at the cmd shell prompt:
openssl s_client -starttls smtp -connect host.server:port
The output is lengthy and it includes, among other things, clearly what is identified as a certificate. I have been told that this is a good certificate, and one that I should utilize for an authenticated connection. So, my question is, is this the same certificate that I saw referenced in the log as the "peer certificate", and how do I go about putting this certificate where it belongs in my directory? I know how to copy it and save it as a file, but where do I put it and should it have a special name?
If someone wants to direct me to the correct instruction for doing this, that would be fine too. I am just looking for some pointers for assistance. Thanks.