Jan Meijer said:
Hi Richard,
On Thu, 17 Mar 2005, Richard Houston wrote:
I have take over a stunnel install and all the clients certs have expired.
I didn't read anywhere in your logs the certs had expired ;).
Could you please send over the config of both your server and your client? It's probably something simple but looks like you made errors in both configs.
Jan
Hi Jan,
I have replace the keys alreay. These are new keys altogether.
Here is the configs as requested:
Server:
cert = /etc/stunnel/server.pem #chroot = /usr/local/var/run/stunnel/ # PID is created inside chroot jail pid = /tmp/stunnel.pid setuid = nobody #setgid = nogroup foreground = no
# Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS
# Authentication stuff verify = 333 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /etc/stunnel/certs # or simply use CAfile instead: CAfile = /etc/stunnel/cacert.pem
# Some debugging stuff debug = 7 output = /var/log/stunnel.log
# Use it for client mode #client = yes
# Service-level configuration
[school4] accept = XX.XXX.XXX.XXX:443 connect = 10.10.10.12:23 TIMEOUTidle = 3600
Client:
CApath=c:\stunnel #cert=c:\stunnel\traf-test.pem client = yes verify = 2 debug=7
[schools] accept = 23 connect = XX.XXXX.XX.XX:443
Thanks for the help!