On Thu, 17 Mar 2005, Richard Houston wrote:
I have replace the keys alreay. These are new keys altogether.
It's not the keys that are wrong, they're in the wrong places. The verify failure indicates just that: both server and client have problems verifying the authenticity of oneanother.
Now try this.
At the server side:
-change verify in '=2'
At the client side:
Make sure the client certificate is not commented out as it looks like in your config:
CApath=c:\stunnel #cert=c:\stunnel\traf-test.pem
Without a certificate at the client side there's no way the client will ever authenticate to your 'verify = 2' server.
Secondly; remove the 'CAPath' directive from your client configuration and add the 'CAfile = /etc/stunnel/cacert.pem' to it. Do make sure you copy the cacert.pem to your client ;).
I trust you did not include the private key of your CA in cacert.pem ;).
Let me know what happens.
Jan