On Thu, 17 Mar 2005, Richard Houston wrote:
I have replace the keys alreay. These are new keys altogether.
It's not the keys that are wrong, they're in the wrong places. The verify failure indicates just that: both server and client have problems verifying the authenticity of oneanother. Now try this. At the server side: -change verify in '=2' At the client side: Make sure the client certificate is not commented out as it looks like in your config:
CApath=c:\stunnel #cert=c:\stunnel\traf-test.pem
Without a certificate at the client side there's no way the client will ever authenticate to your 'verify = 2' server. Secondly; remove the 'CAPath' directive from your client configuration and add the 'CAfile = /etc/stunnel/cacert.pem' to it. Do make sure you copy the cacert.pem to your client ;). I trust you did not include the private key of your CA in cacert.pem ;). Let me know what happens. Jan -- http://www.surfnet.nl/organisatie/jame