Abdel,
I would do it like this:
1. In your cpanel.pem you should place only the host cert and key. 2. Uncomment your CAPath sentence. 3. Put rapidssl intermediate and root certs in /etc/stunnel/rapidssl 4. Run c_rehash . in /etc/stunnel/rapidssl
Let me know how it goes.
-----Original Message----- From: Abdelkarim Mateos Sanchez ceo@islaserver.com Sender: stunnel-users-bounces@stunnel.org Date: Tue, 08 Feb 2011 10:01:46 To: stunnel-users@stunnel.org Reply-To: abkrim@tamainut.com Subject: [stunnel-users] Using CA intyermediate on stunnel problem
Hi.
We are using RapidSSL certificate for my hosts.
We are using stunnel for ASSP (AntiSpam Proxy System)
We are trying use this certificate but get some errors. We are looking for solution but problem persist,
cert = /etc/stunnel/cpanel.pem chroot = /usr/local/cpanel/var/run/stunnel-assp/ pid = /stunnel.pid setuid = stunnel setgid = stunnel output = /var/log/stunnel.log [ssmtp] accept = 465 connect = 127.0.0.2:26 #CAfile = /etc/stunnel/cpanel.cabundle #CApath = /etc/stunnel/rapidssl/
When try connect get this error
depth=0 /serialNumber=cso/HwRW/nTj87jIivvttDvfpI7rUt2c/C=ES/O=genesis.islaserver.com/OU=GT15685418/OU=See www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - RapidSSL(R)/CN=genesis.islaserver.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /serialNumber=cso/HwRW/nTj87jIivvttDvfpI7rUt2c/C=ES/O=genesis.islaserver.com/OU=GT15685418/OU=See www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - RapidSSL(R)/CN=genesis.islaserver.com verify error:num=27:certificate not trusted verify return:1 depth=0 /serialNumber=cso/HwRW/nTj87jIivvttDvfpI7rUt2c/C=ES/O=genesis.islaserver.com/OU=GT15685418/OU=See www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - RapidSSL(R)/CN=genesis.islaserver.com verify error:num=21:unable to verify the first certificate verify return:1
Of /etc/stunnel/cpanel.pem there're
KEY and CERT for host CA intermediate certificate for RapidSSL
I'm lost.
Apreciate help.