Hi,

I got VeriSign Test SSL certificate. I have been trying to configure it with STunnel. But there are errors in STunnel. I have placed private key and CA signed certificate in a separate file named ‘stunnel.pem’. Root and Intermediate certificates have been placed in following order in a file named ‘ca.pem’

stunnel.pem

-----BEGIN RSA PRIVATE KEY-----
encrypted key
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
VeriSign signed certificate
-----END CERTIFICATE-----

ca.pem
-----BEGIN CERTIFICATE-----
VeriSign Intermediate CA Certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
VeriSign Root CA Certificate
-----END CERTIFICATE-----

Here is stunnel.conf file.

;key = server.key
cert = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
CAfile = ca.pem
;CAfile=zosIntermediate.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
output = stunnel.log

; Use it for client mode
client = no

I have also tried to change order of certificates but nothing is working. Anyone have idea how it can work. Your cooperation will be highly appreciated.

Thanks,

Zubair