Approximately 2008-03-11 22:46 -0700, sf.techguy@gmail.com cajoled:
I purchased a security certificate from comodo, and was able to get it installed and working (mostly) with stunnel, but when I browse to the website, I get an error that the the browser can't verify the identity of the site, due to a problem w/the security cert.
I called comodo, and they the error is caused by stunnel not seeing the intermediate certificate files that they told me need to be installed in order for their certificate to work. These files were:
ComodoUTNServerCA.crt UTNAddTrustServerCA.crt AddTrustExternalCARoot.crt EssentialSSLCA.crt my_server_net.crt
I modified stunnel.conf, and included this line:
CApath = ca-certs/ (<- dir path, relative to chroot, containing above files)
CAPath is for verifying the certs of others - this is not the configuration directive you're looking for.
Concatenate the pems for both your server's key, cert, and all intermediate certs - use that as your stunnel.pem (or whatever you have named it.) This way when your stunnel server sends the client (browser) its cert, it sends both the cert and those other entities in the chain, and the browser should have the full picture of the chain of trust.