Michal, et al,
When attempting to connect from a Windows box to a Solaris box (as the server), the Solaris stunnel log (debug = 7) shows that the certificate on the Windows box (included with the download) has expired. I can connect from a Solaris 9 client box with no problems.
The Solaris box is running as an NTP client to an internal NTP server. The Windows box isn't logged into a domain, but the time is within 5 minutes of the Solaris box.
Solaris server: Solaris 9 (2004/09, no patches) OpenSSL 0.9.8a Stunnel 4.15
Application: Syslog-ng 1.6.11 (working fine on a client Solaris 9 box)
Windows client: Windows XP Stunnel 4.15
Application: EventReporter 8.0.268/8.0.219
stunnel.conf: (borrowed and modified from a Solaris client box)
; ;CLIENT-ONLY stunnel configuration file ; client = yes cert = C:\Program Files\stunnel\stunnel.pem-client-certificate CAfile = C:\Program Files\stunnel\stunnel.pem-server-certificate ;chroot = /var/run/stunnel ;pid = /usr/local/var/run/stunnel/stunnel.pid ;setuid = stunnel ;setgid = stunnel verify = 3 ;foreground = yes debug = 7 output = C:\Program Files\stunnel\stunnel.log [5140] accept = 127.0.0.1:514 connect = 192.168.0.143:5140
If the certificate has truly expired, could you post a new one? If not, any suggestions?
Regards,
John Boxall
On 2006-06-29, at 22:15, Boxall, John wrote:
If the certificate has truly expired, could you post a new one? If not, any suggestions?
You could test it with: $ openssl x509 -text -in stunnel.pem | grep GMT Not Before: Apr 8 15:09:08 1999 GMT Not After : Apr 7 15:09:08 2000 GMT
You should never use the sample certificate except for testing!
Create your own certificate/key instead: http://www.pseudonym.org/ssl/ssl_cook.html
Best regards, Mike
-
Boxall, John -
Michal Trojnara