On Tue, 2016-05-17 13:08:33 +0000, David Faizulaev wrote:

Latest update: After further investigation, it became evident that Stunnel should run as client. Therefore, I've converted my existing certs file (from my application) into a PEM file. The file includes -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----.

But I still get an error:

2016.05.17 15:57:24 LOG4[281]: CERT: Pre-verification error: self signed certificate in certificate chain 2016.05.17 15:57:24 LOG4[281]: Rejected by CERT at depth=1: CN=NextnineCA 2016.05.17 15:57:24 LOG3[281]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Here is the current configuration:

[custom] client = yes accept = 127.0.0.1:8449 connect = 192.168.220.62:443 verify = 2 CAfile = myapp.pem

David,

CAfile should point to a list of trusted certificates. The file(s) for your pair of certificate and key should be specified with cert=... (and key=..., if certificate and key are stored to separate files).

Are the log messages generated at stunnel startup or at connection establishment?

Ludolf