Hi, I tried to use stunnel to connect in SSL to a LDAP server. But I can't and I've got this error message: certificate unknown I use stunnel for establishing connexion with IMAPS server and all is right but not for LDAP connexion. The certificate is self-signate. I searched on the list's archives and with google but I can't find any solution... Help !!!

Ludo

ps: these are the stunnel.conf and the log: *************************** cert = stunnel.pem ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS ; Some debugging stuff useful for troubleshooting debug = 7 ;output = stunnel.log ; Use it for client mode client = yes ; Service-level configuration [ldaps] accept = 389 connect = 10.0.0.1:636 verify = 0 [imaps] accept = 143 connect = 10.0.0.2:993 *************************** 2006.05.03 07:52:40 LOG7[4436:2436]: RAND_status claims sufficient entropy for the PRNG 2006.05.03 07:52:40 LOG6[4436:2436]: PRNG seeded successfully 2006.05.03 07:52:40 LOG7[4436:2436]: Certificate: stunnel.pem 2006.05.03 07:52:40 LOG7[4436:2436]: Key file: stunnel.pem 2006.05.03 07:52:40 LOG7[4436:2436]: SSL context initialized for service ldaps 2006.05.03 07:52:40 LOG7[4436:2436]: Certificate: stunnel.pem 2006.05.03 07:52:40 LOG7[4436:2436]: Key file: stunnel.pem 2006.05.03 07:52:40 LOG7[4436:2436]: SSL context initialized for service imaps 2006.05.03 07:52:40 LOG7[4436:2436]: Certificate: stunnel.pem 2006.05.03 07:52:40 LOG7[4436:2436]: Key file: stunnel.pem 2006.05.03 07:52:40 LOG7[4436:2436]: SSL context initialized for service https 2006.05.03 07:52:40 LOG5[4436:2436]: stunnel 4.15 on x86-pc-mingw32-gnu with OpenSSL 0.9.7f 22 Mar 2005 2006.05.03 07:52:40 LOG5[4436:2436]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2006.05.03 07:52:40 LOG5[4436:4612]: No limit detected for the number of clients 2006.05.03 07:52:40 LOG7[4436:4612]: FD 192 in non-blocking mode 2006.05.03 07:52:40 LOG7[4436:4612]: SO_REUSEADDR option set on accept socket 2006.05.03 07:52:40 LOG7[4436:4612]: ldaps bound to 0.0.0.0:389 2006.05.03 07:52:40 LOG7[4436:4612]: FD 196 in non-blocking mode 2006.05.03 07:52:40 LOG7[4436:4612]: SO_REUSEADDR option set on accept socket 2006.05.03 07:52:40 LOG7[4436:4612]: imaps bound to 0.0.0.0:143 2006.05.03 07:52:40 LOG7[4436:4612]: FD 212 in non-blocking mode 2006.05.03 07:52:40 LOG7[4436:4612]: SO_REUSEADDR option set on accept socket 2006.05.03 07:52:40 LOG7[4436:4612]: https bound to 0.0.0.0:443 2006.05.03 07:52:50 LOG7[4436:4612]: ldaps accepted FD=220 from 127.0.0.1:2893 2006.05.03 07:52:50 LOG7[4436:4612]: Creating a new thread 2006.05.03 07:52:50 LOG7[4436:4612]: New thread created 2006.05.03 07:52:50 LOG7[4436:5780]: ldaps started 2006.05.03 07:52:50 LOG7[4436:5780]: FD 220 in non-blocking mode 2006.05.03 07:52:50 LOG7[4436:5780]: TCP_NODELAY option set on local socket 2006.05.03 07:52:50 LOG5[4436:5780]: ldaps connected from 127.0.0.1:2893 2006.05.03 07:52:50 LOG7[4436:5780]: FD 244 in non-blocking mode 2006.05.03 07:52:50 LOG7[4436:5780]: ldaps connecting 10.0.0.1:636 2006.05.03 07:52:50 LOG7[4436:5780]: connect_wait: waiting 10 seconds 2006.05.03 07:52:50 LOG7[4436:5780]: connect_wait: connected 2006.05.03 07:52:50 LOG7[4436:5780]: Remote FD=244 initialized 2006.05.03 07:52:50 LOG7[4436:5780]: TCP_NODELAY option set on remote socket 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): before/connect initialization 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write client hello A 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read server hello A 2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=1, /C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=DSI CA/emailAddress=admin@univ-savoie.fr 2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=1, /C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=DSI CA/emailAddress=admin@univ-savoie.fr 2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=1, /C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=DSI CA/emailAddress=admin@univ-savoie.fr 2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=0, /C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=ldap-bourget.univ-savoie.fr 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read server certificate A 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read server certificate request A 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read server done A 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write client certificate A 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write client key exchange A 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write certificate verify A 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write change cipher spec A 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write finished A 2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 flush data 2006.05.03 07:52:50 LOG7[4436:5780]: SSL alert (read): fatal: certificate unknown 2006.05.03 07:52:50 LOG3[4436:5780]: SSL_connect: 14094416: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown 2006.05.03 07:52:50 LOG5[4436:5780]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2006.05.03 07:52:50 LOG7[4436:5780]: ldaps finished (0 left)