Hi,
I got VeriSign Test SSL certificate. I have been trying to configure it with STunnel. But there are errors in STunnel. I have placed private key and CA signed certificate in a separate file named 'stunnel.pem'. Root and Intermediate certificates have been placed in following order in a file named 'ca.pem'
stunnel.pem
-----BEGIN RSA PRIVATE KEY----- encrypted key -----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE----- VeriSign signed certificate -----END CERTIFICATE-----
ca.pem -----BEGIN CERTIFICATE----- VeriSign Intermediate CA Certificate -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- VeriSign Root CA Certificate -----END CERTIFICATE-----
Here is stunnel.conf file.
;key = server.key cert = stunnel.pem
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff verify = 2 ; Don't forget to c_rehash CApath ;CApath = certs ; It's often easier to use CAfile CAfile = ca.pem ;CAfile=zosIntermediate.pem ; Don't forget to c_rehash CRLpath ;CRLpath = crls ; Alternatively you can use CRLfile ;CRLfile = crls.pem
; Some debugging stuff useful for troubleshooting ;debug = 7 output = stunnel.log
; Use it for client mode client = no
I have also tried to change order of certificates but nothing is working. Anyone have idea how it can work. Your cooperation will be highly appreciated.
Thanks,
Zubair
Hi,
Please provide us debug log info :
debug = 7 output = stunnel.log
Ludovic.
Le 21/12/2011 10:31, Zubair Ali Mansoor a écrit :
Hi,
I got VeriSign Test SSL certificate. I have been trying to configure it with STunnel. But there are errors in STunnel. I have placed private key and CA signed certificate in a separate file named 'stunnel.pem'. Root and Intermediate certificates have been placed in following order in a file named 'ca.pem'
stunnel.pem
-----BEGIN RSA PRIVATE KEY----- encrypted key -----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE----- VeriSign signed certificate -----END CERTIFICATE-----
ca.pem -----BEGIN CERTIFICATE----- VeriSign Intermediate CA Certificate -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- VeriSign Root CA Certificate -----END CERTIFICATE-----
Here is stunnel.conf file.
;key = server.key cert = stunnel.pem
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff verify = 2 ; Don't forget to c_rehash CApath ;CApath = certs ; It's often easier to use CAfile CAfile = ca.pem ;CAfile=zosIntermediate.pem ; Don't forget to c_rehash CRLpath ;CRLpath = crls ; Alternatively you can use CRLfile ;CRLfile = crls.pem
; Some debugging stuff useful for troubleshooting ;debug = 7 output = stunnel.log
; Use it for client mode client = no
I have also tried to change order of certificates but nothing is working. Anyone have idea how it can work. Your cooperation will be highly appreciated.
Thanks,
Zubair
-
Ludovic LEVET -
Zubair Ali Mansoor