[stunnel-users] Cert errors ....... need help!
Jan Meijer
jan.meijer at surfnet.nl
Thu Mar 17 20:42:57 CET 2005
On Thu, 17 Mar 2005, Richard Houston wrote:
> I have replace the keys alreay. These are new keys altogether.
It's not the keys that are wrong, they're in the wrong places. The verify
failure indicates just that: both server and client have problems
verifying the authenticity of oneanother.
Now try this.
At the server side:
-change verify in '=2'
At the client side:
Make sure the client certificate is not commented out as it looks like in
your config:
> CApath=c:\stunnel
> #cert=c:\stunnel\traf-test.pem
Without a certificate at the client side there's no way the client will
ever authenticate to your 'verify = 2' server.
Secondly; remove the 'CAPath' directive from your client configuration and
add the 'CAfile = /etc/stunnel/cacert.pem' to it. Do make sure you copy
the cacert.pem to your client ;).
I trust you did not include the private key of your CA in cacert.pem ;).
Let me know what happens.
Jan
--
http://www.surfnet.nl/organisatie/jame
More information about the stunnel-users
mailing list