[stunnel-users] CN field of server cert
Michal Trojnara
Michal.Trojnara at mobi-com.net
Mon May 16 09:00:36 CEST 2005
spambox at poczta.onet.pl wrote:
> Is there any difference between:
> - CAfile which contains ThawteServerCA and peer cert
> - CApatch with ddc328ff.0 (ThawteServerCA) and 313fe585.0 (smtp.gmail.com
> peer cert) files
There's no difference other than CAfile is a bit easier to setup while
CApath allows to add certificates without restarting stunnel.
>> No. You should download the peer certificate and verify it with
>> verify=3.
> Instead of downloading can I obtain this peer cert this way?
> $ openssl s_client -connect smtp.gmail.com:465
Yes. That's the recommended way to download a certificate from an SSL
server.
Best regards,
Mike
More information about the stunnel-users
mailing list