[stunnel-users] VeriSign Intermediate CA Certificate issue.

Unai Rodriguez me at u-journal.org
Thu Nov 22 11:06:07 CET 2007


Dear All,

I am trying to set an https layer using stunnel. I am having problems 
with the intermediary certificate since it appears broken to the user. 
You may find a screenshot here:

http://u-journal.org/stunnel/Root_Cert_Err.jpg

My stunnel version is: 3.26 running on Debian 3.1

I run stunnel as standalone with this parameters:

stunnel -d 10.123.16.103:443 -D 7 -R /etc/ssl/certs/stunnel.rnd \
	-p /etc/ssl/certs/stunnel.pem -o /var/log/stunnel/stunnel.log \
		-r 10.123.16.103:80 -N https

You may find the output of my stunnel -V here:
http://pastebin.ca/793495

uname -a: Linux lb2-dp-vm 2.6.8-3-686 #1 Tue Dec 5 21:26:38 UTC 2006 
i686 GNU/Linux

openssl version: OpenSSL 0.9.7e 25 Oct 2004

So, if I create my /etc/ssl/certs/stunnel.pem file like this:

-----BEGIN RSA PRIVATE KEY-----
rsa_priv_key
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
secured.behringer.com_certificate
-----END CERTIFICATE-----

-- OR --

-----BEGIN RSA PRIVATE KEY-----
rsa_priv_key
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
secured.behringer.com_certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
VeriSign Intermediate CA Certificate
(https://www.verisign.com.sg/support/ssl/install/intermediate/secure.shtml)
-----END CERTIFICATE-----

I get the mentioned error. If I create the /etc/ssl/certs/stunnel.pem 
like this:

-----BEGIN RSA PRIVATE KEY-----
rsa_priv_key
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
VeriSign Intermediate CA Certificate
(https://www.verisign.com.sg/support/ssl/install/intermediate/secure.shtml)
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
secured.behringer.com_certificate
-----END CERTIFICATE-----

I get the error:
"[...] X509_check_private_key:key values mismatch"

You may see the log here:
http://pastebin.ca/793500

Any clues on what am I doing wrong?

Thank you so much!
unai



More information about the stunnel-users mailing list