[stunnel-users] what's wrong? error=unable to get local issuer certificate
Michal Trojnara
Michal.Trojnara at mirt.net
Tue Dec 29 16:46:45 CET 2009
Carsten Krüger wrote in a great report:
> I think it should work, * should match homie
It doesn't matter. Stunnel does not attempt to perform any DNS checks.
> 1. connected with "openssl s_client -connect mail.neroon.com:995", pasted
> cert to dreamhost.pem
For some reason OpenSSL is not able to authenticate against this
certificate:
$ openssl s_client -verify 1 -CAfile dreamhost.pem -connect
mail.neroon.com:995 2>&1 | head -4
verify depth is 1
depth=0
/C=US/ST=California/L=Brea/O=Dreamhost.com/OU=Security/CN=*.mail.dreamhost.com/emailAddress=support at dreamhost.com
verify error:num=20:unable to get local issuer certificate
verify return:1
s_client tool is intended for testing only, so it displays the error and
than ignores it. See the manual for details.
I guess there is either something wrong with the certificate or with
OpenSSL.
Best regards,
Mike
More information about the stunnel-users
mailing list