[stunnel-users] Problem with 2048 bits SSL sertificate with stunnel

Georgi Georgiev gogo at dirbg.com
Mon Aug 23 13:48:12 CEST 2010


Hello to all,

 We get 2048 bits wildcard certificate for our domain *.domain.com .. And we
are using thawte as Certificate Authority . So they send as two certificates
..

 

One for SSL web and one intermediate certificate ..

 

The stunnel configuration is :

 

[https1]

cert = /etc/stunnel/domain.crt

CAfile = /etc/stunnel/domain.intermediate.crt

key = /etc/stunnel/domain.key.nopass

verify = 0

accept = x.x.x.x:443

connect = x.x.x.x:81

xforwardedfor=yes 

 

even I use verify = 0 some of our clients still complains that on some pages
( like blabla.domain.com ) server wants some of their private certificate to
be send to the server !!

and it's happens only with Internet Explorer 8.0 without verify and CAfile
commands IE 8.0 works fine but Mozilla Firefox claim that can find CA be
trusted !

 

wildcard certificate cannot be reissued with 1024 bits key . So is there
some mistake in my configuration ? 

If not what can I do about it ?

 

Thanks in advance ..

 

P.S.: version of stunnel is 4.20 with XForwardedFor patch ..

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20100823/8d849df8/attachment.html>


More information about the stunnel-users mailing list