[stunnel-users] Problem with 2048 bits SSL sertificate with stunnel

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Mon Aug 23 14:23:11 CEST 2010


On Mon, 2010-08-23 14:48:12 +0300, Georgi Georgiev wrote:
> Hello to all,
> 
>  We get 2048 bits wildcard certificate for our domain *.domain.com .. And we
> are using thawte as Certificate Authority . So they send as two certificates
> ..
> 
>  
> 
> One for SSL web and one intermediate certificate ..
> 
>  
> 
> The stunnel configuration is :
> 
>  
> 
> [https1]
> 
> cert = /etc/stunnel/domain.crt
> 
> CAfile = /etc/stunnel/domain.intermediate.crt

Georgi,

I think here is the misunderstanding: The 'cert' file is expected to
contain the whole certificate chain, i.e. all three certificates, CA,
intermediate and domain (see the man page).

The 'CAfile' is for additional certificates needed to verify the
client's certificates (if presented or verification is required).

HTH,

Ludolf

-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Floßwörthstraße 41          e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------




More information about the stunnel-users mailing list