[stunnel-users] need help for the error VERIFY ERROR ONLY MY: no cert fo (verify = 3)
Ludolf Holzheid
lholzheid at bihl-wiedemann.de
Tue Apr 26 18:06:19 CEST 2011
On Tue, 2011-04-26 17:00:06 +0200, laurent.uk at bnpparibas.com wrote:
> Hi,
>
> I tried to configure my STUNNEL server, with my client's software test but
> i always have the the following error :
>
> 2011.04.26 14:23:09 LOG4[1683500:258]: VERIFY ERROR ONLY MY: no cert for
> /C=ww/O=swift/OU=personalid/OU=bnpafrpp/CN=crl-3skey-ebics-ts
>
> [..]
>
> I tried to extract the public certificate from the crl-3skey-ebics-ts and
> add it in the keystore and in the folder /usr/local/ssl/certs/trusted/
>
> [..]
>
> verify = 3
> ; Don't forget to c_rehash CApath
> ; CApath is located inside chroot jail
> ;CApath = /opt/freeware/etc/stunnel/
> ; It's often easier to use CAfile
> CAfile = /opt/freeware/etc/stunnel/ca.pem
> ; Don't forget to c_rehash CRLpath
Laurent,
If you specify a CAfile in 'verify=3' mode, you need to add the
client's certificates to this file.
You could also store the client's certificates in PEM format files
(one file per certificate) in a directory stunnel can reach at
connection time. You have to specify the name of this directory as
CApath then (in contrast to CAfile), and you'll have to run c_rehash
on this directory.
Ludolf
--
---------------------------------------------------------------
Ludolf Holzheid Tel: +49 621 339960
Bihl+Wiedemann GmbH Fax: +49 621 3392239
Floßwörthstraße 41 e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------
More information about the stunnel-users
mailing list