[stunnel-users] Configuring VeriSign certificate with STunnel
Zubair Ali Mansoor
zubair at 01systems.net
Wed Dec 21 10:31:51 CET 2011
Hi,
I got VeriSign Test SSL certificate. I have been trying to configure it with
STunnel. But there are errors in STunnel. I have placed private key and CA
signed certificate in a separate file named 'stunnel.pem'. Root and
Intermediate certificates have been placed in following order in a file
named 'ca.pem'
stunnel.pem
-----BEGIN RSA PRIVATE KEY-----
encrypted key
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
VeriSign signed certificate
-----END CERTIFICATE-----
ca.pem
-----BEGIN CERTIFICATE-----
VeriSign Intermediate CA Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
VeriSign Root CA Certificate
-----END CERTIFICATE-----
Here is stunnel.conf file.
;key = server.key
cert = stunnel.pem
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff
verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
CAfile = ca.pem
;CAfile=zosIntermediate.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem
; Some debugging stuff useful for troubleshooting
;debug = 7
output = stunnel.log
; Use it for client mode
client = no
I have also tried to change order of certificates but nothing is working.
Anyone have idea how it can work. Your cooperation will be highly
appreciated.
Thanks,
Zubair
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20111221/31dd4a9d/attachment.html>
More information about the stunnel-users
mailing list