[stunnel-users] Using CA intyermediate on stunnel problem

josealf at rocketmail.com josealf at rocketmail.com
Tue Feb 8 13:05:39 CET 2011


Abdel,

I would do it like this:

1. In your cpanel.pem you should place only the host cert and key.
2. Uncomment your CAPath sentence.
3. Put rapidssl intermediate and root certs in /etc/stunnel/rapidssl
4. Run c_rehash . in /etc/stunnel/rapidssl

Let me know how it goes.

-----Original Message-----
From: Abdelkarim Mateos Sanchez <ceo at islaserver.com>
Sender: stunnel-users-bounces at stunnel.org
Date: Tue, 08 Feb 2011 10:01:46 
To: <stunnel-users at stunnel.org>
Reply-To: abkrim at tamainut.com
Subject: [stunnel-users] Using CA intyermediate on stunnel problem

Hi.

We are using RapidSSL certificate for my hosts.

We are using stunnel for ASSP (AntiSpam Proxy System)

We are trying use this certificate but get some errors. We are looking 
for solution but problem persist,

cert = /etc/stunnel/cpanel.pem
chroot = /usr/local/cpanel/var/run/stunnel-assp/
pid = /stunnel.pid
setuid = stunnel
setgid = stunnel
output = /var/log/stunnel.log
[ssmtp]
accept = 465
connect = 127.0.0.2:26
#CAfile = /etc/stunnel/cpanel.cabundle
#CApath = /etc/stunnel/rapidssl/

When try connect get this error

depth=0 
/serialNumber=cso/HwRW/nTj87jIivvttDvfpI7rUt2c/C=ES/O=genesis.islaserver.com/OU=GT15685418/OU=See 
www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - 
RapidSSL(R)/CN=genesis.islaserver.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 
/serialNumber=cso/HwRW/nTj87jIivvttDvfpI7rUt2c/C=ES/O=genesis.islaserver.com/OU=GT15685418/OU=See 
www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - 
RapidSSL(R)/CN=genesis.islaserver.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 
/serialNumber=cso/HwRW/nTj87jIivvttDvfpI7rUt2c/C=ES/O=genesis.islaserver.com/OU=GT15685418/OU=See 
www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - 
RapidSSL(R)/CN=genesis.islaserver.com
verify error:num=21:unable to verify the first certificate
verify return:1



Of /etc/stunnel/cpanel.pem there're

KEY and CERT for host
CA intermediate certificate for RapidSSL

I'm lost.


Apreciate help.



More information about the stunnel-users mailing list