[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue
David Faizulaev
David.Faizulaev at nextnine.com
Tue May 17 15:24:38 CEST 2016
Logs messages are generated upon connection attempt.
Best Regards,
David.
David Faizulaev | PL/SQL Developer | T +972 (3) 767 3026 | M +972 (54) 7314687
Centralized OT Security Management for Distributed SCADA/ICS Networks
Please consider the environment before printing this e-mail
-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Ludolf Holzheid
Sent: Tuesday, May 17, 2016 4:22 PM
To: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue
On Tue, 2016-05-17 13:08:33 +0000, David Faizulaev wrote:
> Latest update:
> After further investigation, it became evident that Stunnel should run as client.
> Therefore, I've converted my existing certs file (from my application) into a PEM file.
> The file includes -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----.
>
> But I still get an error:
>
> 2016.05.17 15:57:24 LOG4[281]: CERT: Pre-verification error: self
> signed certificate in certificate chain
> 2016.05.17 15:57:24 LOG4[281]: Rejected by CERT at depth=1:
> CN=NextnineCA
> 2016.05.17 15:57:24 LOG3[281]: SSL_connect: 14090086:
> error:14090086:SSL routines:ssl3_get_server_certificate:certificate
> verify failed
>
> Here is the current configuration:
>
> [custom]
> client = yes
> accept = 127.0.0.1:8449
> connect = 192.168.220.62:443
> verify = 2
> CAfile = myapp.pem
David,
CAfile should point to a list of trusted certificates. The file(s) for your pair of certificate and key should be specified with cert=... (and key=..., if certificate and key are stored to separate files).
Are the log messages generated at stunnel startup or at connection establishment?
Ludolf
--
Ludolf Holzheid
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
Tel: +49 621 33996-0
Fax: +49 621 3392239
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list