[stunnel-users] Use SNI
Benjamin Hartwich
Benjamin.Hartwich at Uni-Passau.De
Mon Oct 31 15:10:09 CET 2016
Hi,
I´ve found the SNI parameter at stunnel, but it doesn´t work at my
Ubuntu 16.04.
My goal is, to use one dfn cert for the stunnel cert, which has 4
hostnames. This cert is on both servers. At the client server this
cert
works, because at the cert this is first hostname. At the second
server
I use the same cert, but it can´t be verified, because stunnel doesn´t
recognize the correct hostname from the cert.
Can anyone send me an example for a working SNI configuration?
My Configs:
Server one:
client = yes
cert = /etc/stunnel/cert.pem
service = test
debug = debug
output = /var/log/stunnel4/stunnel.log
foreground = no
sslVersion = TLSv1
options = NO_SSLv3
options = NO_SSLv2
CAfile = /etc/ssl/web/chain.pem
verify = 2
socket = r:TCP_NODELAY=1
[app1]
accept = localhost:8090
connect = 10.1.2.1:8085´
-----
Server 2 (fails):
client = no
cert = /etc/stunnel/cert.pem
service = test
debug = debug
output = /var/log/stunnel4/stunnel.log
sslVersion = TLSv1
options = NO_SSLv3
options = NO_SSLv2
foreground = no
CAfile = /etc/ssl/web/chain.pem
verify = 2
socket = l:TCP_NODELAY=1
[ajp]
accept = 8085
connect = 127.0.0.1:8009
---
Error:
2016.10.31 15:01:40 LOG7[9]: SNI: no virtual services defined
2016.10.31 15:01:40 LOG4[9]: CERT: Pre-verification error: unsupported
certificate purpose
Regards,
Benjamin Hartwich
Referat Basisdienste
Zentrum für Informationstechnologie und Medienmanagement
Universität Passau
Innstr. 33, 94032 Passau
Telefon +49 (0)851/509-3285,
Telefax +49 (0)851/509-1802
E-Mail: benjamin.hartwich at uni-passau.de
More information about the stunnel-users
mailing list