[stunnel-users] routines:ssl3_read_bytes:sslv3 alert certificate unknown

Ziad Badawi ZiadR.B at gmail.com
Mon Dec 4 10:24:54 CET 2017


Greetings,

I am trying to capture clear text pcaps from client (browser) - server
(java appserver) traffic.

The java appserver is jboss using https. I'm running jboss and stunnel on
the same machine.

# stunnel.conf
debug = 3
foreground = yes
[jboss]
client = yes
cert= stunnel.pem # generated using makecert.sh
accept = 1234
connect = 127.0.0.1:443

Version:
stunnel 5.44 on x86_64-pc-linux-gnu platform
Compiled/running with OpenSSL 1.0.2k-fips  26 Jan 2017
Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

Global options:
RNDbytes               = 64
RNDfile                = /dev/urandom
RNDoverwrite           = yes

Service-level options:
ciphers                = FIPS (with "fips = yes")
ciphers                = HIGH:!DH:!aNULL:!SSLv2 (with "fips = no")
curve                  = prime256v1
debug                  = daemon.notice
logId                  = sequential
options                = NO_SSLv2
options                = NO_SSLv3
sessionCacheSize       = 1000
sessionCacheTimeout    = 300 seconds
stack                  = 65536 bytes
TIMEOUTbusy            = 300 seconds
TIMEOUTclose           = 60 seconds
TIMEOUTconnect         = 10 seconds
TIMEOUTidle            = 43200 seconds
verify                 = none

When I try to test it usng firefox by browsing to https://localhost:1234,
FF returns "Secure Connection Failed" and stunnel spits

2017.12.01 20:35:10 LOG3[0]: SSL_connect: 14094416: error:14094416:SSL
routines:ssl3_read_bytes:sslv3 alert certificate unknown

What am I missing / doing wrong?
Regards

Z
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20171204/9da211dd/attachment.html>


More information about the stunnel-users mailing list