[stunnel-users] Configuring VeriSign certificate with STunnel
Ludovic LEVET
llevet at ludosoft.org
Wed Dec 21 10:55:48 CET 2011
Hi,
Please provide us debug log info :
debug = 7
output = stunnel.log
Ludovic.
Le 21/12/2011 10:31, Zubair Ali Mansoor a écrit :
>
> Hi,
>
> I got VeriSign Test SSL certificate. I have been trying to configure
> it with STunnel. But there are errors in STunnel. I have placed
> private key and CA signed certificate in a separate file named
> 'stunnel.pem'. Root and Intermediate certificates have been placed in
> following order in a file named 'ca.pem'
>
> stunnel.pem
>
> -----BEGIN RSA PRIVATE KEY-----
> encrypted key
> -----END RSA PRIVATE KEY-----
>
> -----BEGIN CERTIFICATE-----
> VeriSign signed certificate
> -----END CERTIFICATE-----
>
> ca.pem
> -----BEGIN CERTIFICATE-----
> VeriSign Intermediate CA Certificate
> -----END CERTIFICATE-----
>
> -----BEGIN CERTIFICATE-----
> VeriSign Root CA Certificate
> -----END CERTIFICATE-----
>
> Here is stunnel.conf file.
>
> ;key = server.key
> cert = stunnel.pem
>
> ; Some performance tunings
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
>
> ; Workaround for Eudora bug
> ;options = DONT_INSERT_EMPTY_FRAGMENTS
>
> ; Authentication stuff
> verify = 2
> ; Don't forget to c_rehash CApath
> ;CApath = certs
> ; It's often easier to use CAfile
> CAfile = ca.pem
> ;CAfile=zosIntermediate.pem
> ; Don't forget to c_rehash CRLpath
> ;CRLpath = crls
> ; Alternatively you can use CRLfile
> ;CRLfile = crls.pem
>
> ; Some debugging stuff useful for troubleshooting
> ;debug = 7
> output = stunnel.log
>
> ; Use it for client mode
> client = no
>
> I have also tried to change order of certificates but nothing is
> working. Anyone have idea how it can work. Your cooperation will be
> highly appreciated.
>
> Thanks,
>
> Zubair
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20111221/2c9f997f/attachment.html>
More information about the stunnel-users
mailing list