[stunnel-users] Client Authentication - Configuring Service Definition

• Previous message (by thread): [stunnel-users] connect error 0 running on ARM platform
• Next message (by thread): [stunnel-users] stunnel and Calypso: pop3 works, smtp error!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Everyone,


I’m attempting to consume a web service that requires I authenticate the client using certificates. I was given a (.pfx) certificate locked with a password by the 3rd party vendor. I know I need to convert the current certificate I have into a (.pem) certificate, which I’ll use the openssl tools to accomplish this.

I’m a bit new to SSL and network security, thus I’m not entirely sure if I should only be creating a client certificate from the original (.pfx) file or if a server certificate will also need to get created.

I used the command: “pkcs12 –in certificate.pfx –out certificate.pem –nodes (–clcerts/-cacerts)” to create my pem certificate.



Here is my current configuration:

[SSLconnection]
debug = 7
CAfile = certificate.pem
client = yes
verify = 2
accept = 127.0.0.1:9001
connect = web.service.com:443


And the log: (I obscured some information identity
information)

2013.12.10 09:36:41 LOG5[9776:8488]: stunnel 4.56 on
x86-pc-msvc-1500 platform

2013.12.10 09:36:41 LOG5[9776:8488]: Compiled/running
with OpenSSL 1.0.1e-fips 11 Feb 2013

2013.12.10 09:36:41 LOG5[9776:8488]: Threading:WIN32
Sockets:SELECT,IPv6 SSL:ENGINE,OCSP,FIPS

2013.12.10 09:36:41 LOG5[9776:8488]: Reading
configuration from file stunnel.conf

2013.12.10 09:36:41 LOG5[9776:8488]: FIPS mode is enabled

2013.12.10 09:36:41 LOG5[9776:8488]: Configuration
successful

2013.12.10 09:36:44 LOG5[9776:9024]: Service [SSLconnection]
accepted connection from 127.0.0.1:60659

2013.12.10 09:36:44 LOG5[9776:9024]: connect_blocking:
connected web.service.com:443

2013.12.10 09:36:44 LOG5[9776:9024]: Service [SSLconnection]
connected remote server from 192.168.50.211:60660

2013.12.10 09:36:44 LOG5[9776:9024]: Certificate
accepted: depth=1, /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated
by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C

2013.12.10 09:36:44 LOG5[9776:9024]: Certificate
accepted: depth=1, /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated
by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C

2013.12.10 09:36:44 LOG4[9776:9024]: CERT: Certificate
not found in local repository

2013.12.10 09:36:44 LOG4[9776:9024]: Certificate check
failed: depth=0, /C=US/ST=Texas/L=Austin/O=OName/CN=web.service.com

2013.12.10 09:36:44 LOG3[9776:9024]: SSL_connect:
14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed

2013.12.10 09:36:44 LOG5[9776:9024]: Connection reset: 0
byte(s) sent to SSL, 0 byte(s) sent to socket



Looks like my problem is stemming from "Certificate
not found in local repository"?




Thank you in advance for any assistance,



Jake 		 	   		  

• Previous message (by thread): [stunnel-users] connect error 0 running on ARM platform
• Next message (by thread): [stunnel-users] stunnel and Calypso: pop3 works, smtp error!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]