[stunnel-users] certificate verify failed

Roman Tuchyna roman.tuchyna at gmail.com
Wed Jun 19 14:17:00 CEST 2013


Hi All,

I'm trying to create SSl tunnel between my server (Win 2008 R2, 4.56
version of stunnel) and remote application server - I have merged both
root and sub certificate into 1 file and it looks like it can verify
them and accept them as well, but then it tries to verify it at
depth=0 and says certificate not found in local repository. Am I
missing anything here ? (I modified messages to not disclose details
of certificates in the debug below).

Thank you!
BR,
Roman


2013.06.18 11:22:34 LOG7[272:2156]: Service [SZX] started

2013.06.18 11:22:34 LOG5[272:2156]: Service [SZX] accepted connection
from 127.0.0.1:49397

2013.06.18 11:22:34 LOG6[272:2156]: connect_blocking: connecting 10.254.0.21:443

2013.06.18 11:22:34 LOG7[272:2156]: connect_blocking: s_poll_wait
10.254.0.21:443: waiting 10 seconds

2013.06.18 11:22:34 LOG5[272:2156]: connect_blocking: connected 10.254.0.21:443

2013.06.18 11:22:34 LOG5[272:2156]: Service [SZX] connected remote
server from 192.168.20.23:49398

2013.06.18 11:22:34 LOG7[272:2156]: Remote socket (FD=396) initialized

2013.06.18 11:22:34 LOG7[272:2156]: SNI: sending servername: 10.254.0.21

2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect):
before/connect initialization

2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): SSLv3 write
client hello A

2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): SSLv3 read
server hello A

2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification:
depth=2, /CN=xxx RootCA

2013.06.18 11:22:34 LOG5[272:2156]: Certificate accepted: depth=2,
/CN=xxx RootCA

2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification:
depth=1, /CN=xxx

2013.06.18 11:22:34 LOG5[272:2156]: Certificate accepted: depth=1,
/CN=xxx SubCA1

2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification:
depth=0, /C=zzz

2013.06.18 11:22:34 LOG4[272:2156]: CERT: Certificate not found in
local repository

2013.06.18 11:22:34 LOG4[272:2156]: Certificate check failed: depth=0, /C=zzz

2013.06.18 11:22:34 LOG7[272:2156]: SSL alert (write): fatal:
certificate unknown

2013.06.18 11:22:34 LOG3[272:2156]: SSL_connect: 14090086:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed

2013.06.18 11:22:34 LOG5[272:2156]: Connection reset: 0 byte(s) sent
to SSL, 0 byte(s) sent to socket

2013.06.18 11:22:34 LOG7[272:2156]: Remote socket (FD=396) closed

2013.06.18 11:22:34 LOG7[272:2156]: Local socket (FD=376) closed

2013.06.18 11:22:34 LOG7[272:2156]: Service [SZX] finished (0 left)



More information about the stunnel-users mailing list