[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

• Previous message (by thread): [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue
• Next message (by thread): [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Logs messages are generated upon connection attempt.

Best Regards,
David.



David Faizulaev | PL/SQL Developer | T  +972 (3) 767 3026 | M +972 (54) 7314687

Centralized OT Security Management for Distributed SCADA/ICS Networks

 Please consider the environment before printing this e-mail

-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Ludolf Holzheid
Sent: Tuesday, May 17, 2016 4:22 PM
To: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

On Tue, 2016-05-17 13:08:33 +0000, David Faizulaev wrote:
> Latest update:
> After further investigation, it became evident that Stunnel should run as client.
> Therefore, I've converted my existing certs file (from my application) into a PEM file.
> The file includes -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----.
> 
> But I still get an error:
> 
> 2016.05.17 15:57:24 LOG4[281]: CERT: Pre-verification error: self 
> signed certificate in certificate chain
> 2016.05.17 15:57:24 LOG4[281]: Rejected by CERT at depth=1: 
> CN=NextnineCA
> 2016.05.17 15:57:24 LOG3[281]: SSL_connect: 14090086: 
> error:14090086:SSL routines:ssl3_get_server_certificate:certificate 
> verify failed
> 
> Here is the current configuration:
> 
> [custom]
> client = yes
> accept = 127.0.0.1:8449
> connect = 192.168.220.62:443
> verify = 2
> CAfile = myapp.pem

David,

CAfile should point to a list of trusted certificates.  The file(s) for your pair of certificate and key should be specified with cert=... (and key=..., if certificate and key are stored to separate files).

Are the log messages generated at stunnel startup or at connection establishment?

Ludolf

-- 

Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

• Previous message (by thread): [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue
• Next message (by thread): [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]