<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi, <br>
I want to use stunnel to enable ssl on port 995.<br>
Unfortunately, I got "<span style="color: rgb(51, 51, 51);
font-family: UbuntuLight, Arial, sans-serif; font-size: 14px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: 22px; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; display: inline !important; float:
none;">SSL error: Unable to verify the first certificate." when
using the gmail pop3 retrieval<br>
My Certificate is signed by wosign and included in the mozialla
truststore list.<br>
<a class="moz-txt-link-freetext" href="https://www.ssllabs.com/ssltest/analyze.html">https://www.ssllabs.com/ssltest/analyze.html</a> gives me a grad A for
my apache configuration and chrome and firefox are also fine with
this certificate. So it's no self signed one.<br>
<br>
For a test I have configured stunnel to serve https. I get than
the message that the chain is incomplete.<br>
According to
<a class="moz-txt-link-freetext" href="https://www.digicert.com/ssl-support/gmail-pop3-troubleshooting.htm">https://www.digicert.com/ssl-support/gmail-pop3-troubleshooting.htm</a>
this could be one reason for this error.<br>
<br>
My Apache-config looks like this<br>
SSLCertificateFile /etc/apache2/ssl/mydomain.crt<br>
SSLCertificateKeyFile /etc/apache2/ssl//mydomain.key<br>
SSLCertificateChainFile /etc/apache2/ssl/1_root_bundle.crt<br>
SSLCACertificateFile /etc/apache2/ssl/ca-certs.pem<br>
<br>
for stunnel I used<br>
<br>
cert = </span><span style="color: rgb(51, 51, 51); font-family:
UbuntuLight, Arial, sans-serif; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: 22px; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none;"><span style="color:
rgb(51, 51, 51); font-family: UbuntuLight, Arial, sans-serif;
font-size: 14px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: 22px;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display:
inline !important; float: none;">/etc/apache2/ssl/mydomain.crt <br>
</span>key = </span><span style="color: rgb(51, 51, 51);
font-family: UbuntuLight, Arial, sans-serif; font-size: 14px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: 22px; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; display: inline !important; float:
none;"><span style="color: rgb(51, 51, 51); font-family:
UbuntuLight, Arial, sans-serif; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: 22px; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; display: inline !important;
float: none;">/etc/apache2/ssl//mydomain.key</span><br>
CAfile = </span><span style="color: rgb(51, 51, 51); font-family:
UbuntuLight, Arial, sans-serif; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: 22px; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none;"><span style="color:
rgb(51, 51, 51); font-family: UbuntuLight, Arial, sans-serif;
font-size: 14px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: 22px;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display:
inline !important; float: none;">/etc/apache2/ssl/</span>1_root_bundle.crt
or </span><span style="color: rgb(51, 51, 51); font-family:
UbuntuLight, Arial, sans-serif; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: 22px; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none;"><span style="color:
rgb(51, 51, 51); font-family: UbuntuLight, Arial, sans-serif;
font-size: 14px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: 22px;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display:
inline !important; float: none;">ca-certs.pem</span> (I have
tried both).<br>
<br>
What is the a similar configuration in stunnel?<br>
<br>
The Post
<a class="moz-txt-link-freetext" href="https://www.stunnel.org/pipermail/stunnel-users/2010-February/002594.html">https://www.stunnel.org/pipermail/stunnel-users/2010-February/002594.html</a>
mentioned, that the chain must be completely in the crt-file.<br>
But a description how to achieve this is missing and I found no
other resources describing this. <br>
<br>
Thanks a lot<br>
Tobias <br>
</span>
</body>
</html>