Carsten Krüger wrote in a great report:
I think it should work, * should match homie
It doesn't matter. Stunnel does not attempt to perform any DNS checks.
1. connected with "openssl s_client -connect mail.neroon.com:995", pasted cert to dreamhost.pem
For some reason OpenSSL is not able to authenticate against this certificate: $ openssl s_client -verify 1 -CAfile dreamhost.pem -connect mail.neroon.com:995 2>&1 | head -4 verify depth is 1 depth=0 /C=US/ST=California/L=Brea/O=Dreamhost.com/OU=Security/CN=*.mail.dreamhost.com/[email protected] verify error:num=20:unable to get local issuer certificate verify return:1 s_client tool is intended for testing only, so it displays the error and than ignores it. See the manual for details. I guess there is either something wrong with the certificate or with OpenSSL. Best regards, Mike