Hello all, I have had a good hunt around and am having trouble finding a solution. I am using stunnel to provide encrypted pop3 access to our mail server, and we have recently purchased a signed *.XXX.com certificate from godaddy. This has been great since I can use the same cert on all our servers, and this has worked cleanly with the webservices. However, I am having some issues with the stunnel and pop3 service. I am not entirely certain whether it is caused by the *.XXX.com certificate (although I think it unlikely) but was hoping someone more knowledgeable could enlighten me? I currently have stunnel configured thusly: stunnel -f \ -A /etc/stunnel/certs/sf_issuing.pem \ -p /etc/stunnel/certs/wildcard.XXX.com.stunnel.pem \ -r 127.0.0.1:110 Unfortunately my users are getting warnings, and using the openssl client I get: $ openssl s_client -connect mail.XXX.com:995 CONNECTED(00000003) depth=1 /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://www.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/[email protected] verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/O=*.XXX.com/OU=Domain Control Validated/CN=*.XXX.com i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://www.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/[email protected] 1 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://www.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/[email protected] i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//[email protected] --- Server certificate -----BEGIN CERTIFICATE----- [snip] -----END CERTIFICATE----- subject=/O=*.XXX.com/OU=Domain Control Validated/CN=*.XXX.com issuer=/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://www.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/[email protected] --- No client certificate CA names sent --- SSL handshake has read 2381 bytes and written 340 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 4E550C07BDA9661C4B532A28110E5616549CB9FA72D37E5C979E3C6579F8FB99 Session-ID-ctx: Master-Key: 2E588101AA098463FA40C0353009F5842FA19B1C3D48D9A0000EB2E241EFB70BB10D52FE9BC444344D49653B9FEB25F4 Key-Arg : None Start Time: 1148463445 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- I am positive this must have been covered before somewhere, but I haven't been able to find anything conclusive. Apologies if I'm covering well trodden ground :) TIA, -- Pritesh Mehta <[email protected]> Global Name Registry _____________________________________________________ Information contained herein is Global Name Registry Proprietary Information and/or Registry Sensitive Information and is made available to you because of your interest in or affiliation with our company. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Should you have received this email and are not an intended recipient, please delete this email in its entirety. Global Name Registry is registered with the Office of the UK Information Commissioner.