[stunnel-users] using no certificate
jan.meijer at surfnet.nl
Mon Feb 14 10:09:00 CET 2005
On Mon, 14 Feb 2005, Zohar wrote:
> I am only interested in the data being encrypted. I tried setting this
> up, but the client complains that my server certificate cannot be
> authenticated (I produced it using http://www.stunnel.org/pem/). Any
> pointers on how to set such a thing up (even for the time being, while I
> develop), without having to pay lots of money to a CA ?
This is the infamous 'browser-popup' problem: the 'CA' that signed your
servers' certificate (in your case most likely a self-signed certificate
but that's the same problem) is not recognized by your clients.
As in: the client receives the server certificate, tries to verify it
against its repository of 'trusted CAs' and sees it can't do that. And
then generates the warning.
There are two ways to get rid of the message:
-get a server-certificate from a CA that is trusted by the clients; if you
only care about the encryption and just want to get rid of the popup get
a server-cert at http://www.freessl.com/, it will be ~40 euros.
-install the CA certificate that issued your server-cert (or your
server-cert itself) in all connecting clients
In your situation the first option might be cheapest.
More information about the stunnel-users