[stunnel-users] certificate root chain

• Previous message (by thread): [stunnel-users] certificate root chain, problem solved
• Next message (by thread): [stunnel-users] transparent mode in linux
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Olivier twist wrote:
> I have a server certificate signed by GlobalSign. I don't want to use client 
> certificate.
> But if I don't put the certification chain on the CAFILE of stunnel and 
> don't set verify at 1, stunnel doesn't check the server certification chain 
> and the server certificate appears broken on client side !!!
...
> cert = c:\certif\inTest.crt
> key = c:\certif\inTest.key
...
> CAfile = c:\certif\ca.pem

AFAIK the whole certificate chain from your server certificate up to the
CA certificate should be in inTest.crt (simply concatenate the PEM files).
The CAfile would be needed for client verification only.

• Previous message (by thread): [stunnel-users] certificate root chain, problem solved
• Next message (by thread): [stunnel-users] transparent mode in linux
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]