[stunnel-users] Intermediate Cert validation problem

Eric McCombs seattime at sbcglobal.net
Wed Jan 31 21:12:27 CET 2007

I'm experiencing a problem validating intermediate cert on our Stunnel 

We are using Stunnel to forward IMAP, POP and SMTP SSL ports from our 
vpn server to our internal mail server. We originally used a self-signed 
cert on the vpn server.  When clients connect via Outlook, Outlook 
Express, Thunderbird and various cell phone mail programs they received 
a warning message (Unable to verify identity of xxx) about the 
self-signed cert.  To resolve this issue we purchased a SSL cert from 
Verisign to install on the vpn server. 

We generated the key and CSR and received the new cert from Verisign, 
which also requires an intermediate cert for verification.

We have tried various methods to have the certs validated, combining the 
key, intermediate cert and server cert in one file, pointing to the 
CA_file, etc. but continue to see the Unable to verify identity message.

Has anybody else encountered this problem and found a way to resolve the 

Thanks in advance.

Eric McCombs

More information about the stunnel-users mailing list