[stunnel-users] what's wrong? error=unable to get local issuer certificate

• Previous message (by thread): [stunnel-users] what's wrong? error=unable to get local issuer certificate
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Carsten Krüger wrote in a great report:

> I think it should work, * should match homie

It doesn't matter.  Stunnel does not attempt to perform any DNS checks.

> 1. connected with "openssl s_client -connect mail.neroon.com:995", pasted
> cert to dreamhost.pem

For some reason OpenSSL is not able to authenticate against this
certificate:

$ openssl s_client -verify 1 -CAfile dreamhost.pem -connect
mail.neroon.com:995 2>&1 | head -4
verify depth is 1
depth=0
/C=US/ST=California/L=Brea/O=Dreamhost.com/OU=Security/CN=*.mail.dreamhost.com/emailAddress=support at dreamhost.com
verify error:num=20:unable to get local issuer certificate
verify return:1

s_client tool is intended for testing only, so it displays the error and
than ignores it.  See the manual for details.

I guess there is either something wrong with the certificate or with
OpenSSL.

Best regards,
Mike

• Previous message (by thread): [stunnel-users] what's wrong? error=unable to get local issuer certificate
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]