[stunnel-users] what's wrong? error=unable to get local issuer certificate

Michal Trojnara Michal.Trojnara at mirt.net
Tue Dec 29 16:46:45 CET 2009

Carsten Krüger wrote in a great report:

> I think it should work, * should match homie

It doesn't matter.  Stunnel does not attempt to perform any DNS checks.

> 1. connected with "openssl s_client -connect mail.neroon.com:995", pasted
> cert to dreamhost.pem

For some reason OpenSSL is not able to authenticate against this

$ openssl s_client -verify 1 -CAfile dreamhost.pem -connect
mail.neroon.com:995 2>&1 | head -4
verify depth is 1
/C=US/ST=California/L=Brea/O=Dreamhost.com/OU=Security/CN=*.mail.dreamhost.com/emailAddress=support at dreamhost.com
verify error:num=20:unable to get local issuer certificate
verify return:1

s_client tool is intended for testing only, so it displays the error and
than ignores it.  See the manual for details.

I guess there is either something wrong with the certificate or with

Best regards,

More information about the stunnel-users mailing list