[stunnel-users] Configuring VeriSign certificate with STunnel

Zubair Ali Mansoor zubair at 01systems.net
Wed Dec 21 10:31:51 CET 2011


Hi,

I got VeriSign Test SSL certificate. I have been trying to configure it with
STunnel. But there are errors in STunnel. I have placed private key and CA
signed certificate in a separate file named 'stunnel.pem'. Root and
Intermediate certificates have been placed in following order in a file
named 'ca.pem'

stunnel.pem

-----BEGIN RSA PRIVATE KEY-----
encrypted key
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
VeriSign signed certificate
-----END CERTIFICATE-----

ca.pem
-----BEGIN CERTIFICATE-----
VeriSign Intermediate CA Certificate
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
VeriSign Root CA Certificate
-----END CERTIFICATE-----

Here is stunnel.conf file. 

;key = server.key
cert = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
CAfile = ca.pem
;CAfile=zosIntermediate.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
output = stunnel.log

; Use it for client mode
client = no

I have also tried to change order of certificates but nothing is working.
Anyone have idea how it can work. Your cooperation will be highly
appreciated. 

Thanks,

Zubair

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20111221/31dd4a9d/attachment.html>


More information about the stunnel-users mailing list