[stunnel-users] certificate authentications
John A. Wallace
jw72253 at verizon.net
Tue Jan 17 10:02:58 CET 2012
I have two questions, which I think may be related, regarding how to use the
information from stunnel log. I use stunnel to connect to an SMTP server on
the internet from my home network, and in particular from my Windows laptop.
My stunnel version is this:
stunnel 4.50 on x86-pc-mingw32-gnu platform
Compiled/running with OpenSSL 0.9.8r-fips 8 Feb 2011
It works well for my purposes, and I can see, by using a program for
monitoring process and network connections, that the connections are now
secured as expected. However, I believe it can be made more secure if I can
utilize the certificate that is offered by the server, but I am not sure how
to make that happen.
In my stunnel log for the connection, I get this message:
Client-mode smtp protocol negotiations started
Client-mode smtp protocol negotiations succeeded
No peer certificate received
SSL connected: new session negotiated
Negotiated ciphers: ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
My first question is, how should I go about getting that "No peer
certificate received" issue corrected and how do I install it? Secondly,
when I issue this command at the cmd shell prompt:
openssl s_client -starttls smtp -connect host.server:port
The output is lengthy and it includes, among other things, clearly what is
identified as a certificate. I have been told that this is a good
certificate, and one that I should utilize for an authenticated connection.
So, my question is, is this the same certificate that I saw referenced in
the log as the "peer certificate", and how do I go about putting this
certificate where it belongs in my directory? I know how to copy it and save
it as a file, but where do I put it and should it have a special name?
If someone wants to direct me to the correct instruction for doing this,
that would be fine too. I am just looking for some pointers for assistance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users