[stunnel-users] certificate authentications
John A. Wallace
jw72253 at verizon.net
Fri Jan 20 19:51:45 CET 2012
Hello. I want to repost this because I have heard nothing in response
although it was posted a few days ago. I am new to using this group and not
certain how long I should expect to wait. Excuse the reposting if I should
seem impatient, as I do not mean it in that way. But I do want to be sure
that I am posting it correctly too. Thanks.
From: stunnel-users-bounces at stunnel.org
[mailto:stunnel-users-bounces at stunnel.org] On Behalf Of John A. Wallace
Sent: Tuesday, January 17, 2012 3:03 AM
To: stunnel-users at stunnel.org
Subject: [stunnel-users] certificate authentications
I have two questions, which I think may be related, regarding how to use the
information from stunnel log. I use stunnel to connect to an SMTP server on
the internet from my home network, and in particular from my Windows laptop.
My stunnel version is this:
stunnel 4.50 on x86-pc-mingw32-gnu platform
Compiled/running with OpenSSL 0.9.8r-fips 8 Feb 2011
It works well for my purposes, and I can see, by using a program for
monitoring process and network connections, that the connections are now
secured as expected. However, I believe it can be made more secure if I can
utilize the certificate that is offered by the server, but I am not sure how
to make that happen.
In my stunnel log for the connection, I get this message:
Client-mode smtp protocol negotiations started
Client-mode smtp protocol negotiations succeeded
No peer certificate received
SSL connected: new session negotiated
Negotiated ciphers: ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
My first question is, how should I go about getting that "No peer
certificate received" issue corrected and how do I install it? Secondly,
when I issue this command at the cmd shell prompt:
openssl s_client -starttls smtp -connect host.server:port
The output is lengthy and it includes, among other things, clearly what is
identified as a certificate. I have been told that this is a good
certificate, and one that I should utilize for an authenticated connection.
So, my question is, is this the same certificate that I saw referenced in
the log as the "peer certificate", and how do I go about putting this
certificate where it belongs in my directory? I know how to copy it and save
it as a file, but where do I put it and should it have a special name?
If someone wants to direct me to the correct instruction for doing this,
that would be fine too. I am just looking for some pointers for assistance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users