[stunnel-users] CERT: Verification error: unable to get local issuer certificate

Vivek Gupta vivek at ltecindia.com
Tue Oct 7 07:35:49 CEST 2014


Hi

I am getting error -

Below is the log:
********************************
Service [LMAX-fix-tunnel-DEMO-MktData] connected remote server from
192.168.1.5:49819
Remote socket (FD=276) initialized
SNI: sending servername: fix-md-ate.lmaxtrader.com
SSL state (connect): before/connect initialization
SSL state (connect): SSLv3 write client hello A
SSL state (connect): SSLv3 read server hello A
Verification started at depth=1: C=US, O=DigiCert Inc, CN=DigiCert Secure
Server CA
CERT: Verification error: unable to get local issuer certificate
Rejected by CERT at depth=1: C=US, O=DigiCert Inc, CN=DigiCert Secure
Server CA
SSL alert (write): fatal: unknown CA
SSL_connect: 14090086: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
Remote socket (FD=276) closed
Local socket (FD=524) closed
Service [LMAX-fix-tunnel-DEMO-MktData] finished (0 left)
***************************************************

and below is the conf file:

************
; Certificate/key is needed in server mode and optional in client mode
;cert = stunnel.pem
;key = stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

verify = 3

CApath = C:\Program Files (x86)\stunnel\
CAfile = C:\Program Files (x86)\stunnel\peer-LMAX-fix-tunnel-DEMO-MktData.pem
;CRLpath = crls
;CRLfile = crls.pem

options = NO_SSLv2

************************************

Please suggest how to solve verification error.

Thanks &Regards
Vivek Gupta
9971514343


More information about the stunnel-users mailing list