[stunnel-users] How to install CA at client side?
ifoolb at gmail.com
Tue Sep 15 09:32:56 CEST 2015
Hello Stunnel maintainers,
I try to use real certificates of my web server for stunnel. I combine
private key, my site's cert, and ca-bundle into a pem file, and it works
fine when the client doesn't verify any certificate. Then I specify CAfile
which is the ca bundle file from my registrar, at client side and turn on
verification and always get errors below, whatever level 2 or 3:
Sep 15 14:53:28 y400 stunnel: LOG5: Service [http-proxy3]
connected remote server from 192.168.1.104:45746
Sep 15 14:53:28 y400 stunnel: LOG4: CERT: Pre-verification
error: unable to get issuer certificate
Sep 15 14:53:28 y400 stunnel: LOG4: Rejected by CERT at depth=2:
However, level 4 works. I want to prevent man-in-middle-attack, so can
level 4 achieve that regarding to my current setup?
Both server and client side use stunnel 5.17 which are fairly recent.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users