[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

Tue May 17 15:21:34 CEST 2016

On Tue, 2016-05-17 13:08:33 +0000, David Faizulaev wrote:
> Latest update:
> After further investigation, it became evident that Stunnel should run as client.
> Therefore, I've converted my existing certs file (from my application) into a PEM file.
> The file includes -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----.
> 
> But I still get an error:
> 
> 2016.05.17 15:57:24 LOG4[281]: CERT: Pre-verification error: self signed certificate in certificate chain
> 2016.05.17 15:57:24 LOG4[281]: Rejected by CERT at depth=1: CN=NextnineCA
> 2016.05.17 15:57:24 LOG3[281]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
> 
> Here is the current configuration:
> 
> [custom]
> client = yes
> accept = 127.0.0.1:8449
> connect = 192.168.220.62:443
> verify = 2
> CAfile = myapp.pem

David,

CAfile should point to a list of trusted certificates.  The file(s)
for your pair of certificate and key should be specified with
cert=... (and key=..., if certificate and key are stored to separate
files).

Are the log messages generated at stunnel startup or at connection
establishment?

Ludolf

-- 

Ludolf Holzheid

Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany

Tel: +49 621 33996-0
Fax: +49 621 3392239

mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de

Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796