> -----Original Message-----
> From: Herve Regad-Pellagru
> [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, September 19, 1999 1:29 PM
> To: [EMAIL PROTECTED]
> Subject: server/client authentication with stunnel
>
>
> Hi all !
>
> After trying many hours to get client/server authentication via
> certificate to work with stunnell-3.4a (openssl-0.9.4), I require
> some help from enlightened people.
>
> Here's what I did:
>
> - create a certificate authority (openssl req -new -x509
> -nodes -keyout keyCAcert.pem -out CAcert.pem)
>
> - create a certificate request (openssl req -new -nodes
> -keyout newkey.pem -out newreq.pem -days 365)
>
> - sign it with the certificate authority private key
> to form a server certificate (openssl ca -days 365 -keyfile
> keyCAcert.pem -cert CAcert.pem -policy policy_anything
> -in newreq.pem -out newcert.pem)
>
> - concatanate newkey.pem & newcert.pem in
> /usr/local/ssl/certs/stunnel.pem
>
> Now, everything works as long as I don't put -v 1 in stunnel (client
> side), that is, as long as I don't try to authenticate the server.
> When I try to do so, I get a
> "Sep 19 18:57:56 localhost stunnel[1753]: VERIFY ERROR: depth=0
> error=unable to get local issuer certificate: /C=FR/ST=Seine
> St-Denis/L=La Courneuve/O=No Company/CN=certificat
> serveur/Email=aucun", even if the client stunnel knows of the private
> and public keys (in /usr/local/ssl/certs/stunnel.pem) or public and
> private keys of the certificate authority ...
>
> Anyone has an idea on that ?
>
>
> Herve Regad-Pellagru
> (E-mail address: replace what is before '@' by 'regad' in the
> FROM line)
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]