> -----Original Message-----
> From: Herve Regad-Pellagru
> [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, September 19, 1999 1:29 PM
> To: [EMAIL PROTECTED]
> Subject: server/client authentication with stunnel
> 
> 
> Hi all !
> 
> After trying many hours to get client/server authentication via
> certificate to work with stunnell-3.4a (openssl-0.9.4), I require
> some help from enlightened people.
> 
> Here's what I did:
> 
>       - create a certificate authority (openssl req -new -x509
>       -nodes -keyout keyCAcert.pem -out CAcert.pem)
> 
>       - create a certificate request (openssl req  -new -nodes 
>       -keyout newkey.pem -out newreq.pem  -days 365)
> 
>       - sign it with the certificate authority private key
>       to form a server certificate (openssl ca -days 365 -keyfile
>       keyCAcert.pem -cert CAcert.pem -policy policy_anything
>       -in newreq.pem -out newcert.pem)
> 
>       - concatanate newkey.pem & newcert.pem in 
>       /usr/local/ssl/certs/stunnel.pem
> 
> Now, everything works as long as I don't put -v 1 in stunnel (client
> side), that is, as long as I don't try to authenticate the server. 
> When I try to do so, I get a 
> "Sep 19 18:57:56 localhost stunnel[1753]: VERIFY ERROR: depth=0
> error=unable to get local issuer certificate: /C=FR/ST=Seine
> St-Denis/L=La Courneuve/O=No Company/CN=certificat
> serveur/Email=aucun", even if the client stunnel knows of the private
> and public keys (in /usr/local/ssl/certs/stunnel.pem) or public and
> private keys of the certificate authority ...
> 
> Anyone has an idea on that ?
> 
> 
>  Herve Regad-Pellagru
> (E-mail address: replace what is before '@' by 'regad' in the 
> FROM line)
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to