The command I use is:
stunnel -v 3 -a /usr/local/ssl/certs -d 993 -l /usr/sbin/imapd imapd
I also have copies of the certificates in /usr/local/ssl/certs and they are
created by using the "openssl x509 -hash......." which I understand is the
openssl version of c_hash.
I fixed one problem, but I still have others. I had left out the -a option.
I put that in and Netscape Communicator works but I have the same error
messages when I try to use Outlook Express.
-----Original Message-----
From: Brian Hatch [mailto:[EMAIL PROTECTED]]
Sent: Saturday, 6 November 1999 9:51
To: [EMAIL PROTECTED]
Cc: David Cittadini
Subject: Re: stunnel and client certificates for Netscape and
> I have installed stunnel and it seems to be working reasonably well. I
have
> also installed OpenSSL and I also seem to have the certificates working
well
> on that. I have compiled stunnel to use OpenSSL. I can get stunnel to
work
> when I set -v1 (requires only server certificate) but I have troubles
> with -v3 (requires client and server certificate). In my example I have
> setup stunnel to manage an IMAP connection. I have a client certificates
> installed in Netscape Communicator 4.7 and Microsoft Outlook 2000. If I
> call the IMAP server from Microsoft Outlook 2000 and it generates the
> following error on the server running stunnel:
Could you send the actual stunnel command you're running?
Do you have copies of the certificates in the directory which you've
specified in the '-a' argument?
Make sure they're named 'hash.0' (where hash is the hash of the cert,
just run the 'c_hash' script to determine it for you)
--
[EMAIL PROTECTED] "Never mind. Your
Systems and face just broke
Security Engineer the language barrier."
http://www.ifokr.org/bri
Every message PGP signed
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
