Thanks for the reply. It seems that in between reboots, OpenSSL was updated, and stunnel was re-compiled and delivered with the newer OpenSSL on the server (AIX) side
2014.03.15 10:15:09 LOG5[3866990:1]: stunnel 4.32 on rs6000-ibm-aix with OpenSSL 0.9.8x 10 May 2012 2014.08.17 09:34:02 LOG5[41681886:1]: stunnel 4.32 on rs6000-ibm-aix with OpenSSL 1.0.1e 11 Feb 2013 Both client and server were c_rehash-ed, but the certs remain the same. I verified "Subject" field in both client and server certs on each end: On the client [root@skpkpsfseas02 ca_certs]# openssl x509 -text -in cert.pem | grep Subject Subject: C=US, ST=New Jersey, L=South Brunswick, O=Dow Jones and Company, OU=GBTS, CN= skpkpsfsdb01.dowjones.net/emailAddress=doug.eck...@dowjones.com Subject Public Key Info: X509v3 Subject Key Identifier: [root@skpkpsfseas02 ca_certs]# openssl x509 -text -in skpkpsfsdb01.dowjones.net.pem | grep Subject Subject: C=US, ST=New Jersey, L=South Brunswick, O=Dow Jones and Company, OU=GBTS, CN= skpkpsfsdb01.dowjones.net/emailAddress=doug.eck...@dowjones.com Subject Public Key Info: X509v3 Subject Key Identifier: On the server skpkpsfsdb01# openssl x509 -text -in skpkpsfseas02-client.dowjones.net.pem | grep Subject Subject: C=US, ST=New Jersey, L=South Brunswick, O=Dow Jones and Company, OU=SSL Client Authentication, CN= skpkpsfseas02.dowjones.net/emailAddress=doug.eck...@dowjones.com Subject Public Key Info: X509v3 Subject Key Identifier: skpkpsfsdb01# openssl x509 -text -in cert.pem | grep Subject Subject: C=US, ST=New Jersey, L=South Brunswick, O=Dow Jones and Company, OU=GBTS, CN= skpkpsfsdb01.dowjones.net/emailAddress=doug.eck...@dowjones.com Subject Public Key Info: X509v3 Subject Key Identifier: --Doug On Tue, Aug 19, 2014 at 1:10 PM, Salz, Rich <rs...@akamai.com> wrote: > > After a recent reboot, a previously working cert is now being rejected > with "NO X509_NAME". I can't set the log level higher on the AIX side to > get more detail. What are the most likely causes of the "NO X509_NAME" > error? > > Something changed in addition to the system rebooting. New software, new > configuration, and/or new certificate. > > The only cause of the message is that there is no "Subject" field in the > certificate. > > Find the cert that you are using, and look at it via "openssl x509 -text" > > /r$ > > -- > Principal Security Engineer > Akamai Technologies, Cambridge MA > IM: rs...@jabber.me Twitter: RichSalz > > -- *Doug Eckert* *Technical Architect* *Global Business Technology* *Dow Jones* | *A News Corporation Company* P.O. Box 300 | Princeton NJ 08543-0300 (W) 609.520.4993 (C) 732.666.3681 *Email: **doug.eck...@dowjones.com* <al...@dowjones.com>