Latest update: After further investigation, it became evident that Stunnel should run as client. Therefore, I've converted my existing certs file (from my application) into a PEM file. The file includes -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----.
But I still get an error: 2016.05.17 15:57:24 LOG4[281]: CERT: Pre-verification error: self signed certificate in certificate chain 2016.05.17 15:57:24 LOG4[281]: Rejected by CERT at depth=1: CN=NextnineCA 2016.05.17 15:57:24 LOG3[281]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Here is the current configuration: [custom] client = yes accept = 127.0.0.1:8449 connect = 192.168.220.62:443 verify = 2 CAfile = myapp.pem Best Regards, David. David Faizulaev | PL/SQL Developer | T +972 (3) 767 3026 | M +972 (54) 7314687 Centralized OT Security Management for Distributed SCADA/ICS Networks Please consider the environment before printing this e-mail -----Original Message----- From: stunnel-users [mailto:[email protected]] On Behalf Of Ludolf Holzheid Sent: Tuesday, May 17, 2016 2:38 PM To: [email protected] Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue On Tue, 2016-05-17 11:13:26 +0000, David Faizulaev wrote: > I see, I have a keystore file for the server, can it be set as KEY ? can I > convert keystore to PEM? I don't know. Some key/certificate repositories don't allow to export private keys. Maybe there is a PKCS11 plug-in for OpenSSL to access the keystore. If this is the case, you don't have to export your private key. But again, I don't know. > Additionally, I've thought about configuring Stunnel in client mode. > Here is the configuration: > [..] Running stunnel in client or server mode makes no difference w.r.t. certificate and key files. As long as stunnel is not able to access your private key, the client mode won't work either. HTH, Ludolf -- Ludolf Holzheid Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany Tel: +49 621 33996-0 Fax: +49 621 3392239 mailto:[email protected] http://www.bihl-wiedemann.de Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
