On Tue, 2016-05-17 13:08:33 +0000, David Faizulaev wrote: > Latest update: > After further investigation, it became evident that Stunnel should run as > client. > Therefore, I've converted my existing certs file (from my application) into a > PEM file. > The file includes -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----. > > But I still get an error: > > 2016.05.17 15:57:24 LOG4[281]: CERT: Pre-verification error: self signed > certificate in certificate chain > 2016.05.17 15:57:24 LOG4[281]: Rejected by CERT at depth=1: CN=NextnineCA > 2016.05.17 15:57:24 LOG3[281]: SSL_connect: 14090086: error:14090086:SSL > routines:ssl3_get_server_certificate:certificate verify failed > > Here is the current configuration: > > [custom] > client = yes > accept = 127.0.0.1:8449 > connect = 192.168.220.62:443 > verify = 2 > CAfile = myapp.pem
David, CAfile should point to a list of trusted certificates. The file(s) for your pair of certificate and key should be specified with cert=... (and key=..., if certificate and key are stored to separate files). Are the log messages generated at stunnel startup or at connection establishment? Ludolf -- Ludolf Holzheid Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany Tel: +49 621 33996-0 Fax: +49 621 3392239 mailto:[email protected] http://www.bihl-wiedemann.de Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
