[stunnel-users] verify = 3 error with certificate client

This is a discussion on [stunnel-users] verify = 3 error with certificate client within the Stunnel Users forums, part of the Networking and Network Related category; This is a multi-part message in MIME format. --===============2029690318== Content-Type: multipart/alternative; boundary="----=_NextPart_000_0991_01C51B42.1D876090" This ...


Go Back   Usenet Forums > Networking and Network Related > Stunnel Users

Reload this Page [stunnel-users] verify = 3 error with certificate client

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-25-2005
Humberto Morell
 
Posts: n/a
Default [stunnel-users] verify = 3 error with certificate client
This is a multi-part message in MIME format.

--===============2029690318==
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0991_01C51B42.1D876090"

This is a multi-part message in MIME format.

------=_NextPart_000_0991_01C51B42.1D876090
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello List
I have stunnel 4.7
In the messages of the list I have not seen solution to my problem.
This is VERIFY ERROR ONLY MY: no cert=20

stunnel.log in Server
##################
2005.02.25 07:55:07 LOG5[2501:1076546480]: VERIFY OK: depth=3D1, =
/C=3DCU/ST=3DCiudad Habana/L=3DCentro =
Habana/O=3DSegurmatica/OU=3DAgencia de =
Certificacion/CN=3DSegurmatica/emailAddress=3Dca@segurmatica.cu
2005.02.25 07:55:07 LOG4[2501:1076546480]: VERIFY ERROR ONLY MY: no cert =
for /C=3DCU/ST=3DCiudad Habana/L=3DCentro Habana/O=3DMinisterio =
Informatica y Comunicaciones/OU=3DSegurmatica/CN=3DHumberto =
Morell/emailAddress=3Dmorell@seg.inf.cu
2005.02.25 07:55:07 LOG7[2501:1076546480]: SSL alert (write): fatal: =
certificate unknown
#############

stunnel.conf in Server
##############
#chroot =3D /var/lib/stunnel/
verify =3D 3
CApath =3D /etc/stunnel/certdb
# or simply use CAfile instead:
#CAfile =3D /etc/stunnel/certs.pem
CAfile =3D /etc/stunnel/acsegurmatica.crt
#cert =3D /etc/stunnel/stunnel.pem
cert =3D /etc/stunnel/certstunnel.pem
#################

File in /etc/stunnel
###############
certdb morell.pem stunnel.prueba.pem certstunnel.pem =
stunnel.conf
acsegurmatica.crt morell.crt stunnel.log
certclient morell.key stunnel.pem
###############

Link in /etc/stunnel/certdb
###############
drwxr-xr-x 2 root root 176 Feb 25 11:06 .
drwx------ 4 root root 472 Feb 25 10:52 ..
lrwxrwxrwx 1 root root 24 Feb 25 11:00 2307a3fe.0 -> =
/etc/stunnel/stunnel.pem
lrwxrwxrwx 1 root root 30 Feb 25 11:01 3f5b7ca8.0 -> =
/etc/stunnel/acsegurmatica.crt
lrwxrwxrwx 1 root root 23 Feb 25 11:03 3fb3183e.0 -> =
/etc/stunnel/morell.pem
lrwxrwxrwx 1 root root 28 Feb 25 11:06 d14abd18.0 -> =
/etc/stunnel/certstunnel.pem
#################

client in Windows stunnel.conf
##############
client =3D yes=20
cert =3D d:\morell.pem
debug =3D 7
output =3D d:\stunnel.log
[lsd]=20
accept =3D 9595=20
connect =3D 10.10.1.83:9500
[ssh]
accept =3D 2222
connect =3D 10.10.1.83:9522
#####################
Note:
I don't use chroot
I have try, but idem error with.
File morell.pem only client certificate and other time file morell.pem=20
Key private
crl
Certificate=20

With verify =3D 2 all is ok

Please help
Best regards
Morell

------=_NextPart_000_0991_01C51B42.1D876090
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>
<DIV>Hello List</DIV>
<DIV>I have stunnel 4.7</DIV>
<DIV>In the messages of the list I have not seen solution to my =
problem.</DIV>
<DIV>This is VERIFY ERROR ONLY MY: no cert </DIV>
<DIV>&nbsp;</DIV>
<DIV>stunnel.log in Server</DIV>
<DIV>##################</DIV>
<DIV>2005.02.25 07:55:07 LOG5[2501:1076546480]: VERIFY OK: depth=3D1,=20
/C=3DCU/ST=3DCiudad Habana/L=3DCentro =
Habana/O=3DSegurmatica/OU=3DAgencia de <A=20
href=3D"mailto:Certificacion/CN=3DSegurmatica/emailAddress=3Dca@segurmati=
ca.cu">Certificacion/CN=3DSegurmatica/emailAddress=3Dca@segurmatica.cu</A=
><BR>2005.02.25=20
07:55:07 LOG4[2501:1076546480]: VERIFY ERROR ONLY MY: no cert for=20
/C=3DCU/ST=3DCiudad Habana/L=3DCentro Habana/O=3DMinisterio Informatica =
y=20
Comunicaciones/OU=3DSegurmatica/CN=3DHumberto <A=20
href=3D"mailto:Morell/emailAddress=3Dmorell@seg.inf.cu">Morell/emailAddre=
ss=3Dmorell@seg.inf.cu</A><BR>2005.02.25=20
07:55:07 LOG7[2501:1076546480]: SSL alert (write): fatal: certificate=20
unknown<BR>#############</DIV>
<DIV>&nbsp;</DIV>
<DIV>stunnel.conf&nbsp;&nbsp; in Server</DIV>
<DIV>##############</DIV>
<DIV>#chroot =3D /var/lib/stunnel/<BR>verify =3D 3<BR>CApath =3D=20
/etc/stunnel/certdb<BR># or simply use CAfile instead:<BR>#CAfile =3D=20
/etc/stunnel/certs.pem<BR>CAfile =3D =
/etc/stunnel/acsegurmatica.crt<BR>#cert =3D=20
/etc/stunnel/stunnel.pem<BR>cert =3D=20
/etc/stunnel/certstunnel.pem<BR>#################</DIV>
<DIV>&nbsp;</DIV>
<DIV>File in /etc/stunnel</DIV>
<DIV>###############</DIV>
<DIV><FONT=20
color=3D#0000ff>certdb</FONT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;=20
morell.pem&nbsp;&nbsp;&nbsp; =
stunnel.prueba.pem&nbsp;certstunnel.pem&nbsp;=20
stunnel.conf<BR>acsegurmatica.crt&nbsp;=20
morell.crt&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stunnel.log<BR><FONT=20
color=3D#0000ff>certclient&nbsp;</FONT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;=20
morell.key&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stunnel.pem</DIV>
<DIV>###############</DIV>
<DIV>&nbsp;</DIV>
<DIV>Link in /etc/stunnel/certdb</DIV>
<DIV>###############</DIV>
<DIV>drwxr-xr-x&nbsp; 2 root root 176 Feb 25 11:06 .<BR>drwx------&nbsp; =
4 root=20
root 472 Feb 25 10:52 ..<BR>lrwxrwxrwx&nbsp; 1 root root&nbsp; 24 Feb 25 =
11:00=20
2307a3fe.0 -&gt; /etc/stunnel/stunnel.pem<BR>lrwxrwxrwx&nbsp; 1 root =
root&nbsp;=20
30 Feb 25 11:01 3f5b7ca8.0 -&gt;=20
/etc/stunnel/acsegurmatica.crt<BR>lrwxrwxrwx&nbsp; 1 root root&nbsp; 23 =
Feb 25=20
11:03 3fb3183e.0 -&gt; /etc/stunnel/morell.pem<BR>lrwxrwxrwx&nbsp; 1 =
root=20
root&nbsp; 28 Feb 25 11:06 d14abd18.0 -&gt;=20
/etc/stunnel/certstunnel.pem<BR>#################</DIV>
<DIV>&nbsp;</DIV>
<DIV>client in Windows stunnel.conf</DIV>
<DIV>##############</DIV>
<DIV>client =3D yes&nbsp;<BR>cert =3D d:\morell.pem<BR>debug =3D =
7<BR>output =3D=20
d:\stunnel.log</DIV>
<DIV>[lsd] <BR>accept =3D 9595 <BR>connect =3D =
10.10.1.83:9500<BR>[ssh]<BR>accept =3D=20
2222<BR>connect =3D 10.10.1.83:9522</DIV>
<DIV>#####################<BR>Note:</DIV>
<DIV>I don't use chroot</DIV>
<DIV>I have try, but idem error with.</DIV>
<DIV>File&nbsp;morell.pem only client certificate and other time file =
morell.pem=20
</DIV>
<DIV>Key private</DIV>
<DIV>crl</DIV>
<DIV>Certificate </DIV>
<DIV>&nbsp;</DIV>
<DIV>With verify =3D 2 all is ok</DIV>
<DIV>&nbsp;</DIV>
<DIV>Please help</DIV>
<DIV>Best regards</DIV>
<DIV>Morell</DIV></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0991_01C51B42.1D876090--



--===============2029690318==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users

--===============2029690318==--


Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:02 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0