[stunnel-users] Cert errors ....... need help!
This is a discussion on [stunnel-users] Cert errors ....... need help! within the Stunnel Users forums, part of the Networking and Network Related category; Hi all, I have take over a stunnel install and all the clients certs have expired. I have been trying ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-17-2005
|
|||
|
|||
[stunnel-users] Cert errors ....... need help!
Hi all,
I have take over a stunnel install and all the clients certs have expired. I have been trying for the past 2 days to get the new step up to work but no such luck. Here is the error I get on the sever side, Linux Fedora Core 3, Stunnel 4.05: 2005.03.17 11:36:15 LOG7[12746:3086949296]: school4 started 2005.03.17 11:36:15 LOG5[12746:3086949296]: school4 connected from XXX.XXX.XXX.XX:1414 2005.03.17 11:36:15 LOG7[12746:3086949296]: SSL state (accept): before/accept initialization 2005.03.17 11:36:15 LOG7[12746:3086949296]: waitforsocket: FD=7, DIR=read 2005.03.17 11:36:15 LOG7[12746:3086949296]: waitforsocket: ok 2005.03.17 11:36:15 LOG7[12746:3086949296]: SSL state (accept): SSLv3 read client hello A 2005.03.17 11:36:15 LOG7[12746:3086949296]: SSL state (accept): SSLv3 write server hello A 2005.03.17 11:36:15 LOG7[12746:3086949296]: SSL state (accept): SSLv3 write certificate A 2005.03.17 11:36:15 LOG7[12746:3086949296]: SSL state (accept): SSLv3 write certificate request A 2005.03.17 11:36:15 LOG7[12746:3086949296]: SSL state (accept): SSLv3 flush data 2005.03.17 11:36:15 LOG7[12746:3086949296]: waitforsocket: FD=7, DIR=read 2005.03.17 11:36:18 LOG7[12746:3086949296]: waitforsocket: ok 2005.03.17 11:36:18 LOG7[12746:3086949296]: SSL alert (read): fatal: certificate unknown 2005.03.17 11:36:18 LOG3[12746:3086949296]: SSL_accept: 14094416: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown 2005.03.17 11:36:18 LOG7[12746:3086949296]: school4 finished (0 left) And here is the output on the client side: 005.03.17 11:21:02 LOG5[952:1264]: stunnel 4.04 on x86-pc-mingw32-gnu WIN32 with OpenSSL 0.9.7 31 Dec2002 2005.03.17 11:21:03 LOG5[952:896]: Peer certificate location (null) 2005.03.17 11:21:03 LOG5[952:896]: WIN32 platform: 30000 clients allowed 2005.03.17 11:21:03 LOG5[952:1152]: schools connected from 127.0.0.1:1413 2005.03.17 11:21:07 LOG5[952:1152]: VERIFY OK: depth=1, /C=CA/ST=XXX/L=XXX/O=XXX/OU=XXX CACERT/CN=sd.traf.mb.ca/emailAddress=sysadmin@XXXX 2005.03.17 11:21:07 LOG4[952:1152]: VERIFY ERROR ONLY MY: no cert for /C=CA/ST=XXX/O=XXXX/OU=STUNNEL SERVER CERT/CN=XXXXX/emailAddress=sysadmin@XXXX 2005.03.17 11:21:07 LOG3[952:1152]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed I have created the certs on both server and client according to the documents at http://www.stunnel.org/faq/openssl_s...ClientAuth.txt. I have the cacert.pem file on the cleint side, I have c_hashed the cert file on the server side. Do I need to out the c_hash of the server side cert on the client as well? Is there something I have missed? Any ideas as to what I can check to see where the issue is? I am desperate, any help would be greatly appreciated. Regards, +------------------------------------------+ | Richard Houston .^. | | R.L.H. Consulting /V\ | | E-Mail <rhouston@rlhc.net> /( )\ | | WWW <www.rlhc.net> ^^-^^ | +------------------------------------------+ _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 03:07 AM.
