Re: [stunnel-users] Cert errors ....... need help!
This is a discussion on Re: [stunnel-users] Cert errors ....... need help! within the Stunnel Users forums, part of the Networking and Network Related category; On Thu, 17 Mar 2005, Richard Houston wrote: > I have replace the keys alreay. These are new keys altogether. ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-17-2005
|
|||
|
|||
Re: [stunnel-users] Cert errors ....... need help!
On Thu, 17 Mar 2005, Richard Houston wrote:
> I have replace the keys alreay. These are new keys altogether. It's not the keys that are wrong, they're in the wrong places. The verify failure indicates just that: both server and client have problems verifying the authenticity of oneanother. Now try this. At the server side: -change verify in '=2' At the client side: Make sure the client certificate is not commented out as it looks like in your config: > CApath=c:\stunnel > #cert=c:\stunnel\traf-test.pem Without a certificate at the client side there's no way the client will ever authenticate to your 'verify = 2' server. Secondly; remove the 'CAPath' directive from your client configuration and add the 'CAfile = /etc/stunnel/cacert.pem' to it. Do make sure you copy the cacert.pem to your client ;). I trust you did not include the private key of your CA in cacert.pem ;). Let me know what happens. Jan -- http://www.surfnet.nl/organisatie/jame _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 08:12 PM.
