Hi all !
After trying many hours to get client/server authentication via
certificate to work with stunnell-3.4a (openssl-0.9.4), I require
some help from enlightened people.
Here's what I did:
- create a certificate authority (openssl req -new -x509
-nodes -keyout keyCAcert.pem -out CAcert.pem)
- create a certificate request (openssl req -new -nodes
-keyout newkey.pem -out newreq.pem -days 365)
- sign it with the certificate authority private key
to form a server certificate (openssl ca -days 365 -keyfile
keyCAcert.pem -cert CAcert.pem -policy policy_anything
-in newreq.pem -out newcert.pem)
- concatanate newkey.pem & newcert.pem in
/usr/local/ssl/certs/stunnel.pem
Now, everything works as long as I don't put -v 1 in stunnel (client
side), that is, as long as I don't try to authenticate the server.
When I try to do so, I get a
"Sep 19 18:57:56 localhost stunnel[1753]: VERIFY ERROR: depth=0
error=unable to get local issuer certificate: /C=FR/ST=Seine
St-Denis/L=La Courneuve/O=No Company/CN=certificat
serveur/Email=aucun", even if the client stunnel knows of the private
and public keys (in /usr/local/ssl/certs/stunnel.pem) or public and
private keys of the certificate authority ...
Anyone has an idea on that ?
Herve Regad-Pellagru
(E-mail address: replace what is before '@' by 'regad' in the FROM line)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]