Hello Everyone,
I’m attempting to consume a web service that requires I authenticate the client using certificates. I was given a (.pfx) certificate locked with a password by the 3rd party vendor. I know I need to convert the current certificate I have into a (.pem) certificate, which I’ll use the openssl tools to accomplish this. I’m a bit new to SSL and network security, thus I’m not entirely sure if I should only be creating a client certificate from the original (.pfx) file or if a server certificate will also need to get created. I used the command: “pkcs12 –in certificate.pfx –out certificate.pem –nodes (–clcerts/-cacerts)” to create my pem certificate. Here is my current configuration: [SSLconnection] debug = 7 CAfile = certificate.pem client = yes verify = 2 accept = 127.0.0.1:9001 connect = web.service.com:443 And the log: (I obscured some information identity information) 2013.12.10 09:36:41 LOG5[9776:8488]: stunnel 4.56 on x86-pc-msvc-1500 platform 2013.12.10 09:36:41 LOG5[9776:8488]: Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013 2013.12.10 09:36:41 LOG5[9776:8488]: Threading:WIN32 Sockets:SELECT,IPv6 SSL:ENGINE,OCSP,FIPS 2013.12.10 09:36:41 LOG5[9776:8488]: Reading configuration from file stunnel.conf 2013.12.10 09:36:41 LOG5[9776:8488]: FIPS mode is enabled 2013.12.10 09:36:41 LOG5[9776:8488]: Configuration successful 2013.12.10 09:36:44 LOG5[9776:9024]: Service [SSLconnection] accepted connection from 127.0.0.1:60659 2013.12.10 09:36:44 LOG5[9776:9024]: connect_blocking: connected web.service.com:443 2013.12.10 09:36:44 LOG5[9776:9024]: Service [SSLconnection] connected remote server from 192.168.50.211:60660 2013.12.10 09:36:44 LOG5[9776:9024]: Certificate accepted: depth=1, /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C 2013.12.10 09:36:44 LOG5[9776:9024]: Certificate accepted: depth=1, /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C 2013.12.10 09:36:44 LOG4[9776:9024]: CERT: Certificate not found in local repository 2013.12.10 09:36:44 LOG4[9776:9024]: Certificate check failed: depth=0, /C=US/ST=Texas/L=Austin/O=OName/CN=web.service.com 2013.12.10 09:36:44 LOG3[9776:9024]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2013.12.10 09:36:44 LOG5[9776:9024]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket Looks like my problem is stemming from "Certificate not found in local repository"? Thank you in advance for any assistance, Jake _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
