Logs messages are generated upon connection attempt. Best Regards, David.
David Faizulaev | PL/SQL Developer | T +972 (3) 767 3026 | M +972 (54) 7314687 Centralized OT Security Management for Distributed SCADA/ICS Networks Please consider the environment before printing this e-mail -----Original Message----- From: stunnel-users [mailto:[email protected]] On Behalf Of Ludolf Holzheid Sent: Tuesday, May 17, 2016 4:22 PM To: [email protected] Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue On Tue, 2016-05-17 13:08:33 +0000, David Faizulaev wrote: > Latest update: > After further investigation, it became evident that Stunnel should run as > client. > Therefore, I've converted my existing certs file (from my application) into a > PEM file. > The file includes -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----. > > But I still get an error: > > 2016.05.17 15:57:24 LOG4[281]: CERT: Pre-verification error: self > signed certificate in certificate chain > 2016.05.17 15:57:24 LOG4[281]: Rejected by CERT at depth=1: > CN=NextnineCA > 2016.05.17 15:57:24 LOG3[281]: SSL_connect: 14090086: > error:14090086:SSL routines:ssl3_get_server_certificate:certificate > verify failed > > Here is the current configuration: > > [custom] > client = yes > accept = 127.0.0.1:8449 > connect = 192.168.220.62:443 > verify = 2 > CAfile = myapp.pem David, CAfile should point to a list of trusted certificates. The file(s) for your pair of certificate and key should be specified with cert=... (and key=..., if certificate and key are stored to separate files). Are the log messages generated at stunnel startup or at connection establishment? Ludolf -- Ludolf Holzheid Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany Tel: +49 621 33996-0 Fax: +49 621 3392239 mailto:[email protected] http://www.bihl-wiedemann.de Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
