Hi All, I'm trying to create SSl tunnel between my server (Win 2008 R2, 4.56 version of stunnel) and remote application server - I have merged both root and sub certificate into 1 file and it looks like it can verify them and accept them as well, but then it tries to verify it at depth=0 and says certificate not found in local repository. Am I missing anything here ? (I modified messages to not disclose details of certificates in the debug below). Thank you! BR, Roman 2013.06.18 11:22:34 LOG7[272:2156]: Service [SZX] started 2013.06.18 11:22:34 LOG5[272:2156]: Service [SZX] accepted connection from 127.0.0.1:49397 2013.06.18 11:22:34 LOG6[272:2156]: connect_blocking: connecting 10.254.0.21:443 2013.06.18 11:22:34 LOG7[272:2156]: connect_blocking: s_poll_wait 10.254.0.21:443: waiting 10 seconds 2013.06.18 11:22:34 LOG5[272:2156]: connect_blocking: connected 10.254.0.21:443 2013.06.18 11:22:34 LOG5[272:2156]: Service [SZX] connected remote server from 192.168.20.23:49398 2013.06.18 11:22:34 LOG7[272:2156]: Remote socket (FD=396) initialized 2013.06.18 11:22:34 LOG7[272:2156]: SNI: sending servername: 10.254.0.21 2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): before/connect initialization 2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): SSLv3 write client hello A 2013.06.18 11:22:34 LOG7[272:2156]: SSL state (connect): SSLv3 read server hello A 2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification: depth=2, /CN=xxx RootCA 2013.06.18 11:22:34 LOG5[272:2156]: Certificate accepted: depth=2, /CN=xxx RootCA 2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification: depth=1, /CN=xxx 2013.06.18 11:22:34 LOG5[272:2156]: Certificate accepted: depth=1, /CN=xxx SubCA1 2013.06.18 11:22:34 LOG7[272:2156]: Starting certificate verification: depth=0, /C=zzz 2013.06.18 11:22:34 LOG4[272:2156]: CERT: Certificate not found in local repository 2013.06.18 11:22:34 LOG4[272:2156]: Certificate check failed: depth=0, /C=zzz 2013.06.18 11:22:34 LOG7[272:2156]: SSL alert (write): fatal: certificate unknown 2013.06.18 11:22:34 LOG3[272:2156]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2013.06.18 11:22:34 LOG5[272:2156]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2013.06.18 11:22:34 LOG7[272:2156]: Remote socket (FD=396) closed 2013.06.18 11:22:34 LOG7[272:2156]: Local socket (FD=376) closed 2013.06.18 11:22:34 LOG7[272:2156]: Service [SZX] finished (0 left)