Jan Meijer said:
Hi Richard,
On Thu, 17 Mar 2005, Richard Houston wrote:
I have take over a stunnel install and all the clients certs have expired.
I didn't read anywhere in your logs the certs had expired ;).
Could you please send over the config of both your server and your client? It's probably something simple but looks like you made errors in both configs.
Jan
Hi Jan, I have replace the keys alreay. These are new keys altogether. Here is the configs as requested: Server: cert = /etc/stunnel/server.pem #chroot = /usr/local/var/run/stunnel/ # PID is created inside chroot jail pid = /tmp/stunnel.pid setuid = nobody #setgid = nogroup foreground = no # Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS # Authentication stuff verify = 333 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /etc/stunnel/certs # or simply use CAfile instead: CAfile = /etc/stunnel/cacert.pem # Some debugging stuff debug = 7 output = /var/log/stunnel.log # Use it for client mode #client = yes # Service-level configuration [school4] accept = XX.XXX.XXX.XXX:443 connect = 10.10.10.12:23 TIMEOUTidle = 3600 Client: CApath=c:\stunnel #cert=c:\stunnel\traf-test.pem client = yes verify = 2 debug=7 [schools] accept = 23 connect = XX.XXXX.XX.XX:443 Thanks for the help!