verify = 3 error with certificate client
Hello List I have stunnel 4.7 In the messages of the list I have not seen solution to my problem. This is VERIFY ERROR ONLY MY: no cert stunnel.log in Server ################## 2005.02.25 07:55:07 LOG5[2501:1076546480]: VERIFY OK: depth=1, /C=CU/ST=Ciudad Habana/L=Centro Habana/O=Segurmatica/OU=Agencia de Certificacion/CN=Segurmatica/emailAddress=ca@segurmatica.cu 2005.02.25 07:55:07 LOG4[2501:1076546480]: VERIFY ERROR ONLY MY: no cert for /C=CU/ST=Ciudad Habana/L=Centro Habana/O=Ministerio Informatica y Comunicaciones/OU=Segurmatica/CN=Humberto Morell/emailAddress=morell@seg.inf.cu 2005.02.25 07:55:07 LOG7[2501:1076546480]: SSL alert (write): fatal: certificate unknown ############# stunnel.conf in Server ############## #chroot = /var/lib/stunnel/ verify = 3 CApath = /etc/stunnel/certdb # or simply use CAfile instead: #CAfile = /etc/stunnel/certs.pem CAfile = /etc/stunnel/acsegurmatica.crt #cert = /etc/stunnel/stunnel.pem cert = /etc/stunnel/certstunnel.pem ################# File in /etc/stunnel ############### certdb morell.pem stunnel.prueba.pem certstunnel.pem stunnel.conf acsegurmatica.crt morell.crt stunnel.log certclient morell.key stunnel.pem ############### Link in /etc/stunnel/certdb ############### drwxr-xr-x 2 root root 176 Feb 25 11:06 . drwx------ 4 root root 472 Feb 25 10:52 .. lrwxrwxrwx 1 root root 24 Feb 25 11:00 2307a3fe.0 -> /etc/stunnel/stunnel.pem lrwxrwxrwx 1 root root 30 Feb 25 11:01 3f5b7ca8.0 -> /etc/stunnel/acsegurmatica.crt lrwxrwxrwx 1 root root 23 Feb 25 11:03 3fb3183e.0 -> /etc/stunnel/morell.pem lrwxrwxrwx 1 root root 28 Feb 25 11:06 d14abd18.0 -> /etc/stunnel/certstunnel.pem ################# client in Windows stunnel.conf ############## client = yes cert = d:\morell.pem debug = 7 output = d:\stunnel.log [lsd] accept = 9595 connect = 10.10.1.83:9500 [ssh] accept = 2222 connect = 10.10.1.83:9522 ##################### Note: I don't use chroot I have try, but idem error with. File morell.pem only client certificate and other time file morell.pem Key private crl Certificate With verify = 2 all is ok Please help Best regards Morell
On Fri, 25 Feb 2005, Humberto Morell wrote:
stunnel.log in Server ################## 2005.02.25 07:55:07 LOG5[2501:1076546480]: VERIFY OK: depth=1, /C=CU/ST=Ciudad Habana/L=Centro Habana/O=Segurmatica/OU=Agencia de Certificacion/CN=Segurmatica/emailAddress=ca@segurmatica.cu 2005.02.25 07:55:07 LOG4[2501:1076546480]: VERIFY ERROR ONLY MY: no cert for /C=CU/ST=Ciudad Habana/L=Centro Habana/O=Ministerio Informatica y Comunicaciones/OU=Segurmatica/CN=Humberto Morell/emailAddress=morell@seg.inf.cu 2005.02.25 07:55:07 LOG7[2501:1076546480]: SSL alert (write): fatal: certificate unknown #############
What the message tells you is there is no certificate for the mentioned DN (/C=CU...) in /etc/stunnel/certdb/. So the question to be answered is: is one of these:
lrwxrwxrwx 1 root root 24 Feb 25 11:00 2307a3fe.0 -> /etc/stunnel/stunnel.pem lrwxrwxrwx 1 root root 30 Feb 25 11:01 3f5b7ca8.0 -> /etc/stunnel/acsegurmatica.crt lrwxrwxrwx 1 root root 23 Feb 25 11:03 3fb3183e.0 -> /etc/stunnel/morell.pem lrwxrwxrwx 1 root root 28 Feb 25 11:06 d14abd18.0 -> /etc/stunnel/certstunnel.pem #################
the same as this one?
cert = d:\morell.pem
Hello Thank List and you Jan Yes the morell.pem is a certificate ok. Excuse, the error message in log is confuses The problem was permission in directory, I change permission and all is ok Best regards Morell ----- Original Message ----- From: "Jan Meijer" <jan.meijer@surfnet.nl> To: "Humberto Morell" <morell@segurmatica.com> Cc: <stunnel-users@mirt.net> Sent: Tuesday, March 01, 2005 3:58 AM Subject: Re: [stunnel-users] verify = 3 error with certificate client
On Fri, 25 Feb 2005, Humberto Morell wrote:
stunnel.log in Server ################## 2005.02.25 07:55:07 LOG5[2501:1076546480]: VERIFY OK: depth=1, /C=CU/ST=Ciudad Habana/L=Centro Habana/O=Segurmatica/OU=Agencia de Certificacion/CN=Segurmatica/emailAddress=ca@segurmatica.cu 2005.02.25 07:55:07 LOG4[2501:1076546480]: VERIFY ERROR ONLY MY: no cert for /C=CU/ST=Ciudad Habana/L=Centro Habana/O=Ministerio Informatica y Comunicaciones/OU=Segurmatica/CN=Humberto Morell/emailAddress=morell@seg.inf.cu 2005.02.25 07:55:07 LOG7[2501:1076546480]: SSL alert (write): fatal: certificate unknown #############
What the message tells you is there is no certificate for the mentioned DN (/C=CU...) in /etc/stunnel/certdb/. So the question to be answered is: is one of these:
lrwxrwxrwx 1 root root 24 Feb 25 11:00 2307a3fe.0 -> /etc/stunnel/stunnel.pem lrwxrwxrwx 1 root root 30 Feb 25 11:01 3f5b7ca8.0 -> /etc/stunnel/acsegurmatica.crt lrwxrwxrwx 1 root root 23 Feb 25 11:03 3fb3183e.0 -> /etc/stunnel/morell.pem lrwxrwxrwx 1 root root 28 Feb 25 11:06 d14abd18.0 -> /etc/stunnel/certstunnel.pem #################
the same as this one?
cert = d:\morell.pem
Jan
On Tue, 1 Mar 2005, Humberto Morell wrote:
Thank List and you Jan Yes the morell.pem is a certificate ok. Excuse, the error message in log is confuses The problem was permission in directory, I change permission and all is ok
Haha, that was the other thing that can happen. Happend to me a couple of times as well ;). Glad it works. Jan -- http://www.surfnet.nl/organisatie/jame
participants (3)
-
Humberto Morell -
Humberto Morell -
Jan Meijer