Re: [opensuse] stunnel certificates [partly solved]

From: Koenraad Lelong <k.lelong@xxxxxxxxxxxxxxxxxx>
Date: Thu, 31 May 2007 15:51:56 +0200

George Stoianov schreef:

I have used this:
http://www.5dollarwhitebox.org/wiki/index.php/Howtos_Self_Signed_SSL_Certificates

To create a csr and cert etc. I had to only add a flag to generate the
file for the serial number.
I am not sure what is causing this issue, but trying a different
approach may help or llead to a different error message.
HTH
George

...
Well, I tried another howto, about adding TLS support to Postfix, which worked for my mail-server. But this didn't work either for stunnel. Finally I combined some howto's and I got partial success.
One has to append the private key, the certificate and "Diffie-Hellman parameters". Each section has a blank line between them. And the last line is also a blank line. I did it this way :
cat server.key > server.keycrt
echo \ >> server.keycrt
cat server.crt >> server.keycrt
echo \ >> server.keycrt
openssl gendh 512 >> server.keycrt
The server.keycrt is the cert stunnel uses.
With partial success I mean I can connect if I don't check the client certificate at the server (verify = 2). I believe the server can't find the client-certificate, but I don't know why. Anyone knows how to see which file an application tries to open ?
--
Met vriendelijke groeten,
Koenraad Lelong
R&D Manager
ACE electronics n.v.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

References:
- [opensuse] stunnel certificates
  - From: Koenraad Lelong
- Re: [opensuse] stunnel certificates
  - From: George Stoianov

Prev by Date: Re: [opensuse] console 10 syslog messages are going to active tty
Next by Date: Re: [opensuse] Connecting to OpenVPN server using NetworkManager
Previous by thread: Re: [opensuse] stunnel certificates
Next by thread: [opensuse] Re: [opensuse-factory] Making Basic Utilities work under normal user
Index(es):
- Date
- Thread

Relevant Pages

Re: TLS Handshake issue
... on the server certficate if I do not supply the MANUAL_VALIDATION flag? ... certificate and then sent my client certificate? ... should get SEC_E_CERT_EXPIRED if the server cert is expired. ...
(microsoft.public.platformsdk.security)
Re: Validating client cert from request
... Actually, if they want you to verify their certificate, that would be the ... server certificate, not the client certificate. ... would be the cert you provide BEFORE you connect that they would validate on ... you may not need to do much to validate the server certificate at ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Requesting web page from SSL site fails
... but fixing the cert is always best. ... >> The main reason SSL requests with HttpWebRequest fail is something wrong ... It is less likely that you need a client certificate, ... >> the server may be requesting one. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Requesting web page from SSL site fails
... but fixing the cert is always best. ... >> The main reason SSL requests with HttpWebRequest fail is something wrong ... It is less likely that you need a client certificate, ... >> the server may be requesting one. ...
(microsoft.public.dotnet.framework.aspnet.security)
RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
... it prompts the user for what client cert they want to use to connect to the ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
(Focus-Microsoft)