stunnel verify level for both self-signed and third partycertificates - Security

This is a discussion on stunnel verify level for both self-signed and third partycertificates - Security ; Hi all, I am using stunnel to send messages from my client application to a server. Local testing requires that I use a self-signed certificate, while the deployed product will use a thrid-party certificate authority. I have 2 related questions ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: stunnel verify level for both self-signed and third partycertificates

  1. stunnel verify level for both self-signed and third partycertificates

    Hi all,
    I am using stunnel to send messages from my client application to a
    server. Local testing requires that I use a self-signed certificate,
    while the deployed product will use a thrid-party certificate
    authority. I have 2 related questions on how to set this up. To make
    the generation of the stunnel config file simple, I would like to use
    one verify level for both testing and deployment. I think that level 2
    is what I need. I used openssl to create a self-signed certificate for
    the client, and another for the server. When I have verfiy=2 for
    stunnel, verification fails. What do I need for stunnel to
    successfully verify the server?

    Thanks,

    Scott

  2. Re: stunnel verify level for both self-signed and third partycertificates

    On 4 Feb, 18:57, cudr...@cig.mot.com wrote:
    > Hi all,
    > I am using stunnel to send messages from my client application to a
    > server. Local testing requires that I use a self-signed certificate,
    > while the deployed product will use a thrid-party certificate
    > authority. I have 2 related questions on how to set this up. To make
    > the generation of the stunnel config file simple, I would like to use
    > one verify level for both testing and deployment. I think that level 2
    > is what I need. I used openssl to create a self-signed certificate for
    > the client, and another for the server. When I have verfiy=2 for
    > stunnel, verification fails. What do I need for stunnel to
    > successfully verify the server?
    >
    > Thanks,
    >
    > Scott


    The public certificate of the signing authority needs to be available
    to stunnel in the directory referenced by CApath in the serverside
    config file.

    C.

+ Reply to Thread