T10:50:47.463611+02:00 tutatis stunnel: ] Deallocating temporary section defaults T10:50:47.463425+02:00 tutatis stunnel: !] Service : Failed to initialize TLS context T10:50:47.463247+02:00 tutatis stunnel: ] Loading certificate from file: /etc/stunnel/stunnel.pem ] Reading configuration from file /etc/stunnel/nf T10:50:47.462014+02:00 tutatis stunnel: ] Initializing inetd mode configuration ] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP ] stunnel 5.57 on x86_64-suse-linux-gnu platform T10:50:47.460944+02:00 tutatis stunnel: ] Initializing inetd mode configuration I don think the error is the same it was before (it was two months or more ago, and I have kept an old release of stunnel since then until now I have upgraded to the last version) but there is a error I have changed to the old self-signed key and restarted stunnel. Recently a update of stunnel forbids self-signed certificatesĬare to elaborate? I see nothing in stunnel documentation, rather it explicitly explains in several places how to use self-signed certificate. You need both to verify certificate issued to you. It itself is signed by “USERTrust RSA Certification Authority” which is present in the list of trusted root CA. “Sectigo RSA Domain Validation Secure Server CA” is intermediate certificate used to sign domain name certificates. Either you need to manually install each intermediate certificate on fetchmail system or you should put full chain in stunnel configuration. To verify client certificate it is necessary to follow its chain up to root certificate. **root CA certificate**.Ĭlient certificates are normally signed with intermediate certificates which are refreshed rather frequently. Quoting stunnel documentation The file should contain t**he whole certificate chain **starting from the actual server/client certificate, and ending with the. Do I need to add some certificate to /etc/ssl/certs in the client?įperal: unable to get local issuer certificateįetchmail: This could mean that the server did not provide the intermediate CA's certificate(s) fetchmailrc and it stops complaining, so I can use it, but i would like to know what is going wrong. (Better use -sslcertck!)Īs fethmail returns the fingerprint of the server, I have added a sslfingerprint option in. R details, please see the documentation of -sslcertpath and -sslcertfile in the manual page.įetchmail: Warning: the connection is insecure, continuing anyways. README.SSL-SERVER document that ships with fetchmail.įetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. Unable to get local issuer certificateįetchmail: Broken certification chain at: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CAįetchmail: This could mean that the server did not provide the intermediate CA's certificate(s), which is nothing fetchmail could do anything about. Key = /pathtomycertificate.keyĪnd Tested from a remote machine with fetchmail to get mail using POP3S. Recently a update of stunnel forbids self-signed certificates, so I bought a valid certificate from namecheap, to use it with apache an stunnel. I was using stunnel with a self-signed certificate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |