var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
Installed EV Cert into stunnel?
A customer has bought an Extended Validation certificate and im having problems installing this in stunnel.
I have never used EV certs before, and im only experienced installing one key and one cert file into apache.
I got a zip file from the signing company which contained the following files:
KEYNECTIS Extended Validation CA.cer
www.example.com.cer for the domain the cert is for.
I have installed the www.example.com.cer and www.example.com.key into stunnel using the key and cert config values.
However im getting an error in any browser:
I think I have to do a key chain or something but all the guides I find are for setting up apache2 with EV, whereas I need to install it into stunnel to decrypt the data and forward it only haproxy over http on the same machine.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
Anyone know how I create a keychain or whatever I need to do to install these 3 certs into stunnel?
Do you use it for right domain?
Originally Posted by
Yes I use it for the right domain... If I try to use it for a different domain I get the above error as well as a new error telling me that the cert is only valid for www.example.com.
Obviously... I am using www.example.com as an example, it states my real domain names.
There is nothing wrong with the certs, it is a configuration issue. Anyone used certificate chaining with stunnel?
You need to place all 3 certificates into one .cer file.
Have mydomain.com.key for the key value
Have mydomain.bundle.crt for the cert value
Make the mydomain.bundle.crt file by taking each of the .cer files and merging them together in the following order:
www.domain.com cert intermediate certificate(I think its KEYNECTIS Extended Validation CA.cer) root certificate (Class_2_Primary_CA.cer)
You should have the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines included around each one.
Restart stunnel and that should fix it.
You can use openssl to help verify: openssl s_client -connect www.host.com:port
Thanks for the reply.
I put them all in one cert file before, and stunnel wouldn't start (gave me some strange error about the key and cert not matching).
I just did it in the order that your specified and it worked!!!
I didn't realise that it had to be in a specific order.
Thanks for your help!
can stunnel be installed on Godaddy shared hosting?
By chasebug in forum Hosting Security and Technology
Last Post: 08-09-2010, 12:03 AM
By coax_k in forum Systems Management Requests
Last Post: 09-08-2008, 10:55 AM
By DSD in forum Hosting Security and Technology
Last Post: 05-02-2004, 09:49 PM
By VanHost in forum Hosting Security and Technology
Last Post: 09-11-2003, 01:42 AM
By Bully in forum Hosting Security and Technology
Last Post: 08-11-2003, 06:26 PM