Results 1 to 6 of 6
  1. #1
    Join Date
    Jun 2002
    United Kingdom

    Installed EV Cert into stunnel?

    Hello Guys,

    A customer has bought an Extended Validation certificate and im having problems installing this in stunnel.

    I have never used EV certs before, and im only experienced installing one key and one cert file into apache.

    I got a zip file from the signing company which contained the following files:

    KEYNECTIS Extended Validation CA.cer
    Class_2_Primary_CA.cer for the domain the cert is for.

    I have installed the and into stunnel using the key and cert config values.

    However im getting an error in any browser:

    The certificate is not trusted because the issuer certificate is unknown.
    (Error code: sec_error_unknown_issuer)
    I think I have to do a key chain or something but all the guides I find are for setting up apache2 with EV, whereas I need to install it into stunnel to decrypt the data and forward it only haproxy over http on the same machine.

    Anyone know how I create a keychain or whatever I need to do to install these 3 certs into stunnel?


  2. #2
    Join Date
    May 2008
    Do you use it for right domain?

  3. #3
    Join Date
    Jun 2002
    United Kingdom
    Quote Originally Posted by MMrs View Post
    Do you use it for right domain?

    Yes I use it for the right domain... If I try to use it for a different domain I get the above error as well as a new error telling me that the cert is only valid for

    Obviously... I am using as an example, it states my real domain names.

    There is nothing wrong with the certs, it is a configuration issue. Anyone used certificate chaining with stunnel?


  4. #4
    You need to place all 3 certificates into one .cer file.
    Have for the key value
    Have mydomain.bundle.crt for the cert value

    Make the mydomain.bundle.crt file by taking each of the .cer files and merging them together in the following order:
    • cert
    • intermediate certificate(I think its KEYNECTIS Extended Validation CA.cer)
    • root certificate (Class_2_Primary_CA.cer)

    You should have the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines included around each one.

    Restart stunnel and that should fix it.

    You can use openssl to help verify: openssl s_client -connect

  5. #5
    Join Date
    Jun 2002
    United Kingdom

    Thanks for the reply.

    I put them all in one cert file before, and stunnel wouldn't start (gave me some strange error about the key and cert not matching).

    I just did it in the order that your specified and it worked!!!

    I didn't realise that it had to be in a specific order.

    Thanks for your help!


  6. #6
    can stunnel be installed on Godaddy shared hosting?

Similar Threads

  1. Installed SSL cert but get this: Error code: sec_error_untrusted_issuer
    By chasebug in forum Hosting Security and Technology
    Replies: 0
    Last Post: 08-09-2010, 12:03 AM
  2. Need a SSL Cert installed
    By coax_k in forum Systems Management Requests
    Replies: 4
    Last Post: 09-08-2008, 10:55 AM
  3. Verifying that a SSL cert is installed correctly
    By DSD in forum Hosting Security and Technology
    Replies: 15
    Last Post: 05-02-2004, 09:49 PM
  4. SSL Cert is installed, and I want to transfer servers!
    By VanHost in forum Hosting Security and Technology
    Replies: 4
    Last Post: 09-11-2003, 01:42 AM
  5. stunnel
    By Bully in forum Hosting Security and Technology
    Replies: 1
    Last Post: 08-11-2003, 06:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts