Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Installed EV Cert into stunnel?


Installed EV Cert into stunnel?




Posted by matt2kjones, 04-08-2011, 04:02 AM
Hello Guys, A customer has bought an Extended Validation certificate and im having problems installing this in stunnel. I have never used EV certs before, and im only experienced installing one key and one cert file into apache. I got a zip file from the signing company which contained the following files: KEYNECTIS Extended Validation CA.cer Class_2_Primary_CA.cer www.example.com.cer for the domain the cert is for. I have installed the www.example.com.cer and www.example.com.key into stunnel using the key and cert config values. However im getting an error in any browser: I think I have to do a key chain or something but all the guides I find are for setting up apache2 with EV, whereas I need to install it into stunnel to decrypt the data and forward it only haproxy over http on the same machine. Anyone know how I create a keychain or whatever I need to do to install these 3 certs into stunnel? Thanks!
Posted by MMrs, 04-08-2011, 04:39 AM
Do you use it for right domain?
Posted by matt2kjones, 04-08-2011, 07:11 AM
Hey, Yes I use it for the right domain... If I try to use it for a different domain I get the above error as well as a new error telling me that the cert is only valid for www.example.com. Obviously... I am using www.example.com as an example, it states my real domain names. There is nothing wrong with the certs, it is a configuration issue. Anyone used certificate chaining with stunnel? Thanks
Posted by propcgamer, 04-08-2011, 07:13 AM
You need to place all 3 certificates into one .cer file. Have mydomain.com.key for the key value Have mydomain.bundle.crt for the cert value Make the mydomain.bundle.crt file by taking each of the .cer files and merging them together in the following order: www.domain.com certintermediate certificate(I think its KEYNECTIS Extended Validation CA.cer)root certificate (Class_2_Primary_CA.cer) You should have the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines included around each one. Restart stunnel and that should fix it. You can use openssl to help verify: openssl s_client -connect www.host.com:port
Posted by matt2kjones, 04-08-2011, 07:27 AM
Hello, Thanks for the reply. I put them all in one cert file before, and stunnel wouldn't start (gave me some strange error about the key and cert not matching). I just did it in the order that your specified and it worked!!! I didn't realise that it had to be in a specific order. Thanks for your help! Matt
Posted by topeomokungbe, 05-08-2013, 01:53 AM
can stunnel be installed on Godaddy shared hosting?


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
All services fail and restart every five minutes, and how I fixed it. (Views: 759)
reseller service who also sells .be domains (Views: 766)
#1062 - Duplicate entry '23933-27243-0' for key 'membersid' (Views: 814)
Need some help getting the most out of Apache (Views: 759)
Advice from veterans of the business wanted (Views: 764)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.