[stunnel-users] What do I need to provide an SSL service and verify individual clients?

John Long codeblue at inbox.lv
Mon Jul 22 16:31:11 CEST 2013


Hi,

I want to set up a service using stunnel as a server. I want only specific
clients to be able to connect. Each client will have an SSL-enabled client
app.

I understand the part about needing to create a self-signed cert for the
stunnel server. I don't understand what Stunnel will require from each
client. Do I have to create CSRs for each client and sign them with my
self-signed cert, or will the keys from additional standalone self-signed
certs for each client be good enough on the client side as long as I have a
cert that for each key in the certificate path of the server?

Is it correct that verify=3 will make sure only clients that have keys
matching the certs in the server cert path can connect?

If a client with a key that I have no cert for tries to connect, what should
happen? Will it time out or will there be an error that the key isn't valid?

Thanks,

/jl




More information about the stunnel-users mailing list