[stunnel-users] Client cert auth ?

• Previous message (by thread): [stunnel-users] [PATCH] Address already in use (98) when binding to localhost
• Next message (by thread): [stunnel-users] Client cert auth ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

 I am trying to see if I can get stunnel to authenticate using a client certificate  towards a F5 setup - but I am having trouble getting it to work.

Certificates are issued froma Microsoft PKI - where the F5 checks validity via an OCSP responder.

In my stunnel config file, I have:


[F5Cert]
client=yes
accept = 127.0.0.1:1598
connect = F5test.xxx.dk:443
delay = yes
CAFile = GlobalSign-cert-Chain.pem
Cert = BaaSClientCertificatePlain.pem
key = BaaSClientCertificatePlain.key
verify = 2

In the CAFile, I have the root CA and issuing certificate from GlobalSign - which have created the SSL certificate being used on the F5 (server side).

Cert and Key points to the certificate and private key from my internal Microsoft based PKI.. But should the certificate chain from my internal PKI be listed somewhere as well ?


Is this the way to do it - and is stunnel capable of handling client certificate validation ?

Regards
Brian
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180227/e44d066a/attachment.html>

• Previous message (by thread): [stunnel-users] [PATCH] Address already in use (98) when binding to localhost
• Next message (by thread): [stunnel-users] Client cert auth ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]