[stunnel-users] Client cert auth ?

Brian Ipsen brian.ipsen at rg47c.dk
Tue Feb 27 13:12:32 CET 2018


 I am trying to see if I can get stunnel to authenticate using a client certificate  towards a F5 setup - but I am having trouble getting it to work.

Certificates are issued froma Microsoft PKI - where the F5 checks validity via an OCSP responder.

In my stunnel config file, I have:

accept =
connect = F5test.xxx.dk:443
delay = yes
CAFile = GlobalSign-cert-Chain.pem
Cert = BaaSClientCertificatePlain.pem
key = BaaSClientCertificatePlain.key
verify = 2

In the CAFile, I have the root CA and issuing certificate from GlobalSign - which have created the SSL certificate being used on the F5 (server side).

Cert and Key points to the certificate and private key from my internal Microsoft based PKI.. But should the certificate chain from my internal PKI be listed somewhere as well ?

Is this the way to do it - and is stunnel capable of handling client certificate validation ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180227/e44d066a/attachment.html>

More information about the stunnel-users mailing list