Is $SUBJECT possible?
I use stunnel to connect to my old "smart" switches that don't support
modern TLS protocols, ciphers, etc. Recently, their existing
certificates all expired, and I tried to install new certificates on all
of them, only to discover that they won't accept my new CA certificate,
because it was signed with a 3072-bit key.
I could go through the trouble of generating a separate CA certificate
with a 2048-bit key, sign new certificates with that key, etc., etc.,
but it starts to seem a bit silly at that point. Far better to simply
generate a self-signed certificate for each switch and configure stunnel
to only accept that particular certificate (i.e. "pin" it).
Is this possible with stunnel? If so, how would I go about configuring
it to do this?
(Search engines are telling me to use "verify = 4", but stunnel(8) says
that option is obsolete.)
TIA!
--
========================================================================
If your user interface is intuitive in retrospect ... it isn't intuitive
========================================================================
