Thx for replying, Scott ... how did you handle multiple users on the PC, though? They all shared that cert?

I thought about having a single location and copying to there on user login (from a standard location in a user's home dir, e.g.) ... then firing up stunnel ... but it seems like so much can go wrong, resulting in User B accessing using User A's certificate (because the copy failed, e.g.). And we're leery of exposing User A's cert to User B - especially since stunnel doesn't support encryption of the user's key, right? So the permissions would be a little tricky and maybe fragile.

Seems like there should be a straightforward way to do it, dadnabit!


From: Scott Gifford <sgifford@suspectclass.com>
To: Bucci, David G
Cc: stunnel-users@mirt.net <stunnel-users@mirt.net>
Sent: Mon Aug 30 17:41:09 2010
Subject: EXTERNAL: Re: [stunnel-users] Individual user certs for each person who uses Windows PC

On Mon, Aug 30, 2010 at 3:41 PM, Bucci, David G <david.g.bucci@lmco.com> wrote:
[ ... ] 
I've tried using envvars in the stunnel.conf (e.g., cert = %USERPROFILE%\usercert.pem), tried adjusting the command line to include "-p %USERPROFILE%\usercert.pem" as an option ...

We implemented something similar by simply making a "C:\stunnel" directory on each PC, naming the certificate the same thing on all machines, then hardcoding that path into the stunnel configuration (e.g. "C:\stunnel\usercert.pem").  Not quite as nice as %USERPROFILE%\usercert.pem, but it worked.  :-)

Hope this is helpful,

----Scott.