Issue resolved. I was overthinking it, once I used cert=/path/to/file.p12, and let stunnel prompt for password, it all worked.

 

 

 

Good morning,

 

I’m hoping you can help point me in the right direction. The problem I’m trying to solve is enabling TLS 1.2 connections on a Windows (environment has both Windows 2008 and Windows 10 environments) platform. Currently, my private keys are managed by the Windows certificate store, using the capi engineId within stunnel (v 5.41), which uses OpenSSL 1.0.1. Because of this, stunnel can only negotiate a TLS 1.1 connection.

 

I’ve tried compiling OpenSSL 1.1.0f and stunnel 5.41, but no luck either cross compiling under CentOS, nor under Windows using either MSYS2/MINGW32 or Cygwin.

 

What I’m looking for is any one of the following

 

1)      solid current cross-compiling examples or references

2)      solid current Windows compiling examples or references using extant versions

3)      a way to manage the pfx/p12 (private key) in stunnel without resorting to the Windows certificate store.

 

Option 3 is preferred. I see how to manage pkcs11, but not pkcs12.

 

Thank you in advance!

 

 

Liz Turi

Sr. Consultant

Massachusetts eHealth Collaborative

860 Winter Street, Waltham, MA 02451

(m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589

www.maehc.org