[stunnel-users] using no certificate

Nardmann, Heiko heiko.nardmann at secunet.com
Mon Feb 14 10:54:02 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Montag 14 Februar 2005 08:52, Zohar wrote:
> Hi,
> I'm very new to all this issue of SSL, so I apologize if this question
> sounds stupid. I currently have a server that listens to connections on a
> TCP port. Clients that connect to it may do so using SSL v3 (mobile
> clients, which use their own SSL packages, so I have very little control
> over it). I want to add stunnel to my server's setting, to enable SSL
> communication. I have no need for the client to authenticate the server, I
> am only interested in the data being encrypted. I tried setting this up,
> but the client complains that my server certificate cannot be authenticated
> (I produced it using http://www.stunnel.org/pem/). Any pointers on how to
> set such a thing up (even for the time being, while I develop), without
> having to pay lots of money to a CA ?

The server certificate has to be added to the clients trustbase, i.e. the 
client has to be configured to accept your (probably) self-signed server 
certificate. This has to be done for each client.

- -- 
Heiko Nardmann (Dipl.-Ing. Technische Informatik)
secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de),
Weidenauer Str. 223-225, D-57076 Siegen
Tel. : +49 271 48950-13, Fax  : +49 271 48950-50

Besuchen Sie uns vom 10. - 16. März auf der CeBIT 2005 in Halle 7, Stand D38.

Informationen zu unseren CeBIT-Themen finden Sie unter www.secunet.com 
<outbind://44/www.secunet.com>  - wir freuen uns auf das Gespräch mit Ihnen.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCEHU7pm53PRScYygRAtv7AKCxh5rWEssYyfyE/GDXB0Bnl4tpRgCg6dO0
5rvy9Ox8iirhoIjlX4+Q/LE=
=FsmA
-----END PGP SIGNATURE-----



More information about the stunnel-users mailing list