[stunnel-users] Stunnel and configuration
jan.meijer at surfnet.nl
Tue Feb 22 16:34:42 CET 2005
On Tue, 22 Feb 2005, Bohdan Linda wrote:
> CAfile = /etc/certificates/certs -file where first item is my CA
> certificate followed by list of
> all client certificates sgined by my CA.
I use the CApath = directory directive for my client certificates. The
client certificates are pointed to by hashed symlinks. Also makes it a
lot easier to remove a client certificate if you want to revoke access to
your stunnel for that particular certificate.
> cert = /etc/certificates/server.pem
> chroot = /var/run/stunnel/
> CAfile = /etc/certificates/CA/cacert.pem - only certificate of my CA
> CRLfile = /etc/certificates/crls - only certificates signed by my CA
CRL file is *not* 'only certificates signed by my CA', it stands for: do
not let any certificates *revoked* by my CA in.
More information about the stunnel-users