[stunnel-users] Stunnel and configuration

• Previous message (by thread): [stunnel-users] Stunnel and configuration
• Next message (by thread): [stunnel-users] Stunnel and configuration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 22 Feb 2005, Bohdan Linda wrote:

> CAfile = /etc/certificates/certs            -file where first item is my CA 
> certificate followed by list of 
> all client certificates sgined  by my CA.

I use the CApath = directory directive for my client certificates.  The 
client certificates are pointed to by hashed symlinks.  Also makes it a 
lot easier to remove a client certificate if you want to revoke access to 
your stunnel for that particular certificate.

> cert = /etc/certificates/server.pem
> chroot = /var/run/stunnel/
> CAfile = /etc/certificates/CA/cacert.pem   - only certificate of my CA
> CRLfile = /etc/certificates/crls      - only certificates signed by my CA

CRL file is *not* 'only certificates signed by my CA', it stands for: do 
not let any certificates *revoked* by my CA in.

Jan

-- 
http://www.surfnet.nl/organisatie/jame

• Previous message (by thread): [stunnel-users] Stunnel and configuration
• Next message (by thread): [stunnel-users] Stunnel and configuration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]