[stunnel-users] RE: question about stunnel setup

Anthony Cicalla Anthony.Cicalla at BankServ.com
Tue Feb 14 19:09:44 CET 2006

Encrypting traffic to a remote syslog-ng server including SSL peer

1. Install stunnel and syslog-ng on all machines.

2. Create certificates for all machines. On RedHat 9 and similar machines,
you can do the following as root:

# cd /etc/pki/tls/certs
# make syslog-ng-server.pem
# make syslog-ng-client.pem

3. Place copies of syslog-ng-server.pem on all machines in /etc/stunnel with
one important alteration. The clients only need the certificate section of
syslog-ng-server.pem. In other words, remove the private key section from
syslog-ng-server.pem on all clients. Place every client's
syslog-ng-client.pem in /etc/stunnel. For server, create a special
syslog-ng-client.pem containing the certificate sections for all clients and
place in /etc/stunnel. In other words, remove the private key sections from
all syslog-ng-client.pem files and concatenate what is left to create
server's special syslog-ng-client.pem.

Ok my question is from above it says to create one syslog-ng-client.pem file
per client.  1)Do the names for each of these need to remain
syslog-ng-client.pem or can they have names that reflect the host that they
are on? 2) if they all need to keep that name do just move the client file
to one client/host and then delete it from the server then move on to create
the next?

More information about the stunnel-users mailing list