[stunnel-users] must restart stunnel to add a new cert before it recognized it...

Jan Meijer jan.meijer at surfnet.nl
Tue Nov 14 09:18:23 CET 2006

On Mon, 13 Nov 2006, Rami Michael wrote:

> My stunnel setup is working fine, got mysql being hit from a couple of boxes
> but my question is this...
> I have stunnel setup so i copy the cert created from the remote client over
> to the local server so remote connections are authenticated.
> Now that works fine and dandy, the issue is, if i am adding a new remote
> client, i add the cert from the client to my certs.pem locally but i need to
> restart the stunnel process before stunnel will "read in" the new cert.
> I know this does not sound like a big deal, but if i have 20 machines
> connected through stunnel to this local box and i need to restart stunnel
> whenever i need to add a new box or take off an old one, i don't think its
> good.
> I use stunnel for mysql so i got these guys doing inserts and a broken
> connection would really mess things up for me... i think maybe there is a
> flag i can set?  or maybe send the process some type of command to reload
> the certs?

What you want is to use the CApath = directory to verify your client

Check the Global Options section of the manpage.




More information about the stunnel-users mailing list