[stunnel-users] Certificates and public/private keys

Dario Teixeira darioteixeira at yahoo.com
Tue Jun 26 20:27:15 CEST 2007

Dear Stunnel users,

I have a webserver running on a machine behind a firewall.
I can easily punch a hole on the firewall, allowing any
user on the Internet to access the webserver.  However,
I want to restrict access *only* to some people, those in
possession of a secret key.

At first sight, this seems like a job for plain ssh
tunneling rather than stunnel, but as far as I understand
it, ssh tunnels require that the connecting users have an
account on the server machine.  That won't happen here.
It seems that stunnel is therefore more appropriate for
this particular problem.

Now, the port forwarding mechanics seem similar to those
in ssh.  I have no problems understanding those.  The only
problems I am having are figuring out the generation
of keys.  My excuses if I am using a terminology based on
ssh or if I am way off about the capabilities of stunnel,
but how can I generate the server's private and public
keys? (the latter to be handed out to the clients)

I have followed the instructions in the README.Debian file
that accompanies the Debian stunnel4 package to produce
a stunnel.pem certificate.  With it, I have successfully
established a stunnel connection between two machines.
However, I have to use the same stunnel.pem file on both
the client and the server, which strikes me as dangerous.
Which parts are really needed on the client and server?

Thanks in advance for your help!

Yahoo! Answers - Got a question? Someone out there knows the answer. Try it

More information about the stunnel-users mailing list