[stunnel-users] Certificates and public/private keys

Abstract thikrat at gmail.com
Wed Jun 27 00:33:44 CEST 2007

I understand a certain piece of it like this.

In the stunnel.pem exists a certificate and that is what you copy over
into the stunnel server, so it allows those clients with specific
certs to connect only.

Now, i am not sure how stuff is encrypted and that is where i get
confused.  Is this some sort of SSL like handshake where the keys are
exchanged behind the scenes or something like that?  If the key exists
only on the client and only on the server, how does the encryption /
decryption work?

On 6/26/07, Dario Teixeira <darioteixeira at yahoo.com> wrote:
> Dear Stunnel users,
> I have a webserver running on a machine behind a firewall.
> I can easily punch a hole on the firewall, allowing any
> user on the Internet to access the webserver.  However,
> I want to restrict access *only* to some people, those in
> possession of a secret key.
> At first sight, this seems like a job for plain ssh
> tunneling rather than stunnel, but as far as I understand
> it, ssh tunnels require that the connecting users have an
> account on the server machine.  That won't happen here.
> It seems that stunnel is therefore more appropriate for
> this particular problem.
> Now, the port forwarding mechanics seem similar to those
> in ssh.  I have no problems understanding those.  The only
> problems I am having are figuring out the generation
> of keys.  My excuses if I am using a terminology based on
> ssh or if I am way off about the capabilities of stunnel,
> but how can I generate the server's private and public
> keys? (the latter to be handed out to the clients)
> I have followed the instructions in the README.Debian file
> that accompanies the Debian stunnel4 package to produce
> a stunnel.pem certificate.  With it, I have successfully
> established a stunnel connection between two machines.
> However, I have to use the same stunnel.pem file on both
> the client and the server, which strikes me as dangerous.
> Which parts are really needed on the client and server?
> Thanks in advance for your help!
> Cheers,
> Dario
>       ___________________________________________________________
> Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
> now.
> http://uk.answers.yahoo.com/
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users

More information about the stunnel-users mailing list