[stunnel-users] Certificates and public/private keys

• Previous message (by thread): [stunnel-users] Certificates and public/private keys
• Next message (by thread): [stunnel-users] Preferred way to start stunnel @boot time
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Il giorno 27/giu/07, alle ore 13:38, Dario Teixeira ha scritto:

> Thanks for the reply!  I didn't mention it before, but I won't be  
> using
> Apache or any other mainstream webserver.  Most likely I will be using
> Ocsigen (http://www.ocsigen.org/).  Now, the latest development  
> release
> of Ocsigen already has basic support for SSL, but it can't handle yet
> client authentication.  In short, I am still looking for an stunnel- 
> based
> solution.  Any ideas?

You can generate a certificate (and his private key) for every  
client, put the public cert in the CApath of the server, and set  
verify=3.
In every CApath you must have:
- the pub cert of the CA that issues the certs
- the pub cert of the OTHER hosts which you will establish a  
connection (so, in the server CApath you will find the client certs,  
and viceversa).
Then you do a c_rehash.

With this setup, i don't know if it will work with the ssl provided  
by the browser, or you must install stunnel also on the server side,  
but i think that accepting the cert on the browser will work for you.

Bye, dario.

• Previous message (by thread): [stunnel-users] Certificates and public/private keys
• Next message (by thread): [stunnel-users] Preferred way to start stunnel @boot time
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]