[stunnel-users] Mutual Authentication

Javier meresponde2001-stn at yahoo.es
Mon Mar 11 18:33:04 CET 2013

On Sat, 09 Mar 2013 12:06:05 +0330
Sameer Rahmani <lxsameer at lxsameer.com> wrote:

> Hi guys,
> I want to have secure tunnel to my server and also i want only specified 
> clients can connect via the tunnel to the server.
> I was reading about mutual authentication but i can't run stunnel using 
> verify=2 or 3 or 4. I confused.
> Can you please explain for me what should i do to use 2way ssl 
> connection?  how does stunnel use this?


In the client side a service like:

client = yes
accept = IP:port
connect = IP:port of stunnel server
CAfile = xxx.pem <<<--- a pem file where there is the server 
certificate and the CA certificate
verify = 3 <<<--- this verify level will check the server 
certificate and the CA certificate against CAfile certificates.
cert = xxx.pem file where client certificate is stored

client = no
accept = IP:port
connect = IP:port of service server
CAfile = xxx.pem with CA certificate to verify client certificate
verify = 2 <<<--- to verify the validity of cient cert against CA 
but you could use level 3 (as with client) too if I'm not wrong and 
it is more secure
cert = xxx.pem file with server certificate

Also you could add a revocation entry too (CRLfile with serveral 
ones inside) to avoid older client certificates.


More information about the stunnel-users mailing list