[stunnel-users] password protected key in client certificate

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Fri Jul 3 13:12:00 CEST 2015

On Fri, 2015-07-03 11:33:40 +0200, Giona Il Profeta wrote:
> Hi all,
> I have inherited an old stunnel installation, configured for mutual
> authentication (verify=3) and I'm trying to figure out some of the choices
> of the old sysadmin.
> One of the client certificates in the CApath directory has its private key
> encrypted with a password.
> Is the client supposed to provide the password to decrypt the key when it
> connects?

Which CApath?

If it's the one on the client box:  Yes, the client is supposed to
enter the password when stunnel is started.

If it's the one on the server box:  The peer's private key is not used
by stunnel, so no, there is no need for the password.




Ludolf Holzheid
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
Tel: +49 621 33996-0
Fax: +49 621 3392239
mailto:lholzheid at bihl-wiedemann.de
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796

More information about the stunnel-users mailing list