[stunnel-users] password protected key in client certificate
Giona Il Profeta
gionailprofeta at gmail.com
Fri Jul 3 14:35:36 CEST 2015
I meant the server's CApath directory (the one configured into
So the client must decrypt its copy of the key, but my stunnel server
doesn't need to know the password, as I supposed.
2015-07-03 13:12 GMT+02:00 Ludolf Holzheid <lholzheid at bihl-wiedemann.de>:
> On Fri, 2015-07-03 11:33:40 +0200, Giona Il Profeta wrote:
> > Hi all,
> > I have inherited an old stunnel installation, configured for mutual
> > authentication (verify=3) and I'm trying to figure out some of the
> > of the old sysadmin.
> > One of the client certificates in the CApath directory has its private
> > encrypted with a password.
> > Is the client supposed to provide the password to decrypt the key when it
> > connects?
> Which CApath?
> If it's the one on the client box: Yes, the client is supposed to
> enter the password when stunnel is started.
> If it's the one on the server box: The peer's private key is not used
> by stunnel, so no, there is no need for the password.
> Ludolf Holzheid
> Bihl+Wiedemann GmbH
> Floßwörthstraße 41
> 68199 Mannheim, Germany
> Tel: +49 621 33996-0
> Fax: +49 621 3392239
> mailto:lholzheid at bihl-wiedemann.de
> Sitz der Gesellschaft: Mannheim
> Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
> Amtsgericht Mannheim, HRB 5796
> stunnel-users mailing list
> stunnel-users at stunnel.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users