Thx for replying, Scott ... how did you handle multiple users on the PC, though? They all shared that cert?
I thought about having a single location and copying to there on user login (from a standard location in a user's home dir, e.g.) ... then firing up stunnel ... but it seems like so much can go wrong, resulting in User B accessing using User A's certificate (because the copy failed, e.g.). And we're leery of exposing User A's cert to User B - especially since stunnel doesn't support encryption of the user's key, right? So the permissions would be a little tricky and maybe fragile.
Seems like there should be a straightforward way to do it, dadnabit!
________________________________
From: Scott Gifford <sgifford(a)suspectclass.com>
To: Bucci, David G
Cc: stunnel-users(a)mirt.net <stunnel-users(a)mirt.net>
Sent: Mon Aug 30 17:41:09 2010
Subject: EXTERNAL: Re: [stunnel-users] Individual user certs for each person who uses Windows PC
On Mon, Aug 30, 2010 at 3:41 PM, Bucci, David G <david.g.bucci(a)lmco.com<mailto:david.g.bucci@lmco.com>> wrote:
[ ... ]
I've tried using envvars in the stunnel.conf (e.g., cert = %USERPROFILE%\usercert.pem), tried adjusting the command line to include "-p %USERPROFILE%\usercert.pem" as an option ...
We implemented something similar by simply making a "C:\stunnel" directory on each PC, naming the certificate the same thing on all machines, then hardcoding that path into the stunnel configuration (e.g. "C:\stunnel\usercert.pem"). Not quite as nice as %USERPROFILE%\usercert.pem, but it worked. :-)
Hope this is helpful,
----Scott.