Algol Tradent wrote:
Here are the configs I've used. I must point out that I use certificates in both the client and server for authentication. Hence verify=3 in the config.
======= SERVER =======
;---------------------------------------------------- ;-- SERVER OPTIONS ;----------------------------------------------------
;select data compression algorithm compression = zlib
; Enable Taskbar icon taskbar = yes
; Some performance tunings ; turn off the Nagle algorithm for local sockets ; turn off the Nagle algorithm for remote sockets socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
[TServ]
;Certificate Authority file CAfile = CAcert.pem
;Certificate Authority directory CApath = certificates
;certificate chain PEM file name ;required in server mode cert = server.pem
;client mode - no (server mode) client = no
;level 3 - verify peer with locally installed certificate verify = 3
accept = 50000 connect = 127.0.0.1:3389
======= CLIENT =======
;---------------------------------------------------- ; GLOBAL OPTIONS ;----------------------------------------------------
;Logging Options debug = 7 output = stunnel.log
; Some performance tunings ; turn off the Nagle algorithm for local sockets ; turn off the Nagle algorithm for remote sockets socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
;---------------------------------------------------- ; SERVICE-LEVEL OPTIONS ;---------------------------------------------------- [tserver] accept = 127.0.0.1:50000 connect = <my_server_IP>:50000
;Server mode or Client mode ;Yes=Client mode client = yes
;Certificate Authority file CAfile = CAcert.pem
;Certificate Authority directory CApath = certificates
;certificate chain PEM file name cert = client.pem
;verify peer certificate ;level 3 - verify peer with locally installed certificate verify = 3
;Select permitted SSL ciphers ':' delimited list ciphers = AES256-SHA
--- Frank Garber garberfc@coolsite.net wrote:
<snip />
I had a question about your setting: ;Certificate Authority directory CApath = certificates
Where does your 'certificates' directory live in relation to the stunnel.conf file?
Did you create the server.pem, client.pem and CAcert.pem file your self? Are any of these files the same files or all different?
Thanks for the help,
Frank