I have a normal TCP server which listenning to 192.168.1.4:4433 address. the client (192.168.1.5) will connect with the serveur via Port serie .I want to make a root certificate CA, which will generate 2 pairs ( key + certificate) one for the server and one for the client. 1-Root certificate : CA 2-Key + certificate:for the Client 3-Key + certificate:for the Server I do not know how to configure the SSL elements in Stunnel, I am using Windows XP.
My config: Stunnel.config for the server:
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
output = stunnel.log
; Authentication stuff verify = 1
; It's often easier to use CAfile CAfile = ca.pem cert = stunnel.pem debug = 7 ;foreground=yes client = no [server] accept = 4433 connect = 192.168.1.4:4433
But doesn't work :(
thanks,
KHALED Khaled
Ingénieur de télécommunications et informatique
> Date: Tue, 8 Jan 2008 10:29:19 -0800 > From: bri@stunnel.org > To: kkhaled@hotmail.fr > CC: stunnel-users@mirt.net; stunnel-users-owner@mirt.net > Subject: Re: [stunnel-users] TCP (Server / Client) > > Sometime near 2008-01-08 10:30 +0100, khaled khaled harangued: > > > I am a new STUNNEL user,I will do 2 secure sockets TCP (Server / Client). I > > would like to know how to set 'stunnel.conf. I tried but it does not work. > > You need to be more clear about > > 1) what IP/Port you want to accept on > 2) if you're accepting cleartext or ssl > > 3) what IP/Port you want to connect to (or prrogam to launch) > 4) if you're sending cleartext or ssl > (this should be the opposite of #2 above) > > > cert = server.crt > > key = serverkey.key > > CAfile = ca.crt > > accept = 192.168.1.4:4433 > > connect = 192.168.1.4:4433 > > You have stunnel accepting connections and send them to itself. > While a recursive loop may be fun, I doubt it's what you > actually wanted. > > > -- > Brian Hatch Friends come and go, > Systems and but enemies accumulate. > Security Engineer > http://www.ifokr.org/bri/ > > Every message PGP signed
KHALED Khaled