On Mon, Jul 04, 2005 at 10:49:06AM +1000, Paul Jones wrote:
Hi all,
I understand that in order for Stunnel to find a certificate, it has to be renamed to something like xxxxxx.0 (where xxxxxx is obtained by using the "openssl x509" command on the certificate).
Why is this the case? I read somewhere that this helps Stunnel find the certificate quicker (i.e. Stunnel does not need to look at every certificate file before it knows which one it wants).
Can someone provide me a better explanation please?
Is there any way around this? Renaming the certificate file in such a manner causes confusion when searching for the certificate of a particular client...
This is more related to openssl that stunnel. You can use openssl's c_rehash tool to create the proper symbolic links to all certificates in a directory.