On Tue, 22 Feb 2005, Bohdan Linda wrote:
CAfile = /etc/certificates/certs -file where first item is my CA certificate followed by list of all client certificates sgined by my CA.
I use the CApath = directory directive for my client certificates. The client certificates are pointed to by hashed symlinks. Also makes it a lot easier to remove a client certificate if you want to revoke access to your stunnel for that particular certificate.
cert = /etc/certificates/server.pem chroot = /var/run/stunnel/ CAfile = /etc/certificates/CA/cacert.pem - only certificate of my CA CRLfile = /etc/certificates/crls - only certificates signed by my CA
CRL file is *not* 'only certificates signed by my CA', it stands for: do not let any certificates *revoked* by my CA in.
Jan