Hi, I'm new to stunnel. And I'm trying to configure a server that accepts TCP sockets connections only from clients that have a pre-shared certificate. Looking at the online documentation I found the verifyPeer option, but it is described to be used on client side. Trying to use it on server side I achieved my goal but only if the client has the whole certificate (private + public). My question is: Can I obtain in some way the same result sharing only the public part of the certificate? Currently I'm using a configuration like this one (skipping the accept and connect options): [Server] cert=wholeCert.pem verifyPeer=yes [Client] cert=wholeCert.pem verifyPeer=yes CAFile=wholeCert.pem and I'm looking for something like: [Server] cert=wholeCert.pem verifyPeer=yes [Client] verifyPeer=yes CAFile=publicCert.pem If I try this second option the server refuses the connection in handshake phase saying that the client didn't provide any certificate. Is there a way to achieve this? Thank you.