On Tue, 14 Feb 2006, Anthony Cicalla wrote:
Ok my question is from above it says to create one syslog-ng-client.pem file per client. 1)Do the names for each of these need to remain syslog-ng-client.pem or can they have names that reflect the host that they are on? 2) if they all need to keep that name do just move the client file to one client/host and then delete it from the server then move on to create the next?
You might want to check the configuration file manpage: http://www.stunnel.org/faq/stunnel.html#configuration_file
There you will find:
cert = pemfile certificate chain PEM file name
A PEM is always needed in server mode. Specifying this flag in client mode will use this certificate chain as a client side certificate chain. Using client side certs is optional. The certificates must be in PEM format and must be sorted starting with the certificate to the highest level (root CA).
and as things go with files you can give them any name you so desire as long as the filename and the name in the configuration directive that needs it are equal.
If your question is about the naming on the server-side and you want to use the CApath directive for verification of client certificates, naming is not relevant but this is:
" This is the directory in which stunnel will look for certificates when using the verify. Note that the certificates in this directory should be named XXXXXXXX.0 where XXXXXXXX is the hash value of the cert. "
Hope this helps.
Jan