On Thu, 14 Jun 2012 15:56:37 -0400, Brian Wilkins wrote:
So why not autogenerate it ? What does a key have to do with configurations ? Just use stunnel for your purpose, scrub, and then regenerate every time. Or point the configuration to an encrypted volume ? I am confused.
The key has to reside in a .pem file on disk. .pem files are not encrypted.
Before starting stunnel, I create the .pem from a cert and private key in the windows store. After stunnel is finished starting all of the services in the .conf file I scrub the .pem files.
My reply was to "security reasons"...hmm...just bad excuse. In my case it was the only way I am allowed to use stunnel in the project - otherwise I would have to write a tls wrapper myself.
Brian
On Thu, Jun 14, 2012 at 2:51 PM, Steve Marvin smarvin@pobox.com wrote:
On Thu, 14 Jun 2012 20:40:12 +0200, Pierre DELAAGE wrote:
putting config file in a folder properly protected by permissions set is the best way to do that. I always wonder why some people want to use stunnel without leaving any trace on their (?) server machine: many of those are just trying to open backdoors on systems...
"security reasons"...hmm...just bad excuse.
Some people have a requirement not to have the private key in an unencrypted file on disk. At least my project does.
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users