Hi
I am trying to see if I can get stunnel to authenticate using a client certificate towards a F5 setup - but I am having trouble getting it to work.
Certificates are issued froma Microsoft PKI - where the F5 checks validity via an OCSP responder.
In my stunnel config file, I have:
[F5Cert] client=yes accept = 127.0.0.1:1598 connect = F5test.xxx.dk:443 delay = yes CAFile = GlobalSign-cert-Chain.pem Cert = BaaSClientCertificatePlain.pem key = BaaSClientCertificatePlain.key verify = 2
In the CAFile, I have the root CA and issuing certificate from GlobalSign - which have created the SSL certificate being used on the F5 (server side).
Cert and Key points to the certificate and private key from my internal Microsoft based PKI.. But should the certificate chain from my internal PKI be listed somewhere as well ?
Is this the way to do it - and is stunnel capable of handling client certificate validation ?
Regards Brian