-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Montag 14 Februar 2005 08:52, Zohar wrote:
Hi, I'm very new to all this issue of SSL, so I apologize if this question sounds stupid. I currently have a server that listens to connections on a TCP port. Clients that connect to it may do so using SSL v3 (mobile clients, which use their own SSL packages, so I have very little control over it). I want to add stunnel to my server's setting, to enable SSL communication. I have no need for the client to authenticate the server, I am only interested in the data being encrypted. I tried setting this up, but the client complains that my server certificate cannot be authenticated (I produced it using http://www.stunnel.org/pem/). Any pointers on how to set such a thing up (even for the time being, while I develop), without having to pay lots of money to a CA ?
The server certificate has to be added to the clients trustbase, i.e. the client has to be configured to accept your (probably) self-signed server certificate. This has to be done for each client.
- -- Heiko Nardmann (Dipl.-Ing. Technische Informatik) secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de), Weidenauer Str. 223-225, D-57076 Siegen Tel. : +49 271 48950-13, Fax : +49 271 48950-50
Besuchen Sie uns vom 10. - 16. März auf der CeBIT 2005 in Halle 7, Stand D38.
Informationen zu unseren CeBIT-Themen finden Sie unter www.secunet.com outbind://44/www.secunet.com - wir freuen uns auf das Gespräch mit Ihnen.