Hi guys, I want to have secure tunnel to my server and also i want only specified clients can connect via the tunnel to the server.
I was reading about mutual authentication but i can't run stunnel using verify=2 or 3 or 4. I confused.
Can you please explain for me what should i do to use 2way ssl connection? how does stunnel use this?
On Sat, 09 Mar 2013 12:06:05 +0330 Sameer Rahmani lxsameer@lxsameer.com wrote:
Hi guys, I want to have secure tunnel to my server and also i want only specified clients can connect via the tunnel to the server.
I was reading about mutual authentication but i can't run stunnel using verify=2 or 3 or 4. I confused.
Can you please explain for me what should i do to use 2way ssl connection? how does stunnel use this?
Hi,
In the client side a service like:
[client] client = yes accept = IP:port connect = IP:port of stunnel server CAfile = xxx.pem <<<--- a pem file where there is the server certificate and the CA certificate verify = 3 <<<--- this verify level will check the server certificate and the CA certificate against CAfile certificates. cert = xxx.pem file where client certificate is stored
[server] client = no accept = IP:port connect = IP:port of service server CAfile = xxx.pem with CA certificate to verify client certificate verify = 2 <<<--- to verify the validity of cient cert against CA but you could use level 3 (as with client) too if I'm not wrong and it is more secure cert = xxx.pem file with server certificate
Also you could add a revocation entry too (CRLfile with serveral ones inside) to avoid older client certificates.
Regards.
-
Javier -
Sameer Rahmani