Hi, I am tasked to make stunnel work in our organization but a newbie I seem not to be able to follow the instructions for installation. can you help me out? plan to install this on our servers that will cater to oracle / mssql in transit data encryption. how do I know if im installing on a client or a server? will this work standalone (server will act as server and client too). how will this be configured.
Why would you need stunnel to be client and server? It's an SSL terminator....
Look in the how to for the client = no setting, this indicates client or not.
Regards
Stewart stuson_2000@yahoo.co.uk On 23 September 2024 08:02:13 ajbguinto--- via stunnel-users stunnel-users@stunnel.org wrote:
Hi, I am tasked to make stunnel work in our organization but a newbie I seem not to be able to follow the instructions for installation. can you help me out? plan to install this on our servers that will cater to oracle / mssql in transit data encryption. how do I know if im installing on a client or a server? will this work standalone (server will act as server and client too). how will this be configured. _______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
Noted on this. So, it means there has to be one "server" and can have multiple clients (server) that will connect to it? Am I correct? what we want to achieve is a one server one client communication. example. we have an oracle db server and 4 web services. who would we setup stunnel on this?
Yes you can have multiple clients connecting to a server service (AFAIK). You'd just need to ensure that the server knows about all the cert for the clients to connect with.
I think that means you need to specify all the public keys in a combined file or specify the CA folder.
I set mine up as separate services so I have fragment config files for each connecting client. I felt it was more organised that way and I want to be able to remove a single client if I need to.
You suggested in your OP that the DB and web services are on the same box. This doesn't seem to be something that I'd bother implementing stunnel for, given it's purpose is to encrypt traffic, your only encrypting on the same box with unencrypted traffic just going through stunnel on the same machine?
Regards
Stewart stuson_2000@yahoo.co.uk On 24 September 2024 06:27:54 ajbguinto--- via stunnel-users stunnel-users@stunnel.org wrote:
Noted on this. So, it means there has to be one "server" and can have multiple clients (server) that will connect to it? Am I correct? what we want to achieve is a one server one client communication. example. we have an oracle db server and 4 web services. who would we setup stunnel on this? _______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
Thanks for taking time for this.
since were still testing and making it work, is it ok to use a local ssl of the for it to work?
Thanks
Yeah sure, you mean a self signed cert?
Stunnel doesn't care, your security team, might.
Regards
Stewart stuson_2000@yahoo.co.uk On 30 September 2024 03:26:55 ajbguinto--- via stunnel-users stunnel-users@stunnel.org wrote:
Thanks for taking time for this.
since were still testing and making it work, is it ok to use a local ssl of the for it to work?
Thanks _______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
-
ajbguinto@yahoo.com -
Stewart Anderson