Hi, all - I've searched, but can't find any answer on this. Is it possible to configure stunnel with client certificates on, and in such a way that individual users who logon have their own individual certificate used?
I've tried using envvars in the stunnel.conf (e.g., cert = %USERPROFILE%\usercert.pem), tried adjusting the command line to include "-p %USERPROFILE%\usercert.pem" as an option ... the closest I've been able to think of (and it's a pretty blunt sword) is to create individual services, one per user and listening on different ports, then having each user access a different URL (well, different port#) ...
I would prefer this all work when running as a Windows service, but if it's necessary to train the users to hit a start menu entry or something (e.g., if there's a way to do it using envvars on command line parameters), then the world probably won't end ...
This is on Windows, but I'd also appreciate knowing how to do the same on Linux.
Thx!
---- David G. Bucci
When Dr. Bruce Banner becomes angry, he changes into the Incredible Hulk; when the Incredible Hulk becomes angry, he changes into Chuck Norris. -- ChuckNorrisFacts.com
On Mon, Aug 30, 2010 at 3:41 PM, Bucci, David G david.g.bucci@lmco.comwrote: [ ... ]
I've tried using envvars in the stunnel.conf (e.g., cert = %USERPROFILE%\usercert.pem), tried adjusting the command line to include "-p %USERPROFILE%\usercert.pem" as an option ...
We implemented something similar by simply making a "C:\stunnel" directory on each PC, naming the certificate the same thing on all machines, then hardcoding that path into the stunnel configuration (e.g. "C:\stunnel\usercert.pem"). Not quite as nice as %USERPROFILE%\usercert.pem, but it worked. :-)
Hope this is helpful,
----Scott.
-
Bucci, David G -
Scott Gifford