Hi Carter,
thank you. I am trying to use scenario with self-signed certificates exactly like you are using it. Could you please write me some examples of config for server and clients? I don't know where to put private keys and how to set up server for acceptation of certificates from clients only - server must reject all communication without/or with other certificates as are stored in his folder.
thank you in advance
regards, mia
---- Pôvodná správa ---- Od koho: Carter Browne cbrowne@cbcs-usa.com Komu: aaa aaa miamia@inMail.sk Dátum: 8. 6. 2009 15:00:00 Predmet: Re: [stunnel-users] 1 server and more desktops
I do this using self-signed certificates and verify=2 or verify=3. The remote computers would only have the servers public certificate their CAfile (or CApath). The server must have all the remote computers public certificates in its CAfile or CApath. See the rules about how to build those. If you are only using self-signed certificates, you can use verify=3, otherwise you will have to use verify=2. Each port that you want to forward must be in you stunnel.conf file - without knowing what you are trying to do, it is hard to be more specific.
Carter
Carter Browne CBCS cbrowne@cbcs-usa.com 781-721-2890
aaa aaa wrote:
hello Christophe,
thanks for your answer. Sorry for any misunderstanding. Well, I just wanted to ask if it is able to set stunnel for working with more certificates? So it means that I don't want to have secured tunnel between remote and local computer only but also between one remote and many local computers with more certificates? Every local computer should have own certificate.
Is this possible?
thank you.
---- Pôvodná správa ---- Od koho: Christophe Nanteuil christophe.nanteuil@gmail.com Komu: aaa aaa miamia@inmail.sk Dátum: 7. 6. 2009 16:27:00 Predmet: Re: [stunnel-users] 1 server and more desktops
Hello,
Stunnel is an application oriented tunnel, not a machine oriented tunnel. Please, be more precise in your requests if you want someone to be able to help you. It seems also that the stunnel documentation pages are worh reading in your case.
Regards,
-- Christophe
2009/6/7 aaa aaa miamia@inmail.sk:
Hello,
I have one server and 3 desktops (PC1,PC2,PC3). I need to do this:
every pc
should communicate with server with his own certificate and server
should
sends anwser back to the computer encrypted for this one pc only.
Example: PC3 {with server's public key} sends data to server and
server
sends answer to PC3 (encrypted wiht unique PC3's public key). then PC2 {with server's public key} sends data to server and server
sends
answer to PC2 (encrypted wiht unique PC2's public key). and so
on... how
should I configure stunnel for this?
And another question > how should I configure all computers (server, pc1,pc2,pc3) to accept communication over secured stunnel only and
drop all
other unsecured communication?
thank you in advance. regards, Mia
Sutaz s InPage o ceny za viac ako 2000 Euro. Info na www.inpage.sk.
Domena,
webhosting, e-mail a seo od 10 centov/denne.
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Sutaz s InPage o ceny za viac ako 2000 Euro. Info na www.inpage.sk http://www.inpage.sk/. Domena, webhosting, e-mail a seo od 10 centov/denne.
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Sutaz s InPage o ceny za viac ako 2000 Euro. Info na www.inpage.sk http://www.inpage.sk/. Domena, webhosting, e-mail a seo od 10 centov/denne.
----------
Sutaz s InPage o ceny za viac ako 2000 Euro. Info na www.inpage.sk. Domena, webhosting, e-mail a seo od 10 centov/denne.
-
aaa aaa