Is $SUBJECT possible? I use stunnel to connect to my old "smart" switches that don't support modern TLS protocols, ciphers, etc. Recently, their existing certificates all expired, and I tried to install new certificates on all of them, only to discover that they won't accept my new CA certificate, because it was signed with a 3072-bit key. I could go through the trouble of generating a separate CA certificate with a 2048-bit key, sign new certificates with that key, etc., etc., but it starts to seem a bit silly at that point. Far better to simply generate a self-signed certificate for each switch and configure stunnel to only accept that particular certificate (i.e. "pin" it). Is this possible with stunnel? If so, how would I go about configuring it to do this? (Search engines are telling me to use "verify = 4", but stunnel(8) says that option is obsolete.) TIA! -- ======================================================================== If your user interface is intuitive in retrospect ... it isn't intuitive ========================================================================