[stunnel-users] Stunnel and configuration
Michal Trojnara
Michal.Trojnara at mobi-com.net
Tue Feb 22 17:03:01 CET 2005
Bohdan Linda wrote:
> In other words, is it safe to use together:
> CAfile=/path/to/my/cacert.pem
> CApath=/path/to/only/clientcerts
Yes.
> Does not one override other?
No.
> Do you have your cacert.pem symlinked in
> your CApath?
No.
> And lastly as CApath is within chroot, what is the impact
> if certificates stored in are "stolen" by successfull break-in?
Certificates are public, so there's no additional impact.
What you need to protect is your private key.
Best regards,
Mike
More information about the stunnel-users
mailing list