[stunnel-users] Q: controlled access to service?
Nardmann, Heiko
heiko.nardmann at secunet.com
Wed Jul 13 15:10:34 CEST 2005
Hi,
I want to control access to a through stunnel reachable service. Only those
clients shall be allowed to use the service which provide a known
certificate.
I have found the option "CApath"; can this directory be used to collect all
client certificates? Or is it absolutely necessary to have CA certs there?
Another thing in this environment: I do not know or own every CA certificate
used by the clients - I only get the client certificates itself. So I want to
do only a one-level client cert verification. Which verify level do I need
for this? 2 or 3?
What about removing certificates from the CApath directory? Do I have to
restart stunnel to make this change be effective?
Another thing: since the client certificates are not revoked by us I am not
able to use CRLs for controlling access to our service.
--
Heiko Nardmann (Dipl.-Ing. Technische Informatik)
secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de),
Weidenauer Str. 223-225, D-57076 Siegen
Tel. : +49 271 48950-13, Fax : +49 271 48950-50
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050713/24838b00/attachment.sig>
More information about the stunnel-users
mailing list