[stunnel-users] your mail

Brian Hatch bri at stunnel.org
Thu Jan 10 00:58:11 CET 2008


At more or less 2008-01-09 18:09 +0100, khaled45 at free.fr squalked:

> ; It's often easier to use CAfile
> CAfile = ca.pem
> cert = userkey.pem
> debug = 7
> client = no
> [apache]
> accept  = 4433
> connect = 192.168.1.4:433

I'd suggest using the full path for your pem files above, just to be
safe.

Can you shoot the public keys of the client (which is not on this
machine) and the ca.pem and the public key from userkey.pem (which
is actually the server's key - you may wish to rename.)

There are three pems involved:

	* the CA key (private) and cert (public) in ca.pem
	* the stunnel server's key (private) and cert (public)  in
	  userkey.pem.  ('userkey' is a bad name here.)
	* the client's key (private) and cert (public) on 192.168.1.5.

Can you send the public parts here so I can verify that they're signed
by the appropritate folks?


-- 
Brian Hatch                  "Everybody's cute!
   Systems and                Everybody's cute!
   Security Engineer          Even me.  But in
http://www.ifokr.org/bri/     purple I'm stunning!"

Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080109/bf9d5ca6/attachment.sig>


More information about the stunnel-users mailing list