[stunnel-users] Individual user certs for each person who uses Windows PC

Bucci, David G david.g.bucci at lmco.com
Tue Aug 31 00:54:14 CEST 2010


Thx for replying, Scott ... how did you handle multiple users on the PC, though? They all shared that cert?

I thought about having a single location and copying to there on user login (from a standard location in a user's home dir, e.g.) ... then firing up stunnel ... but it seems like so much can go wrong, resulting in User B accessing using User A's certificate (because the copy failed, e.g.). And we're leery of exposing User A's cert to User B - especially since stunnel doesn't support encryption of the user's key, right? So the permissions would be a little tricky and maybe fragile.

Seems like there should be a straightforward way to do it, dadnabit!

________________________________
From: Scott Gifford <sgifford at suspectclass.com>
To: Bucci, David G
Cc: stunnel-users at mirt.net <stunnel-users at mirt.net>
Sent: Mon Aug 30 17:41:09 2010
Subject: EXTERNAL: Re: [stunnel-users] Individual user certs for each person who uses Windows PC

On Mon, Aug 30, 2010 at 3:41 PM, Bucci, David G <david.g.bucci at lmco.com<mailto:david.g.bucci at lmco.com>> wrote:
[ ... ]
I've tried using envvars in the stunnel.conf (e.g., cert = %USERPROFILE%\usercert.pem), tried adjusting the command line to include "-p %USERPROFILE%\usercert.pem" as an option ...

We implemented something similar by simply making a "C:\stunnel" directory on each PC, naming the certificate the same thing on all machines, then hardcoding that path into the stunnel configuration (e.g. "C:\stunnel\usercert.pem").  Not quite as nice as %USERPROFILE%\usercert.pem, but it worked.  :-)

Hope this is helpful,

----Scott.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20100830/0e78c478/attachment.html>


More information about the stunnel-users mailing list