[stunnel-users] Confusion regarding part of stunnel.conf
Ludolf Holzheid
lholzheid at bihl-wiedemann.de
Thu Feb 10 18:29:08 CET 2011
On Thu, 2011-02-10 10:28:42 -0600, Dave wrote:
>
> [..]
>
> If I set the verify level to 3 and try to start stunnel, it won't
> start and says:
>
> "Either CApath or CAfile has to be used for authentication"
>
> If I have a self-signed cert, what needs to be in this file for things to
> work? I guess perhaps I am unsure how to locally install my cert? I thought
> it was already, as it's defined elsewhere in the config (cert = ....)?
Dave,
o cert= defines the certificate (and public key) to be presented to
the other end of the tunnel.
o key= defines the private key to be used for decryption (and thus
has to match the public key given in cert=)
o CApath= and CAfile= define the location of certificates of CAs
and/or valid peers.
That is, the location of _your_ keys and certificate is given by cert=
and key=. The location of the _CA_ certificate (verify level=2) or the
certificates of the _peers_ (verify level=3) is given by CApath= or
CAfile=.
You install a certificate of a valid peer by copying it to the
directory given by CApath= and run c_rehash on this directory, or by
appending it to the file given by CAfile=.
HTH,
Ludolf
--
---------------------------------------------------------------
Ludolf Holzheid Tel: +49 621 339960
Bihl+Wiedemann GmbH Fax: +49 621 3392239
Floßwörthstraße 41 e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------
More information about the stunnel-users
mailing list