[stunnel-users] Mutual Authentication
Javier
meresponde2001-stn at yahoo.es
Mon Mar 11 18:33:04 CET 2013
On Sat, 09 Mar 2013 12:06:05 +0330
Sameer Rahmani <lxsameer at lxsameer.com> wrote:
> Hi guys,
> I want to have secure tunnel to my server and also i want only specified
> clients can connect via the tunnel to the server.
>
> I was reading about mutual authentication but i can't run stunnel using
> verify=2 or 3 or 4. I confused.
>
> Can you please explain for me what should i do to use 2way ssl
> connection? how does stunnel use this?
Hi,
In the client side a service like:
[client]
client = yes
accept = IP:port
connect = IP:port of stunnel server
CAfile = xxx.pem <<<--- a pem file where there is the server
certificate and the CA certificate
verify = 3 <<<--- this verify level will check the server
certificate and the CA certificate against CAfile certificates.
cert = xxx.pem file where client certificate is stored
[server]
client = no
accept = IP:port
connect = IP:port of service server
CAfile = xxx.pem with CA certificate to verify client certificate
verify = 2 <<<--- to verify the validity of cient cert against CA
but you could use level 3 (as with client) too if I'm not wrong and
it is more secure
cert = xxx.pem file with server certificate
Also you could add a revocation entry too (CRLfile with serveral
ones inside) to avoid older client certificates.
Regards.
More information about the stunnel-users
mailing list