[stunnel-users] Is it usual/recommended to have key and cert in ONE stunnel.pem file?
John Long
codeblue at inbox.lv
Mon Oct 28 18:58:30 CET 2013
On Mon, Oct 28, 2013 at 06:39:15PM +0100, Ben Stover wrote:
> According to some tutorial pages I generated with OpenSSL a (selfsigned) certificate.
>
> This file stunnel.pem contains the certifictae as well as the private key.
>
> Is this usual/recommended?
That sort of falls into the "tragedy waiting to happen" category. The
certificate is supposed to be given to clients, and the key belongs to the
server and has to be kept private or there's really no point in using SSL.
> Or should user put these two parts in two independent files?
Yes, absolutely. In fact I suppose you're using Windows or went through some
hoop-jumping to combine them, because in "normal" OpenSSL usage the key is
generated first and then the certs are requested and signed by the CA (or
selfsigning) key.
/jl
--
ASCII ribbon campaign ( ) Powered by Lemote Fuloong
against HTML e-mail X Loongson MIPS and OpenBSD
and proprietary / \ http://www.mutt.org
attachments / \ Code Blue or Go Home!
Encrypted email preferred PGP Key 2048R/DA65BC04
More information about the stunnel-users
mailing list