[stunnel-users] password protected key in client certificate

Giona Il Profeta gionailprofeta at gmail.com
Fri Jul 3 14:35:36 CEST 2015


Hi Ludolf,

I meant the server's CApath directory (the one configured into
stunnel.conf).

So the client must decrypt its copy of the key, but my stunnel server
doesn't need to know the password, as I supposed.

Thank you

G


2015-07-03 13:12 GMT+02:00 Ludolf Holzheid <lholzheid at bihl-wiedemann.de>:

> On Fri, 2015-07-03 11:33:40 +0200, Giona Il Profeta wrote:
> > Hi all,
> >
> > I have inherited an old stunnel installation, configured for mutual
> > authentication (verify=3) and I'm trying to figure out some of the
> choices
> > of the old sysadmin.
> >
> > One of the client certificates in the CApath directory has its private
> key
> > encrypted with a password.
> >
> > Is the client supposed to provide the password to decrypt the key when it
> > connects?
>
> Which CApath?
>
> If it's the one on the client box:  Yes, the client is supposed to
> enter the password when stunnel is started.
>
> If it's the one on the server box:  The peer's private key is not used
> by stunnel, so no, there is no need for the password.
>
> HTH
>
> Ludolf
>
>
> --
>
> Ludolf Holzheid
>
> Bihl+Wiedemann GmbH
> Floßwörthstraße 41
> 68199 Mannheim, Germany
>
> Tel: +49 621 33996-0
> Fax: +49 621 3392239
>
> mailto:lholzheid at bihl-wiedemann.de
> http://www.bihl-wiedemann.de
>
> Sitz der Gesellschaft: Mannheim
> Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
> Amtsgericht Mannheim, HRB 5796
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150703/54f1febf/attachment.html>


More information about the stunnel-users mailing list