![]() Server: pid = /var/run/stunnel/server.pidĬert = /opt/quasar/cert/certs/stunnels/server.pem What I am trying to do is to use a stunnel client and with verify 3 it authenticates the user based on the certificate.Ĭlient: cert = /stunnel/client_Access_stunnel.pemĬAfile = /stunnel/client_Access_stunnel.pem The peer-certificate.pem file needs to contain the server certificate.I have 2x stunnels linux based, 1 server, 1 client. The following configuration requires stunnel version 4.46 or higher: The ca-certs.pem file contains the certificates of trusted certificate authorities.Īlternatively, a technique known as certificate pinning can be used. The following configuration requires stunnel 5.15 or later: Stunnel can use an existing PKI (Public Key Infrastructure). The "key" option may be omitted if cert.pem also contains the private key. A certificate can also be purchased from one of the available commercial certificate authorities. On Unix platforms, a certificate can be built with "make cert". The Windows installer of stunnel automatically builds a certificate. Unless PSK authentication is configured, each stunnel server needs a certificate with the corresponding private key. The advantage of this configuration is that it does not require individual secrets for each of the clients. Certificatesįor simplicity, this tutorial only covers server authentication. Otherwise, all the clients sharing the same key will have to be reconfigured if the key is compromised. The psk1.txt file only needs a single line: test1:oaP4EishaeSaishei6rio6xeeph3azĮach client needs a separate secret. The psk.txt file contains one line for each client: test1:oaP4EishaeSaishei6rio6xeeph3az Server ConfigurationĪ trivial configuration example: PSK authentication requires stunnel version 5.09 or higher. PSK is also the fastest TLS authentication. It provides both client and server authentication. ![]() The easiest way to configure authentication is with PSK (Pre-Shared Key). Client authentication allows for restricting access for individual clients (access control).Server authentication prevents Man-In-The-Middle (MITM) attacks on the encryption protocol.Either the TLS client, the TLS server, or both need to be authenticated:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |