[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: [stunnel-users] What do I need to provide an SSL service and verify individual clients?
From: John Long <codeblue () inbox ! lv>
Date: 2013-07-22 14:31:11
Message-ID: 20130722143111.GB2307 () inbox ! lv
[Download RAW message or body]
Hi,
I want to set up a service using stunnel as a server. I want only specific
clients to be able to connect. Each client will have an SSL-enabled client
app.
I understand the part about needing to create a self-signed cert for the
stunnel server. I don't understand what Stunnel will require from each
client. Do I have to create CSRs for each client and sign them with my
self-signed cert, or will the keys from additional standalone self-signed
certs for each client be good enough on the client side as long as I have a
cert that for each key in the certificate path of the server?
Is it correct that verify=3 will make sure only clients that have keys
matching the certs in the server cert path can connect?
If a client with a key that I have no cert for tries to connect, what should
happen? Will it time out or will there be an error that the key isn't valid?
Thanks,
/jl
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic