Stunnel can (and does during installation) generate a self-signed one.
This config uses stunnel.pem ( PEM file format). I have added the CA certificate to the client_Access_stunnel. To set up an encrypted connection, you need a certificate.Server: pid = /var/run/stunnel/server.pidĬert = /opt/quasar/cert/certs/stunnels/server.pem What I am trying to do is to use a stunnel client and with verify 3 it authenticates the user based on the certificate.Ĭlient: cert = /stunnel/client_Access_stunnel.pemĬAfile = /stunnel/client_Access_stunnel.pem This is for a home server, and I’m wrapping several services through port 443 using stunnel to and sslh to direct the connections to the appropriate server (this means the logs have to be reconstructed to identify the real source, but it works well for my needs).I have 2x stunnels linux based, 1 server, 1 client. I also added that to the startup script for stunnel to prevent issues in the future. On startup, stunnel complains that the keys are globally readable, so I did a ‘chmod 600’ on them. etc/nf: cert=/etc/letsencrypt/live//fullchain.pem It would be great if the client would automatically do some or all of this automatically like it does for Apache. I’ll share here some of the things I did, but I’m also interested in any other suggestions. I had to fight a good bit with my stunnel configuration to use the letsencrypt certificate and get reasonable security.
0 kommentar(er)
