Re: [stunnel-users] Certificates and public/private keys
This is a discussion on Re: [stunnel-users] Certificates and public/private keys within the Stunnel Users forums, part of the Networking and Network Related category; Il giorno 27/giu/07, alle ore 13:38, Dario Teixeira ha scritto: > Thanks for the reply! I didn'...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-28-2007
|
|||
|
|||
Re: [stunnel-users] Certificates and public/private keys
Il giorno 27/giu/07, alle ore 13:38, Dario Teixeira ha scritto:
> Thanks for the reply! I didn't mention it before, but I won't be > using > Apache or any other mainstream webserver. Most likely I will be using > Ocsigen (http://www.ocsigen.org/). Now, the latest development > release > of Ocsigen already has basic support for SSL, but it can't handle yet > client authentication. In short, I am still looking for an stunnel- > based > solution. Any ideas? You can generate a certificate (and his private key) for every client, put the public cert in the CApath of the server, and set verify=3. In every CApath you must have: - the pub cert of the CA that issues the certs - the pub cert of the OTHER hosts which you will establish a connection (so, in the server CApath you will find the client certs, and viceversa). Then you do a c_rehash. With this setup, i don't know if it will work with the ssl provided by the browser, or you must install stunnel also on the server side, but i think that accepting the cert on the browser will work for you. Bye, dario. _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users 
|
Linear Mode
