https://www.stunnel.org/howto.html
https://www.stunnel.org/static/stunnel.html
http://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
https://support.ssl.com/index.php?/Knowledgebase/Article/View/19

stunnel /ffp/etc/stunnel/stunnel.conf
cat /ffp/var/lib/stunnel/stunnel.pid
cat /ffp/var/lib/stunnel/stunnel.log
#Generate cert file necesar a fi specificat in stunnel.conf (varianta cu windows - preferata):
openssl.exe req -newkey rsa:2048 -x509 -days 3660 -out stunnel-pub.pem -keyout stunnel-key.pem
openssl.exe rsa -in stunnel-key.pem -out stunnel-key-no-pwd.pem -> stergere parola
openssl.exe dhparam 2048 >> stunnel-pub.pem (dhparam -> versiunea noua pt. vechiul parametru gendh)
openssl.exe dhparam 2048 >> stunnel-key-no-pwd.pem
# openssl.exe pkcs12 -export -in stunnel-pub.pem -inkey stunnel-key-no-pwd.pem -name "stunnel" -out stunnel-pwd.p12
cat stunnel-key-no-pwd.pem >> stunnel.cer (stunnel.conf:cert = stunnel.cer)
cat stunnel-pub.pem >> stunnel.cer (stunnel.conf:cert = stunnel.cer)
stunnel /ffp/etc/stunnel/stunnel.conf
Nu e necesar importul stunnel-pub.pem in authorized_keys !
Nu e necesara generarea lui stunnel-pwd.p12 !
#Aplica c_hash fisierelor din /certs (stunnel.conf:CApath = /.../certs) -> alternativa la stunnel.conf:CAfile:
cd /ffp/var/lib/stunnel
/ffp/var/lib/stunnelc_rehash /certs