How to configure Stunnel

stunnel /ffp/etc/stunnel/stunnel.conf
cat /ffp/var/lib/stunnel/
cat /ffp/var/lib/stunnel/stunnel.log
#Generate cert file necesar a fi specificat in stunnel.conf (varianta cu windows - preferata):
openssl.exe req -newkey rsa:2048 -x509 -days 3660 -out stunnel-pub.pem -keyout stunnel-key.pem
openssl.exe rsa -in stunnel-key.pem -out stunnel-key-no-pwd.pem -> stergere parola
openssl.exe dhparam 2048 >> stunnel-pub.pem (dhparam -> versiunea noua pt. vechiul parametru gendh)
openssl.exe dhparam 2048 >> stunnel-key-no-pwd.pem
# openssl.exe pkcs12 -export -in stunnel-pub.pem -inkey stunnel-key-no-pwd.pem -name "stunnel" -out stunnel-pwd.p12
cat stunnel-key-no-pwd.pem >> stunnel.cer (stunnel.conf:cert = stunnel.cer)
cat stunnel-pub.pem >> stunnel.cer (stunnel.conf:cert = stunnel.cer)
stunnel /ffp/etc/stunnel/stunnel.conf
Nu e necesar importul stunnel-pub.pem in authorized_keys !
Nu e necesara generarea lui stunnel-pwd.p12 !
#Aplica c_hash fisierelor din /certs (stunnel.conf:CApath = /.../certs) -> alternativa la stunnel.conf:CAfile:
cd /ffp/var/lib/stunnel
/ffp/var/lib/stunnelc_rehash /certs

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.