RagManX
Apprentice
Joined: 13 Jul 2002
Posts: 220
Location: Tennessee
|
 Posted: Mon Nov 18, 2002 8:42 pm Post subject: Generating/using an stunnel certificate file (stunnel.pem) |
 |
|
I am nearing completion on installing a set of gentoo servers for an IDS project at work. During the install, I've gotten to the point where I need to set up stunnel to deliver encrypted traffic from my sensors to my console. After running an emerge on stunnel, I find that it does not come with a sample stunnel.pem nor information on how to generate one. So, googling a bit, I find information on creating the .pem file at stunnel.org. On gentoo, however, things have to be changed just a little. Here is the command I used to generate my .pem file (all one command - ignore line wraps).
| Code: | | openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf -out stunnel.pem -keyout stunnel.pem |
Note that you will need to find your openssl.cnf file. I used:
| Code: | updatedb
locate cnf |
to find mine. There are a few cnf files that show up, but this one has everything necessary to start the x509 settings "interview" which is necessary to get a proper stunnel.pem file (location, organization, etc.).
Once this file is created, copy it to wherever you want to keep it, and do a:
| Code: | | chmod 600 /path/to/stunnel.pem |
to protect it from malicious mangling. Finally, in your /etc/stunnel.conf file, make sure to add:
| Code: | | cert=/path/to/stunnel.pem |
so your instance of stunnel knows where its keyfile is.
Hopefully, that's of use to someone and will save you the time I spent trying to figure this all out.
EDIT:Noted that first command is one line, regardless of word-wrap.
RagManX
_________________
http://www.gamingideas.com/ - an open discussion site for game improvement and new game ideas |
|
Documentation, Tips & Tricks
