Because the same certificate is distributed with all the installation files, using this certificate in a production environment would be insecure because everyone would have your key. The installation files come with a default certificate and key, combined into a single file called stunnel.pem. Stunnel requires a server certificate and private encryption key for the SSL encryption to function. Restart Stunnel on the server and verify that everything is still working properly.Īfter you have verified that you can receive the encrypted syslog messages, you will need to generate a new server certificate and private key to replace the default one. Replace the original stunnel.pem with the newly created stunnel.pem certificate in the Stunnel directory. pem file that stunnel will use by entering the following command: copy server.crt+server.key stunnel.pem (for linux cp server.crt stunnel.pem then cat server.key > stunnel.pem will also work, the files are both plain text files). 5įinally, combine the certificate and key file into a single. 4Įnter openssl x509 -req -in server.csr -signkey server.key -out server.crt to generate the server certificate. You will be required to enter the pass phrase to complete this step. 3Įnter openssl rsa -in server.key -out server.key to remove the pass phrase from the server key.
You will be required to enter the previously assigned pass phrase and answer several prompts with regional information such as your state, country, and company name. 2Įnter openssl req -new -key server.key -out server.csr to generate a certificate signing request. You will be prompted for a pass phrase and it will then generate an initial server key. Use these commands to generate a new server certificate: openssl genrsa –des3 –out server.key 1024. OpenSSL should already be installed and working or you wouldn't have been able to get this far.
The simplest way of generating the new certificate and key is by using the OpenSSL package. You need to generate a new certificate and key file for use on the server (you do not need to do this on the client host). Because the same certificate is distributed with all of the installation files, using this certificate in a production environment would be insecure because everyone would have your key. You still need to generate a new server certificate and private key to replace the default key you are using now. Add the following text to the file and save the file:Īfter you have verified that you can send and receive your Netcat session over the encrypted Stunnel link, you have only completed the testing phase of the Stunnel implementation. The source files (to be used on Linux) can be downloaded from Pre-compiled binary files (for use on Windows) can be downloaded from 3Ĭreate a Stunnel configuration file called /etc/stunnel/nf.
#VPN WITH STUNNEL INSTALL#
If OpenSSL is not already installed on your system, download and install OpenSSL. If Stunnel does not come pre-installed on your Linux distribution, then download and install Stunnel from 2 Follow these steps to configure Stunnel on the Linux host. This should give you a feel for the operation of Stunnel on both operating systems.
#VPN WITH STUNNEL WINDOWS#
To demonstrate the operation of Stunnel on both Windows and Linux, we will be using a Linux host as the Netcat client and a Windows host as the Netcat server. In this case, OpenSSL is used to create an encrypted tunnel. Stunnel doesn't contain any cryptographic code, but instead uses external libraries to perform the encryption. Stunnel is perhaps the most widely used tool for encapsulating arbitrary data in an encrypted tunnel.
0 kommentar(er)
