OrganizationalUnitName = Organizational Unit Name (eg, section)Ġ.commonName = Common Name (FQDN of your server) StateOrProvinceName = State or Province Name (full name)Ġ.organizationName = Organization Name (eg, company)Ġ.organizationName_default = Stunnel Developers Ltd The file stunnel.cnf is located in folder *\Uniform Server\udrive\home\admin\www\plugins\stunnel_424\binĬountryName = Country Name (2 letter code) Openssl is extremely flexible because of this flexibility requires a configuration file you can use any name so long as it ends with the file extension cnf Stunnel uses the file stunnel.cnf in this file you specify the type of certificate (in this case a server) encryption strength and other certificate details. Create a certificate request ( req) that is new in the X.509 digital certificate format, using the RSA cipher with a 1,024-bit key, good for 3650 days use the config file (stunnel.cnf) for additional information and write out both its key (private) and (public) certificate to the same file, stunnel.pem. This batch file runs the program openssl with the following parameters. Openssl req -new -x509 -days 3650 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem : Upgraded OpenSSL to openssl-0.9.8g MPG 31/5/08
: Increased days to give 10year MPG 22/8/07 3.5-Apollo : Create Stunnel pem certificate and public key file stunnel.pem This batch file is named mpg_create.bat and located in folder *\Uniform Server\udrive\home\admin\www\plugins\stunnel_424\bin
This is open to errors hence I created a batch file to ease the task. To generate the certificate and public key you can use the command prompt and enter parameters manually. I am going to cover only self-signed certificate here. If you don't plan on having your certificate signed by a CA it will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted view screen shots. UniServer’s Stunnel certificate is compromised because every one has access to it after downloading the plugin, this poses a security risk therefore you must generate a new certificate and key. You need to generate a self-signed certificate it contains the public key. Without a trusted signed certificate, your data may be encrypted, however, the party you are communicating with may not be whom you think. The certificate, signed by a trusted Certificate Authority (CA), ensures that the certificate holder is really who he claims to be. However, certificates do serve a crucial role in the communication process. Thus if a message or data stream were encrypted with the server's private key, it can be decrypted only using its corresponding public key, ensuring that the data only could have come from the server.Ī certificate is not really necessary because data is secure and cannot easily be decrypted. Anything encrypted with either key can only be decrypted with its corresponding key. With public key cryptography, two keys are created, one public the other private. SSL makes use of what is known as asymmetric cryptography, commonly referred to as public key cryptography (PKI). The Secure Socket Layer (SSL) is used to encrypt the data stream between the web server and a web browser. This presents a security issue where security and privacy is necessary for credit card and bank transactions. Normal web pages are sent unencrypted over the Internet allowing anyone to intercept them and read their content. Stunnel is configured for server operation allowing a secure connection between Apache and a browser client. Stunnel is very flexible this page provides additional information for Uniform Server 3.5-Apollo’s implementation.
0 kommentar(er)
