How to make stunnel reload certificate files without restarting it?

linux ubuntu security stunnel
5,342

Solution 1

Try killall -HUP stunnel

Version 4.30, released on 2010.01.21 contained the following enhancement:

Graceful configuration reload with HUP signal on Unix and with GUI on Windows.

Solution 2

You could configure an exclusive port number per user and put the client certificate in a sub-dir of /etc/ssl/certs with that port number, e.g. /etc/ssl/certs/34221.

Configure your client stunnel.conf with that port.

Start one stunnel server per port with a stunnel.conf containing

cert = /etc/ssl/certs/myserver_cert.pem
CAfile = /etc/ssl/certs/cacert.pem
CApath = /etc/ssl/certs/34221

Then you have separated your user access.

Share:
5,342

Related videos on Youtube

Rogach
Author by

Rogach

Updated on September 18, 2022

Comments

  • Rogach
    Rogach over 1 year

    I have a server with stunnel, to which clients connect. Each client has it's own self-signed certificate, and copy of that certificate lies in CApath directory on the server - so I am in control of who can access the server and who can not.

    When I need to forbid access for some client, I delete the certificate and run "service stunnel4 restart". It works just fine, but it certainly breaks the connections that are already in progress at the time of restart.

    Is there a way to make stunnel see that the certificate is no longer valid without restarting it?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cron jobs are running but there is nothing in crontab? Have I been hacked?
How can I check whether a user has login permissions on Ubuntu?
How can I check which users have login access on Ubuntu 10.0.4?
Linux Group Permissions not being enforced correctly.
What are possible security issues with an SSH daemon?
Linux keylogger without root or sudo! Is it real?
Can someone explain the 'PasswordAuthentication' in the /etc/ssh/sshd_config file?
How to wipe free disk space in Linux?
How to create dummy user?
How to backup postfix?