How do I make stunnel verify a clients certificate?

Posted by unixman83 on Server Fault See other posts from Server Fault or by unixman83
Published on 2011-01-13T11:12:34Z Indexed on 2011/01/13 11:55 UTC
Read the original article Hit count: 160

Filed under:

rdp

|

openssl

|

stunnel

NOTE: The title is misleading. Please correct it if you know a better title. What I want to know is how do I create the SSL keys / certificates needed for this.

Hi. I am using stunnel to authenticate RDP (Remote Desktop) and I need to verify that a client possesses the proper credentials. So people cannot brute force into the machine. I am also using a bad (outdated) version of RDP that has security vulnerabilities, so stunnel is a must.

I will preshare the necessary .pem's between machines.

What are the openssl commands I need to create the right .pem files on both the client and on the server? What files need to be shared?

© Server Fault or respective owner

Related posts about rdp

RDP issue..RDP not working providing logon to access on user id

as seen on Server Fault - Search for 'Server Fault'
I got a request to provide logon to access to one of Windows 2008 server, after I added this server on user's logon to list and given local admin access to server. I am not able to take RDP session. Its giving error.. Local Security authority failed to connect... I see Event ID 56 ..Source Termdd When… >>> More
Remmina remoteapp over RDP

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I was wondering how to use remmina to open applications on a Windows machine over rdp using remoteapp (or seamless or whatever it's actually called). I've already used Kim Knight's RemoteApp Tool to set up remoteapp on a Windows 7 machine and I can connect and run remote apps fine from another windows… >>> More
Using gnome-boxes with Remote Desktop Connection

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
in the past I used to connect to my windows server from ubuntu with remmina (through rdp protocol). I've recently installed ubuntu gnome remix (12.10.1) and gnome-boxes and I'm wondering if I can do the same with gnome-boxes. I've tried creating a new item in gnome-boxes and entering as url "rdp://x… >>> More
xrdp and xfce4 Ubuntu 14.04 slow refreshrate

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am running Ubuntu 14.04 LTS 32bit and I am connecting via windows rdp to my ubuntu machine that has xrdp with xfce4 session. Network is 40mbps/5mbps. RDP to a windows machine from a windows machine is flawless from same location. I can connect fine, but the refresh rate is horrible. When it fist… >>> More
How to configure XRDP to start cinnamon as default desktop session

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I was wondering if there is a way to make Cinnamon 1.4 the default environment upon logging in to Ubuntu 12.04. I can install Cinnamon 1.4 without any problems, but I am trying to run XRDP to log in from a Windows machine and would like it to start "Cinnamon session" instead of a Unity session by… >>> More

Related posts about openssl

Redhat | Openssl installation error

as seen on Server Fault - Search for 'Server Fault'
make -f objs/Makefile make[1]: Entering directory `/root/fuse-ssh/nginx-0.7.65' cd /usr/bin/openssl \ && make clean \ && ./config --prefix=/usr/bin/openssl/.openssl no-shared no-threads \ && make \ && make install /bin/sh: line 0: cd:… >>> More
Redhat | Openssl installation error

as seen on Stack Overflow - Search for 'Stack Overflow'
make -f objs/Makefile make[1]: Entering directory `/root/fuse-ssh/nginx-0.7.65' cd /usr/bin/openssl \ && make clean \ && ./config --prefix=/usr/bin/openssl/.openssl no-shared no-threads \ && make \ && make install /bin/sh: line 0: cd:… >>> More
Upgrade OpenSSL 0.9.8k to OpenSSL 1.0.1c on Ubuntu 10.04

as seen on Server Fault - Search for 'Server Fault'
We're currently using Ubuntu 10.04 and based on the PCI Compliance results, we're told to upgrade our OpenSSL. I attempted to do this using this reference: http://sandilands.info/sgordon/upgrade-latest-version-openssl-on-ubuntu and http://www.lunarforums.com/dedicated_web_hosting_at_lunarpages/upgrading_openssl-t35015… >>> More
Installing OpenSSL that supports SNI along with previous version of OpenSSL

as seen on Server Fault - Search for 'Server Fault'
So I learned that to host multiple HTTPS websites on the same IP address you need an OpenSSL version that supports SNI (0.9.8f and higher). My RHEL5 box currently has 0.9.8e and Apache version httpd-2.2.26-2.el5. According to a same question here it's not a good idea to replace the original version… >>> More
Solaris X86 AESNI OpenSSL Engine

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Solaris X86 AESNI OpenSSL Engine Cryptography is a major component of secure e-commerce. Since cryptography is compute intensive and adds a significant load to applications, such as SSL web servers (https), crypto performance is an important factor. Providing accelerated crypto hardware greatly… >>> More