denverklion.blogg.se

30 December 2022 - 16:49
Stunnel authentication
Allmänt
Stunnel authentication











stunnel authentication

nf accept = 9000 connect = :5701 verify = 2 CAfile = /opt/certs/ca.crt cert = /opt/certs/server.crt key = /opt/cert/server.key

stunnel authentication

The configuration above, on the client side, will receive the traffic from the local Hazelcast node on port 9001, and will proxy it through the encrypted tunnel to the remote node listening on port 9000. nf client = yes accept = 9001 connect = :9000 verify = 3 CAfile = /opt/certs/ca.crt cert = /opt/certs/client.crt key = /opt/certs/client.key The example below assumes Mutual TLS Authentication, but it can be disabled by removing the client cert and key from the nf file, and by removing client verification from nf file. Now we create two configuration files on each node, lets call them nf (for outbound traffic) and nf (for inbound traffic) at /etc/stunnel. Stunnel is available in almost all linux distributions, the command below can be used to install it on Centos. # Create key openssl genrsa -out client.key 4096 # Create a client csr openssl req -new -key client.key -out client.csr # Create the client cert signed by the same root CA openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 2 -out client.crtĬopy the cert files on both the nodes under /opt/certs.

stunnel authentication

(Optional) Below are the steps to create client certificate for mutual authentication (MTLS/MASSL). # Create a root CA openssl req -new -x509 -sha256 -days 365 -key ca.key -out ca.crt # Create a rsa key file openssl genrsa -out server.key 4096 #Create a certificate request openssl req -new -key server.key -sha256 -out server.csr # Create the cert openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out server.crt Below are the command that will create a root ca and the certificate. Lets first create a self-signed certificate for encryption. This method can be used on cloud environments, like AWS, that doesn’t allow multi-casting.Īlso make sure that the security groups (or firewall) allow the inbound and outbound traffic on the given ports. Note: In this example Hazelcast is setup with tcp-ip and with multi-casting disabled. Use iptables to redirect outbound traffic to stunnel locally.Set up two tunnels (inbound, and outbound) on each node.Create a certificate to encrypt the transport.As shown, we need to do the following in order to set it up:













Stunnel authentication
0 kommentar(er)
Om Mig: