bionposts.blogg.se

27 December 2022 - 16:57
Stunnel authentication
Allmänt
Stunnel authentication











See the stunnel authentication page for more information on these methods. stunnel can use certificates from a commercial CA as well. PKI (public key) – If you have your own CA setup you can use the CA root certificate and client key/certificate pair.PKS (shared keys) – This is the simplest way to setup stunnel and recommended if you don’t have an in-house certificate authority or do not want to setup one.For stunnel, there are two ways to do this: We need to setup the keys/certificates for the TLS encryption. For example, you could have multiple application servers using stunnel to connect to the same ip address / port on the database server. You can also “multiplex” the connections to one endpoint. as long as they are listening on different ports, of course. Another benefit of stunnel is that you can run multiple instances for different applications, etc. The configuration file format is pretty much the same on the different OSes, you just need to find where your favorite distro stores the configuration file(s) by default. On the application server, stunnel is listening on 127.0.0.1:5432, so the application can be configured to talk to 127.0.0.1:5432, just as if PostgreSQL was installed on the application server instead of across the network.Through the configuration of stunnel, traffic coming in to the interface 192.168.12.34:6543 will then pass to PostgreSQL listening on 127.0.0.1:5432.

stunnel authentication

192.168.12.34 and on a different port of your choosing (we will use 6543 in this example).

stunnel authentication

On the database server, PostgreSQL is listening on its standard port on 127.0.0.1:5432 (localhost) and stunnel will listen on an external interface, eg.So how does stunnel work? Here is a simple diagram that shows an overview of stunnel in action: stunnel is open source software that creates an encrypted tunnel that is very easy to install (most major OS distros have it in their package manager) and there are even binaries available for Android and Windows! But enough about that, as there is plenty of information on the stunnel site. Not the end of the world when your app is on the same server as the database server, but who does that? 😉 However there also seems to be applications here and there that don’t support TLS connections to the database server. Most RDBMS such as PostgreSQL and MySQL support TLS connections to encrypt the data on the wire between the application and the database.













Stunnel authentication
0 kommentar(er)
Om Mig: