| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- ; This file contains an example stunnel TLS client configuration which
- ; enables secure transport for Kea RESTful API. An access to
- ; the service is protected by client's and server's certificate
- ; verification mechanism (as known as mutual authentication).
- ;
- ; Note that the setup below (and reused nginx or httpd2 setups)
- ; are provided as an example for testing purposes only. Always
- ; consider best known security measures to protect your production
- ; environment.
- ;
- ; Transport marked with ==> (vs -->) is secured against passive
- ; (i.e. eavesdropping) and active (i.e. man-in-the-middle) attacks
- ;
- ; kea-shell -- 127.0.0.1 port 8080 -->
- ; stunnel == 127.0.0.1 port 443 ==>
- ; nginx -- 127.0.0.1 port 8000 -->
- ; kea-agent
- ;
- ; stunnel configuration starts here.
- ; in the case you would like to follow what happens
- ;; foreground = yes
- ;; debug = 7
- ; kea service
- [kea]
- ; client (vs server) mode
- client = yes
- ; accept requests from the kea-shell tool
- accept = 127.0.0.1:8080
- ; forward requests to the https peer
- connect = 127.0.0.1:443
- ; client certificate
- cert = kea-client.crt
- ; client private key
- key = kea-client.key
- ; check server certificate
- verifyPeer = yes
- ; server certificate
- CAfile = kea-proxy.crt
|
