Re: pan nntp via stunnel.
On Fri, May 26, 2023 at 11:57 AM <peter@easthope.ca> wrote:
>
> https://wiki.debian.org/Pan states,
>
> " ... to generate a RSA Private Key
> #openssl genrsa -out priv.pem
>
> Generate Certificate
> #openssl req -new -x509 -key priv.pem -out stunnel.pem -days 1095"
>
> No problem. I put the two files in /etc/stunnel/.
>
> Then,
> "combine priv.pem with stunnel.pem"
>
> What is meant by combine? Is there a syntax to put the private and
> public keys in one file?
Stepping back, I _think_ you are using Pan in client mode. That is,
simply as a reader. In this configuration, Stunnel is merely a SSL
gateway, and Pan talks to Stunnel in plaintext. Stunnel makes the
request to the NNTP server using TLS. So you don't need the server
stuff, like a X.509 certificate.
I think that's why the wiki page says, "Certificate/key is needed in
server mode and optional in client mode."
If you use a certificate in client mode, it will likely mean using TLS
on localhost comms between Pan and Stunnel.
Jeff
Reply to: