HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software

# /opt/iexpress/stunnel/etc/stunnel.conf

# stunnel configuration for a TPM-protected client

# Need random data for session keys, etc

RNDfile = /dev/urandom

# Chroot if need to reduce stunnel's access into the local filesystems.

# chroot = /var/chroot/stunnel/

# PID is created inside the chroot location.

pid = /tmp/stunnel.pid

# Authentication - '3' means a signed certificate from the session peer must be

# presented and verified by the CA.

verify = 3

# Location where peer certificates and the CA certificate can be found.

CApath = /opt/openssl/certs

CAfile = /opt/openssl/certs/cacert.pem

# This client's certificate and private key.

cert = /opt/iexpress/stunnel/etc/myClient.cert

key = /opt/iexpress/stunnel/etc/myClientKeyblob

# Debug parameters

debug = 7

output = /opt/iexpress/stunnel/etc/stunnel.log

# Run in the foreground

foreground = no

# Load the built-in engine 'dynamic'

# and give it the path to the 0.9.7 TPM engine

engine=dynamic

engineCtrl=SO_PATH:/opt/tcs/lib/hpux32/engines/libtpm.so.0

# Identify the engine as 'tpm' and load and initialize it

engineCtrl=ID:tpm

engineCtrl=LOAD

engineCtrl=INIT

# Service-level configuration

[telnet-to-myServer]

# Use in client mode

client = yes

accept = localhost:6602

connect = myServer.hp.com:6602

engineNum = 1

Stunnel Configuration File on myServer for telnet

The Stunnel configuration file on myServer is as follows. Changes made for TPM and certificates

are shown in bold. The file /opt/iexpress/stunnel/etc/myServerKeyblob contains the

key pair created using tpmcreate.