HP-UX Trusted Computing Services A.02.00 Administrator's Guide
[pop3-client]
# Use in client mode
client = yes
accept = localhost:110
connect = myServer.hp.com:110
engineNum = 1
Stunnel Configuration File on myServer for Mail Services
On the mail server (myServer), the Stunnel configuration file is similar to the file listed in
“Stunnel Configuration File on myServer for telnet” (page 47), with the following service
option entries:
# Service-level configuration for SMTP server
[smtp-server]
# Use in server mode
client = no
accept = myServer.hp.com:25
connect = localhost:25
engineNum = 1
# Service-level configuration for POP3 server
[pop3]
# Use in server mode
client = no
accept = myServer.hp.com:110
connect = localhost:110
engineNum = 1
The complete Stunnel configuration file on myServer is as follows. Changes made for TPM and
certificates are shown in bold.
# /opt/iexpress/stunnel/etc/stunnel.conf
# stunnel configuration for a TPM-protected client
# Need random data for session keys, etc
RNDfile = /dev/urandom
# Chroot if need to reduce stunnel's access into the local filesystems.
# chroot = /var/chroot/stunnel/
# PID is created inside the chroot location.
pid = /tmp/stunnel.pid
# Authentication - '3' means a signed certificate from the session peer must be
# presented and verified by the CA.
verify = 3
# Location where peer certificates and the CA certificate can be found.
CApath = /opt/openssl/certs
CAfile = /opt/openssl/certs/cacert.pem
# This client's certificate and private key.
cert = /opt/iexpress/stunnel/etc/myServer.cert
key = /opt/iexpress/stunnel/etc/myServerKeyblob
# Debug parameters
debug = 7
output = /opt/iexpress/stunnel/etc/stunnel.log
# Run in the foreground
foreground = no
# Load the built-in engine 'dynamic'
# and give it the path to the 0.9.7 TPM engine
engine=dynamic
engineCtrl=SO_PATH:/opt/tcs/lib/hpux32/engines/libtpm.so.0
# Identify the engine as 'tpm' and load and initialize it
engineCtrl=ID:tpm
50 Using TCS RSA Keys with OpenSSL