Product guide
5
Copy the files to the Stunnel installation directory. For example, C:\Program Files
(x86)\stunnel.
You can also rename these files:
• CN_McAfee_ePO_Deep_Command_Root.crt to ca.cer
• <Agent_Handler_FQDN>.key to cira.key
• <Agent_Handler_FQDN>.crt to cira.pem
Add DH parameter to the .pem file
The created PEM certificate file needs Diffie-Hellman (DH) values appended to the end. This is done
via the OpenSSL tools.
Task
1
In the server where OpenSSL is installed, run the following command in the \bin folder under the
OpenSSL directory.
Openssl dhparam -outform PEM -out dHParam.pem 1024
The dhParam.pem file is created in the same directory.
2
Open the dhParam.pem file in a text editor, then copy its content.
3
On the server where you saved the Stunnel configuration files, browse to the Stunnel installation
directory, then locate the .pem file created using McAfee ePO. For example, cira.pem.
4
Open the .pem file in a text editor, add the copied content from dhParam.pem file at the end, then
save it.
Configure Stunnel
Modify the stunnel.conf file to specify the location for the certificates generated, ports used, and other
options.
Task
1
Open the Stunnel configuration file at C:\Program Files\stunnel\stunnel.conf and add this
content:
cert = C:\Program Files (x86)\stunnel\cira.pem
key = C:\Program Files (x86)\stunnel\cira.key
CAfile = C:\Program Files (x86)\stunnel\ca.cer
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
options = NO_SSLv3
options = NO_SSLv2
ciphers = AES128-SHA
verify = 1
debug = 7
output = C:\Program Files (x86)\stunnel\stunnel.log
client = no
[ciraamt]
accept = 12345
connect = 11111
5
Setting up your environment for Remote Access
Add DH parameter to the .pem file
60
McAfee ePO Deep Command 2.1.0 Product Guide