On Fri, May 26, 2023 at 11:57 AM <[email protected]> wrote: > > https://wiki.debian.org/Pan states, > > " ... to generate a RSA Private Key > #openssl genrsa -out priv.pem > > Generate Certificate > #openssl req -new -x509 -key priv.pem -out stunnel.pem -days 1095" > > No problem. I put the two files in /etc/stunnel/. > > Then, > "combine priv.pem with stunnel.pem" > > What is meant by combine? Is there a syntax to put the private and > public keys in one file?
Stepping back, I _think_ you are using Pan in client mode. That is, simply as a reader. In this configuration, Stunnel is merely a SSL gateway, and Pan talks to Stunnel in plaintext. Stunnel makes the request to the NNTP server using TLS. So you don't need the server stuff, like a X.509 certificate. I think that's why the wiki page says, "Certificate/key is needed in server mode and optional in client mode." If you use a certificate in client mode, it will likely mean using TLS on localhost comms between Pan and Stunnel. Jeff
