Pfsense ,NEED private key for stunnel.crt, encryption wont work without please

[courteousorbit 2]

so i cant add a ca file as everyone may know in pfsenses stunnel package manager under services without a certificate, meaning i need you guys to add a private key to the stunnel.crt file per config generator so i can create a proper certificate for my ca , need this to get stunnel proper encrypted thanks

Edited ... by courteousorbit

[courteousorbit 2]

would appreciate the help

[Staff 9972]

@courteousorbit

Hello!

We're sorry, we do not want that because stunnel is meant (in our service) as a tool to bypass (even, but not only) blocks based on certificate replacement.

We need to fool the blocking system making it believe that it can decrypt the flow (actually it can decrypt stunnel tunnel). Then, an OpenVPN tunnel is established inside the stunnel one, and that's where the blocking system is fooled in most cases. Data security and integrity is therefore guaranteed by OpenVPN, not by stunnel.

If you need proper stunnel setup, then you do not suffer the aforementioned blocks type, so you can probably bypass completely stunnel and use OpenVPN in TCP and in TLS Crypt mode (maybe to port 443, in order to approximate very closely a TLS driven HTTPS connection). You will have even higher performance, of course. Also consider UDP, if you are not forced to use TCP.

Kind regards
 

[courteousorbit 2]

ok , thanks for clearing that up