I'm trying to use stunnel to wrap syslog-ng in SSL. The only problem is that all the documentation for stunnel presumes you're using Red Hat. I'm using OpenBSD. This means I have to generate the certificates myself, and I'm confused here. For a decent level of security, as I understand it, the server needs a certificate, signed by a CA (in this case, as it's for internal networking, the CA is me). What does the client need? I basically created a CA, created a public key and signed it to create the server certificate, what do I need to do for the clients? (I would prefer it if they all had the same certificate, to preserve my sanity). If I hear the phrase "on red hat, go to /usr/share/ssl/certs" one more time, somebody is going to find themselves eating several poorly generated certificates. :) cheers mark