[syslog-ng]syslog-ng & stunnel, the saga continues

[syslog-ng@lists.balabit.hu]

I'm trying to use stunnel to wrap syslog-ng in SSL. The only
problem is that all the documentation for stunnel presumes
you're using Red Hat. I'm using OpenBSD. This means I have
to generate the certificates myself, and I'm confused here.

For a decent level of security, as I understand it, the server
needs a certificate, signed by a CA (in this case, as it's
for internal networking, the CA is me). 

What does the client need?

I basically created a CA, created a public key and signed it
to create the server certificate, what do I need to do for the
clients? (I would prefer it if they all had the same certificate,
to preserve my sanity).

If I hear the phrase "on red hat, go to /usr/share/ssl/certs" one
more time, somebody is going to find themselves eating several
poorly generated certificates. :)

cheers
mark