Stunnel Client

Posted onby
  1. Stunnel Client Windows
Videos for Stunnel Client

This configuration will set up an stunnel server that listens on port 443 for stunnel client connections, and forwards any traffic received on to local port 22 (a local SSH service). In this way, the SSH connection happens on an entirely different port from either 2222 (on the client) or 22 (on the server) - it happens on 443. The e-mail client will connect with your local Stunnel daemon, the Stunnel daemon will make an SSL connection to the remote Stunnel server (stunnel.example.com) and the Stunnel server will make a non-SSL connection to the original IMAP and SMTP servers. The stunnel program is designed to work as TLS encryption wrapper between remote clients and local (inetd -startable) or remote servers. The concept is that having non-TLS aware daemons running on your system you can easily set them up to communicate with clients over secure TLS channels. This configuration will set up an stunnel server that listens on port 443 for stunnel client connections, and forwards any traffic received on to local port 22 (a local SSH service). In this way, the SSH connection happens on an entirely different port from either 2222 (on the client) or 22 (on the server).

When an SSL client connects to an SSL server, the server presents a certificate, essentially an electronic piece of proof that machine is who it claims to be. This certificate is signed by a 'Certificate Authority' (hereafter a CA) - usually a trusted third party like Verisign. A client will accept this certificate only if.

česky english

See also the Stunnel.org website.

Client configuration

Download CAcert certificate. Take your CAcert in PKCS12 format (with both the public and the private key in it) and convert it to a PEM format certificate with OpenSSL:

  • openssl pkcs12 -clcerts -in cacert.p12 -out mycert.pem

Move mycert.pem to your Stunnel configuration directory. Also you will need a certificate chain file, this file needs to be created on the server side. See the Server configuration section below for more information. Name this file ca-chain.pem and move this also to the Stunnel configuration directory.

Stunnel

Here is an example of a client-side stunnel.conf configuration:

Server configuration

information about how to generate the certificate chain and how to use your server certificate will be added later

On the server side, you will need to have a directory in which the client certificates (not the private keys!) that are trusted need to be stored. Place a trusted certificate, in PEM format, in this directory and generate a hash for this certificate. This hash can be created using the following /bin/sh script:

  • cd /path/to/trusted/certs/

    HASHVALUE=/usr/bin/openssl x509 -noout -hash -in 'trustedcert.pem'

    ln -s 'trustedcert.pem' ${HASHVALUE}.0

The corresponding Stunnel server configuration file will look like this:

In the client e-mail application, you can now change the name of your IMAP server to localhost and the name of your SMTP server too. The e-mail client will connect with your local Stunnel daemon, the Stunnel daemon will make an SSL connection to the remote Stunnel server (stunnel.example.com) and the Stunnel server will make a non-SSL connection to the original IMAP and SMTP servers.

Stunnel Client Windows

  • CategorySoftware

  • CategoryConfiguration