stunnel4 your servers that havent SSL by default

NOTE : stunnel isnt stunnel4 !

NOTE:

FOR the inetd – wrapper

edit your PORTS in /etc/services for services you tunnel !

example: hfs-server-ssl service mediatomb-ssl service

Create your Private key with a password
openssl genrsa -des3 -out domain.tld.encrypted.key 1024
Create your Private key without a password
openssl genrsa -out domain.tld.key 1024
#Remove the password and encryption from your private key
#openssl rsa -in domain.tld.encrypted.key -out domain.tld.key
Create your Certificate Signing Request
openssl req -new -key domain.tld.key -out domain.tld.csr
Self-Sign your Certificate
openssl x509 -req -days 365 -in domain.tld.csr -signkey domain.tld.key -out
domain.tld.crt
Creating a PEM file
simply combining the .key and the .crt file together:
cat domain.tld.key domain.tld.crt > /etc/stunnel/stunnel.pem

# DH Parameter
#PASTE OUTPUT of this in the END of stunnel.pem

dd if=/dev/urandom count=2 | openssl dhparam -rand – 512 >> /etc/stunnel/stunnel.pem

#so stunnel.pem look like this…
—–BEGIN CERTIFICATE—–
……..blah blah blah ******
…………………………..
—–END CERTIFICATE—–
—–BEGIN DH PARAMETERS—–
MEYCQQCRUDRQfPkqdZegPQrkJR6TTdn20Z6eqt/PB7VrVeDctyJUJQUsn297/C5s
87YtSfM+MItf6oEpApGAe/u4za4TAgEC
—–END DH PARAMETERS—–

root@ubuntu-bastel-kiste:/home/user# nano /etc/stunnel/stunnel.conf
chroot = /etc/stunnel
client = no
cert = /etc/stunnel/stunnel.pem
pid = /stunnel4.pid
foreground = no
debug = 7
output = /stunnel.log

; inetd – service

[hfs-server-ssl service]
accept = hfs-server-ssl
connect = 8080

[mediatomb-ssl service]
accept = mediatomb-ssl
connect = 49152

——————————

start stunnel4

NOW clients can connect via SSL PORTS to

mediatomb-ssl service and hfs-server-ssl

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.