How to Configure Stunnel Windows

By Brian Richards

Server administrators and home users alike feel the pressure to secure their Internet communications, but not every application supports using Transport Layer Security (TLS). Email, File Transfer Protocol (FTP) and chat communicate over old and well-established but insecure channels, and few secure alternatives can be found. Rather than dropping these old applications, configure Stunnel to proxy insecure communications over a secure channel to protect your data.

Things You'll Need

  • Valid SSL certificate

Step 1

Install Stunnel. Download the Windows binary file from Double-click on the executable "stunnel-4.34-installer.exe" and accept the default values for installing Stunnel on your computer.

Step 2

Copy a valid SSL public certificate to the directory "C:\Program Files (x86)\stunnel\." To make things more trouble-free, combine the public key and private key certificates into one .PEM file.

Step 3

Modify the Stunnel configuration file. Open the file "C:\Program Files (x86)\stunnel\stunnel.conf" using a text editor such as Notepad. Modify the file to include the line "cert = C:\Program Files (x86)\stunnel\," whereis the name of your certificate file. Modify the file to specify both the incoming (secure) port and the outgoing (insecure) ports. Label this section in brackets for clarity's sake. An example configuration looks like this:[https]accept = 443connect = 8080This configuration tells Stunnel to accept incoming connections on port 443 secured using the public key SSL certificate and redirect those connections to port 8080 on the local server without security.(See reference 1.)

Step 4

Configure Stunnel to start automatically. Navigate to the Start menu, "stunnel" folder and click on "Service Install." Stunnel will configure a Windows service called "stunnel" to start automatically when the computer boots.

Tips & Warnings

  • You may redirect several ports using the configuration file, but each incoming and outgoing port must be unique.
  • Check your firewall settings to ensure that you have created exceptions for each incoming port.