Server administrators and home users alike feel the pressure to secure their Internet communications, but not every application supports using Transport Layer Security (TLS). Email, File Transfer Protocol (FTP) and chat communicate over old and well-established but insecure channels, and few secure alternatives can be found. Rather than dropping these old applications, configure Stunnel to proxy insecure communications over a secure channel to protect your data.
Install Stunnel. Download the Windows binary file from Stunnel.org. Double-click on the executable "stunnel-4.34-installer.exe" and accept the default values for installing Stunnel on your computer.
Copy a valid SSL public certificate to the directory "C:\Program Files (x86)\stunnel." To make things more trouble-free, combine the public key and private key certificates into one .PEM file.
Modify the Stunnel configuration file. Open the file "C:\Program Files (x86)\stunnel\stunnel.conf" using a text editor such as Notepad. Modify the file to include the line "cert = C:\Program Files (x86)\stunnel<CERTIFICATE>," where
Modify the file to specify both the incoming (secure) port and the outgoing (insecure) ports. Label this section in brackets for clarity's sake. An example configuration looks like this:
[https] accept = 443 connect = 8080
This configuration tells Stunnel to accept incoming connections on port 443 secured using the public key SSL certificate and redirect those connections to port 8080 on the local server without security.
(See reference 1.)
Configure Stunnel to start automatically. Navigate to the Start menu, "stunnel" folder and click on "Service Install." Stunnel will configure a Windows service called "stunnel" to start automatically when the computer boots.
You may redirect several ports using the configuration file, but each incoming and outgoing port must be unique.
Check your firewall settings to ensure that you have created exceptions for each incoming port.