Secure tcp connection with ssl

[peterw]

Stunnel wraps any insecure TCP port into a secure encrypted port. It is using OpenSSL package for this.

Install stunnel: apt-get install stunnel4

Configuration: nano /etc/stunnel/stunnel.conf

Usage of parameters:

client = yes

accept = 8080
connect = 127.0.0.1:3601
cert = /etc/stunnel/stunnel.pem

• accept: port stunnel is listening
• connect: ip and port of origin service
• cert: openssl certificate for ssl encryption

Autostart stunnel: nano /etc/default/stunnel4

ENABLED=1

Create ssl certificate:

openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 365
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem