Of course, it is highly recommend to tweak the ciphers based on your requirements. Running CipherScan tool from Mozilla on the default stunnel configuration gives the following: Typically there will be a warning due to the above self-sign test certificate, but otherwise it should work just fine. To check that, simply open your favorite web browser and point it to localhost:8443. If we name it nf, then stunnel can be activated with it by running: stunnel nfĪssuming there is a web server running on port 8080, the HTTPS version will be made available by stunnel on port 8443. For this use case, we could create a simple configuration containing the following lines (note that the pid needs to be an absolute path): pid = /home/ariya/stunnel.pid Various examples of configuration are available. Make-ssl-cert /usr/share/ssl-cert/ssleay.cnf example.pem For this blog post however, that will be the only thing we will cover.įor testing purposes, it is sufficient to use a test certificate: sudo apt-get install -y ssl-cert Note that stunnel is very capable, it can do more than just upgrading a web server from HTTP to HTTPS. Stunnel 5.30 on x86_64-pc-linux-gnu platform To verify the installation: $ stunnel -version Thus, installing it is as straightforward as: sudo apt-get install stunnel4 Many Linux distributions, including Debian and Ubuntu, already made stunnel package available. Among others, stunnel is relatively simple and very easy to use. If you are running an HTTP server and would like to enable SSL, an easy way to do that is to use a terminating proxy. Ariya.io About Talks Articles Upgrading to HTTPS with stunnel
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |