Stunnel Lab - Zacham17/my-tech-journal GitHub Wiki
Brief Summary
In this lab, I used stunnel to configure my web server and mail server to use https and smtps to encrypt web and mail traffic.
How to configure and use stunnel for HTTPS and SMTPS on CentOS 7:
- To install stunnel, type the command
sudo yum -y install stunnel - Once the command completes you can created a configuration file, called stunnel.conf in the /etc/stunnel directory.
- In the config file, you must enter information depending on what protocol you want to use.
- For https, the file should contain the following:
[https] accept = 443 connect = 127.0.0.1:80 cert = /etc/stunnel/stunnel.pem - For smtps, the file should contain the following:
[smtps] accept = 587 connect = 127.0.0.1:25 cert = /etc/stunnel/stunnel.pem
- For https, the file should contain the following:
- SIDE NOTE: In my case, my web server and mail server are hosted on two different VMs, so I had to install stunnel and have a configuration file on each VM
- Once the configuration files are completed, you must create a certificate an a key.
- To create the certificate, type the following command:
sudo openssl genrsa -out key.pem 2048 - To create the key, type the following command:
sudo openssl req -new -x509 -key key.pem -out cert.pem -days 1095- After typing the command to create a key, you will be prompted for information. Enter it accordingly
- Put the information from the key.pem and cert.pem files you created into one file by typing the command
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem - Allow traffic through the necessary ports on the firewall with the following commands:
firewall-cmd --add-service https --permanentfirewall-cmd --add-service smtps --permanentfirewall-cmd --reload
- Once this is done, run stunnel using
sudo stunnel stunnel.conf - SMTPS and HTTPS traffic to and from the web and mail servers should now be encrypted