When you setting up a service which is supposed to receive and transfer important data, one of the main concerns is security and basically how to keep the data safe when it is passing an unsecure network. There is a lot of ways to secure your connection like using different protocols like https, SSL, TLS, etc… but sometimes you are dealing with a service which does not support any of those protocols, in this case you have to use another service as a third party to address this issue. The real question is what protocol is going to fulfill your needs as a fast, flexible and multi platform service!
<center>https://i.imgsafe.org/9ef165701e.jpg</center>
<center>[Source](https://n0where.net/stunnel/)</center>
## <center>Introducing Stunnel</center>

 Stunnel is a third party application which can help you to secure your data by encrypting it with different protocols outside your main application.
### Let’s put it in a scenario to understand how it really works
Imagine you have a database which is listening on the port 1433 and you want your users to connect to the database in a secure and encrypted network
At first you have to run stunnel on your server side with the IP address 192.168.1.100(note that if your service supports protocols like SSL, you don’t need to have the server side, just install stunnel on the client) and configure it in a way that the stunnel process listens on a specific port (like 10001) and sends data received on that port to the main service port (in this case 1433)
And on the client side you should install stunnel and configure it in a way that the stunnel receives on a specific port (let’s say 6004) and send the data to the server 192.168.1.100 port 10001.
Finally you need to configure your service on the client side to start the session on its IP(127.0.0.1) and port 6004.
Let’s list all the actions that happen when you start your service
1.	Client request to connect to its local IP on the port 6004
2.	Stunnel receives the connection request and pass it to 192.168.1.100:10001
3.	Server receives the request and send it to its local IP on the port 1433
https://i.imgsafe.org/9ac9be5e32.jpg
As you can see stunnel is exactly in the middle and encrypts all the data
Ok enough about the concept, now we are going to dirty our hands with installing and configuring the stunnel. Before installing stunnel we need to install openssl as a perquisite and for making certificate.
## <center>Installing openssl</center>
(I added installaition of openssl just in case if you needed that to generate certificate)
To check whether the openssl is installed on your server simply run following command:
#### openssl version
Result should be something like this:
“OpenSSL 1.0.1e-fips 11 Feb 2013”
If it couldn’t find the openssl command then you need to install it first.
#### mkdir /src
#### cd /src
#### wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
#### tar -zxf filename 
#### cd openssl-1.0.2a
#### ./config
#### make
#### make test
#### make install
To make sure that you are using the latest version even if you had an older version already installed
#### mv /usr/bin/openssl /root/
#### ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
Now check your openssl version again
#### openssl version
Now you should see an output like this:
“OpenSSL 1.0.2k  26 Jan 2017”

## <center>Installing Stunnel</center>
Download the latest version
#### cd /src
#### wget https://www.stunnel.org/downloads/stunnel-5.40.tar.gz
Keep in mind that the version might change, if you get error go to the [stunnel]( https://www.stunnel.org/downloads.html) download page and see the latest version number
#### tar -xvf stunnel-5.40.tar.gz
#### yum install gcc
#### ./configure
#### make
#### make install
#### stunnel -version

Now you got your stunnel installed 
### Generating the private key
Stunnel have provided some scripts in its source to make it easier for users to create certificate pairs
#### cd /src/stunnel-5.40/tools
#### ./makecert.sh
Note that you can fill the requested questions or simply just press enter
<center>https://i.imgsafe.org/9ca3d6e832.jpg</center>
This command is going to create a stunnel.pem file including the private key and certificate
Now we need the configuration file for stunnel which by default resides in /src/stunnel-5.40/tools
Remember that to start stunnel you need to pass the conf file as a parameter to the command
#### (Example: stunnel /src/stunnel-5.40/tools/stunnel.conf)
You can create the configuration file as server mode, client mode and both, also you can have different options and protocols for your stunnel but here to keep it simple and show you how it is done, I am going to create two config file with the basic configuration
To do that you need a stunnel.pem(for server) file and a certificate.crt(for client) file
Go head and edit the stunnel.conf
#### vi stunnel.conf
```
debug = 7
output = stunnel.log
cert = stunnel.pem
[test]
accept = 127.0.0.1:10001
connect = 127.0.0.1:1433
```
<center>https://i.imgsafe.org/9dc1d62e84.jpg</center>
Now create a file
#### vi client.conf
```
debug = 7
output = stunnel-server.log
[test]
client = yes
accept = 127.0.0.1:6004
connect = 127.0.0.1:10001
CAfile = certificate.crt
```
<center>https://i.imgsafe.org/9dc679a432.jpg</center>
To create certificate.crt you can easily copy the certificate from the .pem file
Your certificate.crt file should look like this:
<center>https://i.imgsafe.org/9def451a87.jpg</center>
For more options and details click [here](https://www.stunnel.org/static/stunnel.html)
In this video I am going to show you the data captured from port 10001 which is encrypted and port 1433 which is plain
(something was wrong with youtube, so I had to share it by [drobbox](https://www.dropbox.com/home?preview=%DB%B2%DB%B0%DB%B1%DB%B7-%DB%B0%DB%B2-%DB%B0%DB%B7+at+%DB%B1%DB%B8-%DB%B4%DB%B1-%DB%B5%DB%B9.mp4))
That is it, now you have stunnel service up, running and working properly in basic level
### I hope you guys find it useful enough to upvote and resteem
## <center>This post is 100% powered up</center>
## <center>https://i.imgsafe.org/cd2d14ec42.gif</center> 

## <center>https://i.imgsafe.org/cd2d0cf565.gif</center> 

## <center>https://i.imgsafe.org/cd2d06f677.gif</center> 


<center> https://i.imgsafe.org/cd2d1dba11.gif</center>

<center>Tue Feb  7 19:02:16 IST 2017</center>