How Can We Help?
< All Topics
You are here:
Print

Blue Iris / sTunnel Notes

Created OnJune 27, 2022
Last Updated OnFebruary 6, 2025
byJames Gray

Generate New Certificate

Key – See in KeePass, search Posh-ACME
Secret – See in KeePass, search Posh-ACME

  • NOTE: GoDaddy removed API functionality for accounts with less than 10 domain names.
  • On server: Run in Powershell
Set-ExecutionPolicy RemoteSigned -Force
Install-Module -Name Posh-ACME -Scope AllUsers -Force
Import-Module Posh-ACME
Get-PAPlugin
Get-PAPlugin host -Guide  #DNS host
$certNames = '*.lmc-solutions.net'
$email = 'info@chsintech.com'
$pArgs = @{GDKey="9jZMeUaEUvs_4basktB1SSZ74QpPcEeMTw";GDSecret="SNcVSyN1ErFaVCppa2VgJP"}
Set-PAAccount -Contact 'info@chsintech.com'
New-PACertificate -AcceptTOS $certNames -Plugin GoDaddy -PluginArgs $pArgs -FORCE
  • Download https://curl.se/ca/cacert.pem
    • Change name to ca-certs.pem
    • Copy to C:\Program Files (x86)\stunnel\config
  • Browse to appropriate folder in (e.g. C:\Users\IT\AppData\Local\Posh-ACME\LE_PROD\1591856117!.lmc-solutions.net)
  • Copy cert.cer to stunnel.pem
    • Open fullchain.cer as a text file and copy the contents
    • Open stunnel.pem as a text file and paste the previous text to the bottom and save
    • Open cert.key as a text file and copy the contents
    • Open stunnel.pem as a text file and paste the previous text to the top and save
  • copy stunnel.pem to C:\Program Files (x86)\stunnel\config
  • Open Services and restart ‘Stunnel TLS wrapper’
  • Test at https://URL/ui3.htm

Renew Existing Certificate

Key – See in KeePass, search Posh-ACME
Secret – See in KeePass, search Posh-ACME

  • On server: Run in Powershell
Submit-Renewal
  • Browse to appropriate folder in (e.g. C:\Users\IT\AppData\Local\Posh-ACME\LE_PROD\1591856117!.lmc-solutions.net)
  • Rename old stunnel.pem
  • Copy cert.cer to stunnel.pem
    • Open fullchain.cer as a text file and copy the contents
    • Open stunnel.pem as a text file and paste the previous text to the bottom and save
    • Open cert.key as a text file and copy the contents
    • Open stunnel.pem as a text file and paste the previous text to the top and save
  • copy stunnel.pem to C:\Program Files (x86)\stunnel\config
  • Open Services and restart ‘Stunnel TLS wrapper’

sTunnel Setup

  • accept = sTunnel is installed for HTTPS on port (80)
  • connect = Enable the HTTPS web server on port (443)

; TLS front-end to a web server
[https]
accept = 443
connect = 80
cert = stunnel.pem
TIMEOUTclose = 0

Using GoDaddy Certificate

  • Copy contents of star20??.pem certificate to stunnel.pem
  • Remove extraneous text. (Only want —certificate— info)
  • Copy contents of star20??.key to bottom of stunnel.pem
  • Open Services and restart ‘Stunnel TLS wrapper’

Using Certify the Web

  • Export PFX from Windows Certificate Manager
  • Run the following command to export the private key
    openssl pkcs12 -in STAR.theflagship.org.pfx -nocerts -out STAR.theflagship.org.key -nodes
  • Run the following command to export the certificate
    openssl pkcs12 -in STAR.theflagship.org.pfx -nokeys -out STAR.theflagship.org.pem
  • Run the following command to remove the passphrase from the private key
    openssl rsa -in STAR.theflagship.org.key -out STAR.theflagship.orgR.key
  • Delete everything in stunnel.pem and copy contents of both files to it but removing data before —–BEGIN lines and after —–END lines
  • Open Services and restart ‘Stunnel TLS wrapper’

Tags:
Table of Contents