stunnel

SVDTiger

n3wb
Joined
Jan 3, 2016
Messages
20
Reaction score
0
figured it out. You need this line the stunnel.conf file as well.
; ***************************************** Example TLS client mode services
[blue-iris]
accept = 8777
connect = 8666
cert = stunnel.pem

Also, the webserver needs to be configure like this (using these settings)
To add to all of this, you need to port forward 8777. You don't need to port forward 8666 since 8666 is only local to your server. 8777 is what needs to be opened so its open with respect to your IP address. Also your file has to be like this:

[blue-iris]
accept = 8777
connect = 8666
cert = stunnel.pem
key = stunnel.pem
 
Joined
May 28, 2016
Messages
1
Reaction score
0
I have installed blue iris 4 and stunnel for windows (win10X64).

Blue iris is all up and running. I now want to connect to stunnel via the with ssl the "correct?" way. I can connect but I get the "hey this cert is not verified continue?"
I want to export the cert to pk12 form so I can install it on my android phone and or pcs.

I have all the default files the stunnel installer created
ca-certs.pem
stunnel.pem
etc..

current stunnel config
[blueiris]
accept = 10000
connect = 10001
;verify = 2
;CAfile = ca-certs.pem
cert = stunnel.pem

Anyone run into this?
 
Last edited by a moderator:

gizzle

n3wb
Joined
May 28, 2016
Messages
1
Reaction score
0
figured it out. You need this line the stunnel.conf file as well.
; ***************************************** Example TLS client mode services
[blue-iris]
accept = 8777
connect = 8666
cert = stunnel.pem

Also, the webserver needs to be configure like this (using these settings)
Thanks a lot! I was doing it wrong and couldn't figure out what it was, until you showed this screenshot of how to configure the webserver.
I had the stunnel (with service) installed and configured it exactly like all the other posts show on the forums, but couldn't get a ssl connection to the webserver (connection refused etc. etc.).
Seems that I didn't understand the concept, because I didn't realize you had to connect to the http port on the webserver.
I was trying to connect to the https port directly with stunnel.

So make sure you let stunnel redirect to the http port on the webserver.

[blue-iris]
accept = 8777 (also use this number for "stunnel is installed for https on port" in your webserver configuration)
connect = 8666 (also use this number for "enable the http web server on port" in your webserver configuration)
cert = stunnel.pem
 

rmlblake

n3wb
Joined
Jul 6, 2016
Messages
1
Reaction score
0
I am having trouble with stunnel via the Blue Iris IOS App.

I keep getting this error:

Service [blue-iris] accepted connection from XXXXXXX:1354
2016.07.06 17:54:19 LOG3[41]: SSL_accept: 140890C7: error:140890C7:SSL routines:ssl3_get_client_certificate: peer did not return a certificate

My Config:

[blue-iris]
accept = 8443
connect = 80
cert = stunnel.pem
 
Joined
Jul 8, 2016
Messages
1
Reaction score
2
I am having trouble with stunnel via the Blue Iris IOS App.

I keep getting this error:

Service [blue-iris] accepted connection from XXXXXXX:1354
2016.07.06 17:54:19 LOG3[41]: SSL_accept: 140890C7: error:140890C7:SSL routines:ssl3_get_client_certificate: peer did not return a certificate

My Config:

[blue-iris]
accept = 8443
connect = 80
cert = stunnel.pem
Was running into the same issue... Found out we needed the following line otherwise it kept asking for a client cert

requireCert = no
 

Mr. Smith

n3wb
Joined
Apr 14, 2014
Messages
1
Reaction score
0
Was running into the same issue... Found out we needed the following line otherwise it kept asking for a client cert

requireCert = no
Thank you! Thank you! Thank you!

I've been fighting this for a couple hours tonight before finding your post. Working great now.
 
Joined
Jul 31, 2016
Messages
1
Reaction score
0
Oh my gosh, I've read all the replies here and it's taken me 3 days to figure this out. I kept getting the same error that you're getting. Everyone here seemed to have configured their setting right under 'TLS Client Mode Services" and I finally moved my config down to the "TLS Server Mode Services" and I can now view my cameras on my phone. I hope this saves someone alot of headache.
 

Livin

n3wb
Joined
Feb 12, 2017
Messages
23
Reaction score
0
Guys,

Sorry for reopening this thread with a similar question on configuring stunnel for blue iris 4 running on my win 10 laptop. I have read through all comments on the 2 pages of this thread but somehow i think i am missing something as i can get the stunnel gui to load the configuration file which results in the service not running.

The config file was updated with the following lines just below the comment line ; ******************************************** Example TLS client mode services

[blue-iris]
accept = 8151
connect = 8141
cert = stunnel.pem

When reloading the configuration file with above lines i get the following error,

Service [blue-iris]: Failed to initialize TLS context
Failed to reload the configuration file.

On the blue iris web server settings following is set,
Enable the http web server on port 8141
Stunnel is installed for https on port: 8151

On the router portforwarded 8151 to blue iris pc's ip address

Would really appreciate if any one could help me get through setting up https stunnel connection for blue iris.

Surely i am missing something but i am not able to figure this out even after repeatedly reading through the replies here.
 
Last edited:

Livin

n3wb
Joined
Feb 12, 2017
Messages
23
Reaction score
0
Also tried the config lines below by putting it right under server section starting with comment ; ******************************************** Example TLS server mode services, still same error.

[blue-iris]
accept = 8151
connect = 8141
cert = stunnel.pem

Error:
Service [blue-iris]: Failed to initialize TLS context
Failed to reload the configuration file.

Stunnel not running! :-(
 

Dodutils

Pulling my weight
Joined
Dec 10, 2016
Messages
451
Reaction score
166
Having issues getting stunnel to work. I try and connect from a WAN connection using the phone app and I get this in the log on the PC where stunnel is installed. It appears my router is forwarding the request but something is being refused on the PC. Any ideas? Thanks

2016.03.11 10:16:50 LOG5[7]: Service [blue-iris] accepted connection from 70.210.X.XXX:3887
2016.03.11 10:16:51 LOG3[7]: s_connect: connect 127.0.0.1:8347: Connection refused (WSAECONNREFUSED) (10061)
2016.03.11 10:16:51 LOG5[7]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2016.03.11 10:16:51 LOG5[8]: Service [blue-iris] accepted connection from 70.210.X.XXX:3887
2016.03.11 10:16:52 LOG3[8]: s_connect: connect 127.0.0.1:8347: Connection refused (WSAECONNREFUSED) (10061)
2016.03.11 10:16:52 LOG5[8]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2016.03.11 10:16:53 LOG5[9]: Service [blue-iris] accepted connection from 70.210.X.XXX:3887
2016.03.11 10:16:54 LOG3[9]: s_connect: connect 127.0.0.1:8347: Connection refused (WSAECONNREFUSED) (10061)
2016.03.11 10:16:54 LOG5[9]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket

Here's how I have BI Web Server configured...
View attachment 7420
On your screenshot BI show 8344 not 8347 ?
 

Livin

n3wb
Joined
Feb 12, 2017
Messages
23
Reaction score
0
help anyone? would appreciate some guidance with the stunnel setup. Thanks!
 

johnmcc

Young grasshopper
Joined
Mar 9, 2015
Messages
44
Reaction score
13
Hi in Options -> Web Server try un checking secure only, if I check this can't connect
 

Frank Ecker

Young grasshopper
Joined
Apr 18, 2017
Messages
50
Reaction score
11
If you have control of your own domain name, you can use Let's Encrypt to generate secure certs for free.

They work fine with BI and stunnel but I would like to figure out how to rewrite http to https like can be done with apache.

output = C:\Program Files\stunnel\config\stunnel.log

[Blue-Iris]
accept = 443
connect = 80
CApath = C:\Program Files\stunnel\config\
cert = C:\Program Files\stunnel\config\cert1.crt.pem
key = C:\Program Files\stunnel\config\cert1.key.pem
 

Livin

n3wb
Joined
Feb 12, 2017
Messages
23
Reaction score
0
Have tried unchecking secure only on blue iris webserver - no change in behavior

I tried the stunnel DN setup for personal certificate setup - this also renders same results.

Not sure what else to try given that i am running trials based on advise over the internet, as i am no networking literate...

any other options i need to check? would really want to use the https option for remote viewing on the app or browser.
 

Frank Ecker

Young grasshopper
Joined
Apr 18, 2017
Messages
50
Reaction score
11
Livin, maybe there is some other corruption in your config file. If you totally comment out the BI items what happens when you launch stunnel? You need to confirm a working instance of stunnel then should be able to add in the couple of lines needed for BI.

Here is a sample file to reset to a known baseline. stunnel: Windows Config
 

Livin

n3wb
Joined
Feb 12, 2017
Messages
23
Reaction score
0
Frank,

Thanks for the input, Yes i did test by removing/commenting the below lines, and the stunnel config file loads fine with no errors.

[blue-iris]
accept = 8151
connect = 8141
cert = stunnel.pem

It is only when the above lines are inserted, the stunnel config reload fails.

Also tried inserting above lines under both client and server sections below on the config file, still same behavior.

; ******************************************** Example TLS client mode services
; ******************************************** Example TLS server mode services

No go :-(
 

Livin

n3wb
Joined
Feb 12, 2017
Messages
23
Reaction score
0
and without the below line, i get an error that a certificate is required, so i guess it needs to be there.

cert = stunnel.pem
 

Livin

n3wb
Joined
Feb 12, 2017
Messages
23
Reaction score
0
Tried to reset the code from stunnel: Windows Config

The configuration loaded successfully. But again after inserting the below lines same error thrown. No difference to my earlier test results.

; ***************************************** Example TLS server mode services

[blue-iris]
accept = 8151
connect = 8141
cert = stunnel.pem

Still no go :-(
 
Top