Using Stunnel to add ssl to shoutcast (or any service that does not have ssl)

Posted on January 14th, 2016

Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code.

First stunnel must be installed. Many OS’s have stunnel preinstalled: so try running stunnel first. If not install with your OS’s package management tool such as

centos: yum install stunnel
ubuntu: apt-get install stunnel

Once stunnel is installed you can begin. First a config file is needed. In this example shoutcast is installed already and running on port 8000. It is listening on localhost only. Create the file

/etc/stunnel/stunnel.conf


client=no
[shoutcast]
accept=8002
connect=localhost:8000
cert = /etc/stunnel/stunnel.pem

Now create the PEM file /etc/stunnel/stunnel.pem

The format is

rsa key first
certificate second
cabundle/intermediate third

Set permissions to 600
chmod 600 /etc/stunnel/stunnel.pem

Now stunnel can be started with the command /usr/bin/stunnel and we can connect to port 8002 over ssl.

4 Responses to “Using Stunnel to add ssl to shoutcast (or any service that does not have ssl)”

  1. Mula78 says:

    There is any chance that you can help me to configure Stunnel for SHOUTcast in windows server 2012 r2?

  2. Carlos Flores says:

    Hi, does this work if I have centova on a dedicated server?

    Do I need to install certbot before installing stunnel?

  3. Stergios says:

    Nice guide.

    Please explain how to generate content of /etc/stunnel/stunnel.pem
    with certibot?

Leave a Reply