Using Stunnel to add ssl to shoutcast (or any service that does not have ssl)

Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code.

First stunnel must be installed. Many OS’s have stunnel preinstalled: so try running stunnel first. If not install with your OS’s package management tool such as

centos: yum install stunnel
ubuntu: apt-get install stunnel

Once stunnel is installed you can begin. First a config file is needed. In this example shoutcast is installed already and running on port 8000. It is listening on localhost only. Create the file

/etc/stunnel/stunnel.conf


client=no
[shoutcast]
accept=8002
connect=localhost:8000
cert = /etc/stunnel/stunnel.pem

Now create the PEM file /etc/stunnel/stunnel.pem

The format is

rsa key first
certificate second
cabundle/intermediate third

Set permissions to 600
chmod 600 /etc/stunnel/stunnel.pem

Now stunnel can be started with the command /usr/bin/stunnel and we can connect to port 8002 over ssl.