Tech Blog

Newcastle Stunnel manual installing stunnel on centos 6

Stunnel install instructions for Centos Linux 6.6 to the Alma Sandbox

Alma uses Stunnel in workstation mode on a server. Selfcheck units connect to it and each have a unique digital certificate. Stunnel will open a stream of encrypted communications to the Alma database and each communication is stamped with the unique certificate. This is how Alma distinguishes SelfCheck units.
Obviously, on the Alma management console, digital certificates need to be created for each selfcheck and downloaded to the Stunnel server.

 

Installing Stunnel on a freshly built Centos VM from the IT service

  1. Download latest stunnel: “wget https://www.stunnel.org/downloads/stunnel-5.10.tar.gz”
  2. Unpack with: “tar -xvf stunnel-5.10.tar.gz”
  3. Install ssl-dev and GCC libraries: “yum install openssl-devel gcc”
  4. Run: “make” then run : “make install”
  5. Copy the conf and pem files from

\\campus\dept\library\library planning and development\projects\alma\stunnel\exlibris stunnel config files\

into /usr/local/etc/stunnel/

  1. Edit /etc/services and match service name and port (in this case it was stunnel and tcp/8888)
  2. Open above port (8888) in firewall for 10.64.192.0/20 (internal IP range) and 128.240.40/23 (External IP range)

This port is the incoming port that Selfcheck units connect to this server for initial testing. Once we go production, we’ll use ports 5001 onwards.

Making it a service to start on boot

  1. Copy the startup script file stunnel from

\\campus\dept\library\library planning and development\projects\alma\stunnel\exlibris stunnel config files\

to /etc/init.d/

  1. Make it executable: chmod +x /etc/init.d/stunnel
  2. Add it as service: chkconfig –add stunnel
  3. Do a reboot: /sbin/reboot and test it starts on boot with: service stunnel status

you should see something like: stunnel (pid 1818) is running…

Testing

  1. Start by typing stunnel or if you’ve rebooted it should already be running.
  2. Check and see it is working by using: tail -f /tmp/stunnel.log (This shows real time output)
  3. On a windows PC with telnet installed, type: cmd then: telnet almaops.ncl.ac.uk 8888 (You’ll know it works when you see output in the terminal)

Leave a Reply