Adobe Connect 8 SSL – getting stunnel up and running

by kai on 22/08/2012



Today I was helping a client to setup proper SSL handling for their Adobe Connect 8 instance. Essentially all they wanted to do was to secure the Adobe Connect web admin with SSL and https; the actual Flash Media Server-based meeting server and its RTMP communication wasn’t going to be secured at this stage.

The software-based SSL for Adobe Connect 8 is delivered via stunnel, a packaged third-party solution within Connect 8. The actual process of configuring SSL for Adobe Connect is quite well documented , but it’s quite easy to trip over a particular little detail.

Said detail is a note in the configuration guide to “start stunnel” after all the configuration is done. That’s fine as long as one knows what exactly that means and how stunnel works, but it’s unfortunately not documented properly by Adobe.

Stunnel is essentially an SSL proxy:

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs’ code. Stunnel uses OpenSSL libraries for cryptography, so it supports whatever cryptographic algorithms you compiled into your library.

[…]

Stunnel is a free software authored by Michal Trojnara. Although distributed under GNU GPL version 2 or later with OpenSSL exception, stunnel is not a community project. We retain the copyright of the source code. Please contact us for commercial support or non-GPL licenses. Free, community-based support is also available via stunnel-users mailing list.

I assume Adobe has gone into some form of commercial agreement with the guys behind Stunnel (which is really irrelevant for this post).

Anyway, stunnel is a part of your Adobe Connect 8 installation; it can be found in [root_install_dir]\stunnel. After you’ve done all the configuration as described in Adobe’s document, you need to start the stunnel proxy. The easiest way to do so is to run stunnel.exe on the Adobe Connect server (Connect is just supported on Windows, therefore there are no OSX/Linux binaries).

That works ok and gets your Connect server up and running fine with SSL, but it will stop again after the next logout or reboot. Why? Running stunnel.exe doesn’t install the proxy as a Windows service but only executes it for the current user. To install stunnel as a service, open a shell (or “command prompt” in Windows-speech) and execute stunnel.exe -install. It should automatically be setup to start the service automatically, but it might pay to double check that. There you go, Adobe Connect 8 runs with SSL.

Comments on this entry are closed.

{ 1 trackback }

Previous post:

Next post: