MiniShare and SSL

Synopsis

MiniShare doesn't support using SSL natively, but with 3rd party software it is possible to add HTTPS functionality to MiniShare. This document describes the process in full.

Needed Software

Instructions

First you need to install the needed software. OpenSSL comes with an installer, Stunnel needs to be moved in a directory (e.g. C:\Program Files\Stunnel\). For convenience, you can rename Stunnel-4.05.exe to stunnel.exe.

Next, you need to create a private key (.PEM) that Stunnel will use. You can use OpenSSL to create it, or just use this Web based generator to create the key file (however, creating the key on a trusted machine is strongly recommended, transferring sensitive unencrypted data over the Internet is not good practice). Save the file for example as C:\Program Files\MiniShare\stunnel.pem (again, the exact location is not important).

Stunnel needs a configuration file so it knows which port to listen and to which port to forward the traffic. Open your favorite text-editor (Notepad is fine) and copy the below text on it.

key = C:\Program Files\MiniShare\stunnel.pem
[https]
accept = 443
connect = localhost:1234

Save this file for example as C:\Program Files\MiniShare\stunnel.conf. Edit this file if you need to use different ports or saved the key in a different location. This configuration makes Stunnel forward all incoming HTTPS traffic from port 443 (the default HTTPS port) to port 1234 on the same machine. Set MiniShare to listen port 1234.

The last thing to do is to run Stunnel and MiniShare. Run Stunnel with the parameter (you can create a shortcut if you want):

stunnel.exe "C:\Program Files\MiniShare\stunnel.conf"

Stunnel should now be running. Start up MiniShare from the command line (again, a shortcut saves typing):

minishare.exe -stunnel 443 -stunnel_accept_host 127.0.0.1

This tells MiniShare to use the port 443 in the copied URLs and so on, it still listens to port 1234. Also, all incoming traffic has to come from the same computer (IP address 127.0.0.1), so people can't access the server with plain unencrypted HTTP (if you try to connect via port 1234). If you also need unencrypted HTTP (using port 1234), start MiniShare without the -stunnel_accept_host parameter.

You can now access your MiniShare server over HTTPS.

References/Additional Help