March 28th, 2010
Step 1: Download and install Stunnel for Windows
http://www.stunnel.org/download/binaries.html
Step 2: Configuration
Stunnel needs to be configured to create a connection from the port which will allow remote connections (ie: 14333) to the Microsoft SQL Server port (1433). All connections to port 14333 on the server will be encrypted. On your server, set port 14333 to accept remote TCP connections, and make sure to block all remote connections to port 1433 from the Internet. Configuration may vary depending on your network structure, but only the secure port should be accessible from outside your network. You can even restrict access to the secure port further by only accepting connections from specific IP addresses.
Now, lets modify the Stunnel configuration file. You can access the configuration file from the start menu in the stunnel program folder, there is an icon that says “Edit stunnel.conf”.
Paste the following into the stunnel configuration:
cert = stunnel.pem
debug = 7
output = stunnel.log
[mssql]
accept = EXTERNAL_IP:14333
connect = 127.0.0.1:1433
Replace EXTERNAL_IP with the IP address of your server. This configuration tells stunnel to use stunnel.pem for the security certificate – by default located under c:\program files\stunnel.pem. All debug output is logged to the stunnel.log file.
Make sure your MSSQL server accepts connections on 127.0.0.1 and port 1433, otherwise you may need to change this information, or modify your SQL configuration.
(More…)
