STunnel Setup

Since many people have difficulty installing OpenSSL and the Net::SSLeay module needed to run CP+ in SSL mode natively, this document suggests an alternative method of enabling SSL encryption. STunnel is the software that SSL-encrypts network services, such as POP3 or IMAP - or even CP+. To set it up, follow these steps:

• Install STunnel
  The program is available by default with many Linux distributions, or can be downloaded from www.stunnel.org and compiled for your system.
• Create a new tunnel
  Use CP+ SSL Tunnels module to create a new tunnel on port 10001 called ssl-cpplus that uses the Connect to remote host mode to connects to localhost port 10000 (assuming you are running CP+ on port 10000).
  The SSL certificate and key file option should be set to Use CP+ cert, and all of the other options left as their defaults.
• Activate the tunnel
  Click the Apply Changes button in the SSL Tunnels module to activate your new tunnel.
• Configure CP+ so that it knows about the SSL tunnel
  Add the line inetd_ssl=1 to /etc/cpplus/miniserv.conf and run /etc/cpplus/stop ; /etc/cpplus/start.
• Login to CP+ in SSL mode
  You should now be able to connect to https://yourhostname:10001/ and login as normal. The old URL on port 10000 will no longer work properly.