Difference between revisions of "Upgrading Stunnel to the Latest Version"

NOTE:

• You must upgrade stunnel on all workstations using Visimage3 prior to July 29th, 2025.
• Don't forget to also update any virtual machines that run Visimage3 scheduled jobs.

Prepare for Stunnel Upgrade

• Please note that installation may require a reboot of your PC / workstation.
• You may need Admin level access to your PC to complete the install.
• Save copies of the following 2 files (in another location) - you will need them later in the upgrade process.

C:\Program Files\stunnel\certs.pem
C:\Program Files\stunnel\stunnel.pem

• Download the latest version of stunnel here.
  • Choose the file: stunnel-5.75-win64-installer.exe
• Run Visimage, goto Edit Connections and make a note of the port number(s) you are using for LIVE/EOM and CERT.
  • You are probably using 30501 and 30502, or 30503 and 30504.

Uninstall the Previous Version of Stunnel

• Stop the Stunnel service

Run the Windows Services program, locate the stunnel service and click Stop.

• Uninstall the currently installed version (5.01) of stunnel using Add/Remove Programs or by running the following program.

C:\Program Files\stunnel\uninstall.exe

• Verify that the C:\Program Files\stunnel directory was removed. If it remains, use File Manager to delete it.

Install Stunnel

• Install the most recent version of stunnel (5.75 in June 2025.)
  • Choose the options that are appropriate for your organization.
  • By default, stunnel will be installed in C:\Program Files (x86)\
  • During installation you will be asked questions to create a default certificate. This certificate will not be used, so you can enter whatever values you choose or just press Enter on all of the prompts.
  • Do NOT run stunnel at the end of installation.

Install the Certificates

• Copy the the saved certificate files from step 1 (certs.pem, stunnel.pem) into the following directory:

C:\Program Files (x86)\stunnel\config

Customize the Stunnel Configuration

• Edit the stunnel configuration file.
• Run Notepad (or Notepad++) as Administrator
• Open and edit the following file:

C:\Program Files (x86)\stunnel\config\stunnel.conf

• Remove the semi-colon comments from the debug and output lines (lines 11 & 12):

debug=info
output=stunnel.log

• Add the following lines after "output=stunnel.log":
  • Check that the accept port numbers match what you are currently using. If not, make the appropriate edits.

CAfile = certs.pem
cert = stunnel.pem

[Visimage Linux Prod]
; Prod connection to Linux
client = yes
accept = 30501
connect = visimage.fiservapps.com:8004

[Visimage Linux Cert]
; Cert connection to Linux
client = yes
accept = 30502
connect = visimage-cert.fiservapps.com:8004

Install the Stunnel Service

• Run Powershell as the Administrator and uninstall/reinstall the stunnel service
• When Windows Powershell is running, enter the following commands:
  • Paste the commands individually (not all 3 at once).

cd C:\"Program Files (x86)"\stunnel\bin
./stunnel -uninstall
./stunnel -install

• Restart the "Stunnel TLS wrapper" service. If Services is still running, exit and restart Services as the Administrator so that the list of services is refreshed.
  • If you receive an error, or the service does not restart, reboot your PC.

Verifying the Installation

• If you rebooted your PC, run Windows Services and verify that the stunnel service is running. The service is now called "Stunnel TLS Wrapper".
• If the service is running, launch Visimage3 and test that you are able to successfully start server.

Verify the TLS Level Used for the Connection

• After successfully starting server in Visimage, open the C:\Program Files (x86)\stunnel\config\stunnel.log file.
• Look for the following lines toward the bottom of the log file:

TLS connected: new session negotiated
TLSv1.3 ciphersuite: TLS... (256-bit encryption)

• If your TLS level is 1.2 or 1.3 you are all set.
• If the TLS level is 1.1 or lower, contact Vital Soft support for assistance.

Back...