Required:
Blue Iris
stunnel
Links:
Self Signed Certificate
Forum discussion on SSL Error
Blue Iris and stunnel video
Note: It is a good idea assign your BI Server with a static IP address, after assigning the IP on your router, restart your PC or you can open a command prompt and type:
ipconfig /release
ipconfig /renew
Step 1: Install Blue Iris and set it up how you want it to be, if it is already setup skip to step 2. (Remember to set Blue Iris to run as a service under the Startup tab.)
Step 2: Click on the Settings/info and select the Web Server tab.
- Be sure your assigned static LAN IP address is shown.
- Check the box next to Stunnel is installed for HTTPS on port:
- You can also check the box next to HTTPS LAN also, if you want to use https on LAN connection.
- Use a port under 1024, but be sure it is not being used. (Don’t use any port between 1024 and 49152)
- To verify the port you chose, open a CMD as admin and run “netstat -anop tcp | findstr port#“, no quotes.
Step 3: Click on the Remote access Wizard to verify it works.
- Once to this screen you should have a Green check mark for HTTP and Red check mark for HTTPS, since this port is not setup on router yet, or setup in stunnel.
NOTE: You will also get this red check if stunnel service is not running.
Click Next
- You will need to add your BI server to port forwarding on your router, you can do that now by clicking the Open button. You will add the port you chose, in this example was 443. Add it as TCP to the Internal IP of your server, in this example it is 192.168.50.252. Every Router is different how to access Port Forwarding, commonly it is on the WAN menu. Set the Internal and External port as the port you selected to use, in this example it is 443.
For now, leave BI open, and click back to leave the wizard open to the HTTP/HTTPS test window.
Step 4: Install Stunnel, for all users, once installed you should see a shortcut on your desktop “stunnel AllUsers, click on it. This will start the GUI.
- Right click the icon and select Edit Configuration
- Under the TLS Server Mode Services add the following, then save and exit.
- Right click the icon and select Show Log Window
- Right click and click Reload Configuration
After Reload you should see activity in the log window, final line should read Configuration Successful.
- Go back to the Blue Iris Access Wizard and it should now have a green check mark for HTTPS
And the stunnel log should show connection activity.
Click next to get to the following, once again, a green check should be here.
If you get this error in Chrome,
and the Log will show this
I had to update my cert to get it working, and that is fairly straight forward.
- Locate your stunnel folder under C:Program Files (x86)\stunnel\config, be sure you have full permissions of the file, open config folder, open stunnel.pem with notepad.
- Click here to go to ZeroSSL to create new Certificate.
- ZeroSSL has changed a few things, you will need to create a free account and choose 90 day cert for a free one, or there a fee based options.
- Add your BI Server IP, then click Generate.
- Copy and paste both the Private Key and Certificate and paste in your stunnel.pem that is open in notepad, overwriting all that is there.
Once this is done, start the stunnel GUI, reload the config file, and watch the log, it should show Configuration successful.
Then reload the Blue Iris server address, you should then see this. Just click on Proceed.
It will show Not Secure because this certificate is not signed by a CA.
You can now install the service and start it.
GUI and Service cannot run at the same time. If the GUI is running, select GUI Stop.
Then Install Service and then select Service Start.
It should be fully functioning now.
A few troubleshooting topics:
- If your browser shows “This site can’t be reached”, and all the above settings are correct in Blue Iris and stunnel, then the stunnel service or GUI is not running.
