Set up stunnel on Blue Iris 5 server

Blue Iris

Self Signed Certificate
Forum discussion on SSL Error
Blue Iris and stunnel video

Note: It is a good idea assign your BI Server  with a static IP address, after assigning the IP on your router, restart your PC or you can open a command prompt and type:

ipconfig /release

ipconfig /renew

Step 1: Install Blue Iris and set it up how you want it to be, if it is already setup skip to step 2. (Remember to set Blue Iris to run as a service under the Startup tab.)

Step 2: Click on the Settings/info and select the Web Server tab.

Web Server Settings

  • Be sure your assigned static LAN IP address is shown.
  • Check the box next to Stunnel is installed for HTTPS on port:
  • You can also check the box next to HTTPS LAN also, if you want to use https on LAN connection.
  • Use a port under 1024, but be sure it is not being used. (Don’t use any port between 1024 and 49152)
    • To verify the port you chose, open a CMD as admin and run “netstat -anop tcp | findstr port#“, no quotes.

Step 3: Click on the Remote access Wizard to verify it works.

Red X

  • Once to this screen you should have a Green check mark for HTTP and Red check mark for HTTPS, since this port is not setup on router yet, or setup in stunnel.

NOTE: You will also get this red check if stunnel service is not running.

Click Next

Router Settings

  • You will need to add your BI server to port forwarding on your router, you can do that now by clicking the Open button. You will add the port you chose, in this example was 443. Add it as TCP to the Internal IP of your server, in this example it is Every Router is different how to access Port Forwarding, commonly it is on the WAN menu. Set the Internal and External port as the port you selected to use, in this example it is 443.

Router Port Forward

For now, leave BI open, and click back to leave the wizard open to the HTTP/HTTPS test window.

Step 4: Install Stunnel, for all users, once installed you should see a shortcut on your desktop “stunnel AllUsers, click on it. This will start the GUI.

  • Right click the icon and select Edit Configuration

stunnel GUI

  • Under the TLS Server Mode Services add the following, then save and exit.

VirtualBox_Windows 10_19_01_2020_16_13_34


  • Right click the icon and select Show Log Window

Show Log

Log Window

  • Right click and click Reload Configuration

Reload Config

Log Window after Reload

After Reload you should see activity in the log window, final line should read Configuration Successful.

  • Go back to the Blue Iris Access Wizard and it should now have a green check mark for HTTPS

Access Wizard after config

And the stunnel log should show connection activity.

Log after Access Wizard

Click next to get to the following, once again, a green check should be here.

Final test

If you get this error in Chrome,

Chrome Error

and the Log will show this

VirtualBox_Windows 10_17_01_2020_11_49_24

I had to update my cert to get it working, and that is fairly straight forward.

  • Locate your stunnel folder under C:Program Files (x86)\stunnel\config, be sure you have full permissions of the file, open config folder, open stunnel.pem with notepad.
  • Click here to go to ZeroSSL to create new Certificate.
  • ZeroSSL has changed a few things, you will need to create a free account and choose 90 day cert for a free one, or there a fee based options. 
  • Add your BI Server IP, then click Generate.
  • Copy and paste both the Private Key and Certificate and paste in your stunnel.pem that is open in notepad, overwriting all that is there.

Once this is done, start the stunnel GUI, reload the config file, and watch the log, it should show Configuration successful.

Then reload the Blue Iris server address, you should then see this. Just click on Proceed.

VirtualBox_Windows 10_17_01_2020_11_55_48

It will show Not Secure because this certificate is not signed by a CA.

VirtualBox_Windows 10_17_01_2020_12_43_25

You can now install the service and start it.

stunnel menu

GUI and Service cannot run at the same time. If the GUI is running, select GUI Stop.

Then Install Service and then select Service Start.

It should be fully functioning now.

A few troubleshooting topics:

  1. If your browser shows “This site can’t be reached”, and all the above settings are correct in Blue Iris and stunnel, then the stunnel service or GUI is not running.

6 thoughts on “Set up stunnel on Blue Iris 5 server”

  1. I found I had to use a port of “81” in the “connect” statement in stunnel.conf to make it work. Does that port need to match the Blue Iris HTTP listening port? If so, does that need correcting in the instructions on this page?


  2. Now ZeroSSL wants to verify domain with a cname file in order to create an SSL certificate. Is there a work around? Or did I take a wrong turn somewhere on the steps…
    Thanks for any help!


      1. Hey thanks for the quick reply…

        Yes I have a static IP address and used that.

        I assume I would have to push the cname verification to my router but that’s another paste and prey rabbit hole haha.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s