====== stunnel ======
<code>
cert = /var/lib/stunnel4/mhc.im.crt
key = /var/lib/stunnel4/mhc.im.pem

sslVersion = all

chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /extern.pid

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

verify = 2

CApath = /CA
CAfile = /var/lib/stunnel4/CA/MHC-CA.crt
session = 86400

debug = 7
output = /var/log/stunnel4/extern.log

[https]
accept  = 443
connect = 127.0.0.1:8443
</code>

<code>
--sslVersion = SSLv3
sslVersion = all

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /intern.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

verify = 0

; Some debugging stuff useful for troubleshooting
;--
debug = 7
output = /var/log/stunnel4/intern.log

; Use it for client mode
client = yes

; Service-level configuration

;[https]
;accept  = 8443
;connect = 172.27.19.1:443
[https]
accept  = 8443
connect = 192.168.100.5:443


</code>

| mhc.im.crt | Server Zertifikat |
| mhc.im.pem | Server Key        |
| MHC-CA.crt | Root Zertifikat   |

<code>
cd /var/lib/stunnel
/usr/lib/ssl/misc/c_hash mhc.im.crt
ln -s mhc.im.crt 60275be2.0
</code>