Connection Guide
Synura Connect handles the secure connection between Mirth and Synura. It uses MLLP over TLS on port 443. Most Mirth installations don’t include TLS support out of the box — Synura Connect bridges that gap.
Prerequisites
Section titled “Prerequisites”Before you begin, confirm you have:
- Your Synura subdomain (e.g.
acmelab), provided during onboarding - Mirth Connect 3.8.1 or later installed and running
- Outbound network access from the Mirth server to
synura.ioon port 443 - A Synura dashboard account to verify message delivery
Your connection endpoint is:
Host: {subdomain}.synura.ioPort: 443Protocol: MLLP over TLSReplace {subdomain} with the value assigned to your organisation.
Test network connectivity
Section titled “Test network connectivity”Before configuring TLS, confirm you can reach Synura from the Mirth server.
Windows (PowerShell):
Test-NetConnection {subdomain}.synura.io -Port 443Linux / macOS:
openssl s_client -connect {subdomain}.synura.io:443 -servername {subdomain}.synura.ioA successful test shows a completed TLS handshake with CN=*.synura.io in the certificate chain. If the test fails, check that outbound TCP 443 is permitted by your firewall.
Choose your TLS path
Section titled “Choose your TLS path”| Path | Who it’s for | What you need |
|---|---|---|
| Path A: Synura Installer | Most customers | Download the installer — handles everything |
| Path B: Manual stunnel | Teams that prefer manual configuration | Install and configure stunnel yourself |
| Path C: NextGen SSL Manager | Customers with a commercial Mirth licence | Your existing SSL Manager plugin |
| Path D: Zen SSL Extension | Customers with the Zen SSL plugin | Your existing Zen SSL plugin |
| Path E: Enterprise TLS proxy | Organisations with existing TLS infrastructure | Your IT team configures the proxy |
Path A: Synura Installer (Recommended)
Section titled “Path A: Synura Installer (Recommended)”The fastest path. The installer configures stunnel, deploys the Mirth polling channel and verifies the connection in one run.
Download the bundle for your platform: SynuraMirthConnector-windows.zip (3.7 MB) for Windows or SynuraMirthConnector-linux.tar.gz (10 KB) for Linux. Extract the archive, then follow the Quick Start guide for the full walkthrough.
Path B: Manual stunnel setup
Section titled “Path B: Manual stunnel setup”If you prefer to configure each component yourself, follow the Manual Setup guide. It walks through stunnel installation, configuration, certificate import, and channel creation step by step.
Path C: NextGen SSL Manager Plugin
Section titled “Path C: NextGen SSL Manager Plugin”If your commercial Mirth licence includes SSL Manager, you can configure TLS directly on a TCP Sender connector without stunnel. However, note that Synura uses a polling model (Mirth pulls messages from Synura), not a push model. You will still need to create a JavaScript Reader source channel.
SSL Manager is a paid NextGen extension (Silver/Gold/Platinum subscriptions). It is not part of the open-source Mirth download. Synura does not provide or support this plugin.
If you have SSL Manager and want to use it, contact support@synura.io for guidance on configuring the JavaScript Reader to use SSL Manager’s TLS context instead of stunnel.
Path D: Zen SSL Extension
Section titled “Path D: Zen SSL Extension”If you have the Zen SSL Extension from ConsultZen, the same applies as Path C — you can use it for the TLS layer, but the Mirth channel must still use the JavaScript Reader polling pattern.
Zen SSL is a third-party commercial plugin (annual subscription). Synura does not provide or support it. Details at consultzen.com.
Contact support@synura.io for guidance on integrating Zen SSL with the polling channel.
Path E: Enterprise TLS proxy
Section titled “Path E: Enterprise TLS proxy”If your organisation runs a TLS termination proxy (F5, HAProxy, nginx, etc.), your infrastructure team can forward MLLP traffic to Synura directly.
Hand your IT team these configuration values:
| Setting | Value |
|---|---|
| Listen address | 127.0.0.1 (or an internal IP accessible to the Mirth server) |
| Listen port | 6661 (or any available port) |
| Upstream host | {subdomain}.synura.io |
| Upstream port | 443 |
| Protocol | TLS 1.2 or higher |
| SNI | Required — must send {subdomain}.synura.io as the SNI hostname |
| Client certificate | Not required (server-side TLS only) |
Once the proxy is running, follow the Manual Setup guide from Step 6 onwards to create the Mirth polling channel. Set stunnelPort in the channel script to whatever port your proxy listens on.
Support
Section titled “Support”If you need help choosing a path or run into issues, contact support@synura.io with your subdomain and Mirth version.