[stunnel-users] Preventing "choose a digital certificate" pop-up in IE
Wallace Winfrey
wwinfrey at gmail.com
Fri May 8 19:54:00 CEST 2009
Hello
I have browsed the archives but have not found the answer to this question...
I have stunnel set up to handle https connections. It sits on a CentOS
server alongside HAProxy and works fine with every browser except for
Internet Explorer.
When I connect with Internet Explorer, I get a blank "Please choose a
digital certificate" pop-up.
I am pretty sure I have a configuration issue. Here's what I have:
socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1
options = NO_SSLv2
ciphers=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
output = /var/log/stunnel.log
[my.host.name]
accept=my.external.IP:443
connect=127.0.0.1:8101
xforwardedfor=yes
CAfile=/etc/stunnel/GlobalSign.pem
cert=/etc/stunnel/my.host.name.pem
verify=1
How do we turn off the request for the client certificate in IE?
Here are my details....thanks in advance.
w
* stunnel-4.15-2.el5.1
* I am running it standalone: /usr/sbin/stunnel /etc/stunnel/stunnel.conf
* /usr/sbin/stunnel -version
stunnel 4.15 on i686-pc-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4 Auth:LIBWRAP
Global options
debug = 5
pid = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /usr/local/etc/stunnel/stunnel.pem
ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key = /usr/local/etc/stunnel/stunnel.pem
session = 300 seconds
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
* uname -a: Linux my.host.name 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1
09:19:18 EDT 2009 i686 i686 i386 GNU/Linux
* glibc version is 2.5-34
* gcc is not installed, using CentOS RPM
* OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090508/671b5c2c/attachment.html>
More information about the stunnel-users
mailing list