[stunnel-users] "choose a digital certificate" pop-up in IE

• Previous message (by thread): [stunnel-users] "choose a digital certificate" pop-up in IE
• Next message (by thread): [stunnel-users] "choose a digital certificate" pop-up in IE
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Thomas,

try the following settings in the global section of your config:

sslVersion = all
options = NO_SSLv2

The default config seems to have just SSLv3 enabled. Some Internet Explorer versions only work if
TLSv1 is enabled, at least as long as SSLv2 is disabled.

Best regards,

Lars Bräuer
-- 
MPeX.net GmbH / Werner-Voß-Damm 62  / D-12101 Berlin / Germany
MPeXnetworks / www.mpexnetworks.de
Tel: ++49-30-78097 180 / Fax: ++49-30-78097 181

Sitz, Registergericht: Berlin, Amtsgericht Charlottenburg, HRB 76688
Geschäftsführer: Lars Bräuer, Gregor Lawatscheck, Dr. Robert Lawatscheck

Am 19.05.2010 14:30, schrieb KumpelJ:
> 
> Hello
> 
> I have browsed the archives but have not found the answer to this
> question...
> 
> I have stunnel set up to handle https connections. It sits on a Debian
> server alongside HAProxy and works fine with every browser except for
> Internet Explorer.
> 
> When I connect with Internet Explorer, I get a blank "Please choose a
> digital certificate" pop-up.
> 
> How do we turn off the request for the client certificate in IE?
> 
> Here are my details....thanks in advance.
> 
> #vi /etc/stunnel/stunnel.conf
> verify=0
> CAfile=/etc/ssl/certs/chain.pem
> cert=/etc/ssl/certs/multidomain.pem
> CApath=/etc/ssl/certs/
> 
> pid = /etc/stunnel/stunnel.pid
> debug = 3
> output = /etc/stunnel/stunnel.log
> 
> socket=l:TCP_NODELAY=1
> socket=r:TCP_NODELAY=1
> 
> client=no
> 
> [https]
> accept=192.168.11.32:443
> connect=localhost:444
> TIMEOUTclose=0
> xforwardedfor=yes
> 
> #usr/local/bin/stunnel -version
> stunnel 4.32 on x86_64-unknown-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
>  
> Global options
> debug           = daemon.notice
> pid             = /usr/local/var/run/stunnel/stunnel.pid
> RNDbytes        = 64
> RNDfile         = /dev/urandom
> RNDoverwrite    = yes
>  
> Service-level options
> cert            = /usr/local/etc/stunnel/stunnel.pem
> ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
> session         = 300 seconds
> stack           = 65536 bytes
> sslVersion      = SSLv3 for client, all for server
> TIMEOUTbusy     = 300 seconds
> TIMEOUTclose    = 60 seconds
> TIMEOUTconnect  = 10 seconds
> TIMEOUTidle     = 43200 seconds
> verify          = none
> 
> 

• Previous message (by thread): [stunnel-users] "choose a digital certificate" pop-up in IE
• Next message (by thread): [stunnel-users] "choose a digital certificate" pop-up in IE
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]