[stunnel-users] "choose a digital certificate" pop-up in IE
Lars Braeuer
lb at mpexnet.de
Wed May 19 16:03:25 CEST 2010
Hello Thomas,
did you empty the cache of MSIE6 or did you restart the browser before trying again?
Another stupid question: Did you restart stunnel properly? Check if the pid is really different
after the restart in order to make sure stunnel is not hanging around just pretending it did a restart.
Best regards,
Lars Bräuer
--
MPeX.net GmbH / Werner-Voß-Damm 62 / D-12101 Berlin / Germany
MPeXnetworks / www.mpexnetworks.de
Tel: ++49-30-78097 180 / Fax: ++49-30-78097 181
Sitz, Registergericht: Berlin, Amtsgericht Charlottenburg, HRB 76688
Geschäftsführer: Lars Bräuer, Gregor Lawatscheck, Dr. Robert Lawatscheck
Am 19.05.2010 15:56, schrieb KumpelJ:
>
> Hello Lars,
>
> thansk for your reply.
>
> Unfortunately this is not working..:(
>
> popup still says: http://img266.imageshack.us/img266/7016/ie1we9.gif
> ..so the problem seems to be that the server asks the client/browser to
> identify himself (but only with Internet Explorer 6?)...but I find no
> configuration to turn this off.
>
>
>
> Lars Braeuer-2 wrote:
>>
>> Hi Thomas,
>>
>> try the following settings in the global section of your config:
>>
>> sslVersion = all
>> options = NO_SSLv2
>>
>> The default config seems to have just SSLv3 enabled. Some Internet
>> Explorer versions only work if
>> TLSv1 is enabled, at least as long as SSLv2 is disabled.
>>
>> Best regards,
>>
>> Lars Bräuer
>> --
>> MPeX.net GmbH / Werner-Voß-Damm 62 / D-12101 Berlin / Germany
>> MPeXnetworks / www.mpexnetworks.de
>> Tel: ++49-30-78097 180 / Fax: ++49-30-78097 181
>>
>> Sitz, Registergericht: Berlin, Amtsgericht Charlottenburg, HRB 76688
>> Geschäftsführer: Lars Bräuer, Gregor Lawatscheck, Dr. Robert Lawatscheck
>>
>> Am 19.05.2010 14:30, schrieb KumpelJ:
>>>
>>> Hello
>>>
>>> I have browsed the archives but have not found the answer to this
>>> question...
>>>
>>> I have stunnel set up to handle https connections. It sits on a Debian
>>> server alongside HAProxy and works fine with every browser except for
>>> Internet Explorer.
>>>
>>> When I connect with Internet Explorer, I get a blank "Please choose a
>>> digital certificate" pop-up.
>>>
>>> How do we turn off the request for the client certificate in IE?
>>>
>>> Here are my details....thanks in advance.
>>>
>>> #vi /etc/stunnel/stunnel.conf
>>> verify=0
>>> CAfile=/etc/ssl/certs/chain.pem
>>> cert=/etc/ssl/certs/multidomain.pem
>>> CApath=/etc/ssl/certs/
>>>
>>> pid = /etc/stunnel/stunnel.pid
>>> debug = 3
>>> output = /etc/stunnel/stunnel.log
>>>
>>> socket=l:TCP_NODELAY=1
>>> socket=r:TCP_NODELAY=1
>>>
>>> client=no
>>>
>>> [https]
>>> accept=192.168.11.32:443
>>> connect=localhost:444
>>> TIMEOUTclose=0
>>> xforwardedfor=yes
>>>
>>> #usr/local/bin/stunnel -version
>>> stunnel 4.32 on x86_64-unknown-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
>>> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
>>>
>>> Global options
>>> debug = daemon.notice
>>> pid = /usr/local/var/run/stunnel/stunnel.pid
>>> RNDbytes = 64
>>> RNDfile = /dev/urandom
>>> RNDoverwrite = yes
>>>
>>> Service-level options
>>> cert = /usr/local/etc/stunnel/stunnel.pem
>>> ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
>>> session = 300 seconds
>>> stack = 65536 bytes
>>> sslVersion = SSLv3 for client, all for server
>>> TIMEOUTbusy = 300 seconds
>>> TIMEOUTclose = 60 seconds
>>> TIMEOUTconnect = 10 seconds
>>> TIMEOUTidle = 43200 seconds
>>> verify = none
>>>
>>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at mirt.net
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>
>>
>
More information about the stunnel-users
mailing list