Hello
I have browsed the archives but have not found the answer to this question...
I have stunnel set up to handle https connections. It sits on a CentOS server alongside HAProxy and works fine with every browser except for Internet Explorer.
When I connect with Internet Explorer, I get a blank "Please choose a digital certificate" pop-up.
I am pretty sure I have a configuration issue. Here's what I have:
socket=l:TCP_NODELAY=1 socket=r:TCP_NODELAY=1 options = NO_SSLv2 ciphers=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM output = /var/log/stunnel.log
[my.host.name] accept=my.external.IP:443 connect=127.0.0.1:8101 xforwardedfor=yes CAfile=/etc/stunnel/GlobalSign.pem cert=/etc/stunnel/my.host.name.pem verify=1
How do we turn off the request for the client certificate in IE?
Here are my details....thanks in advance.
w
* stunnel-4.15-2.el5.1
* I am running it standalone: /usr/sbin/stunnel /etc/stunnel/stunnel.conf
* /usr/sbin/stunnel -version stunnel 4.15 on i686-pc-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4 Auth:LIBWRAP
Global options debug = 5 pid = /usr/local/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH key = /usr/local/etc/stunnel/stunnel.pem session = 300 seconds TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
* uname -a: Linux my.host.name 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:19:18 EDT 2009 i686 i686 i386 GNU/Linux
* glibc version is 2.5-34
* gcc is not installed, using CentOS RPM
* OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008