Hello Lars,
thansk for your reply.
Unfortunately this is not working..:(
popup still says: http://img266.imageshack.us/img266/7016/ie1we9.gif ..so the problem seems to be that the server asks the client/browser to identify himself (but only with Internet Explorer 6?)...but I find no configuration to turn this off.
Lars Braeuer-2 wrote:
Hi Thomas,
try the following settings in the global section of your config:
sslVersion = all options = NO_SSLv2
The default config seems to have just SSLv3 enabled. Some Internet Explorer versions only work if TLSv1 is enabled, at least as long as SSLv2 is disabled.
Best regards,
Lars Bräuer
MPeX.net GmbH / Werner-Voß-Damm 62 / D-12101 Berlin / Germany MPeXnetworks / www.mpexnetworks.de Tel: ++49-30-78097 180 / Fax: ++49-30-78097 181
Sitz, Registergericht: Berlin, Amtsgericht Charlottenburg, HRB 76688 Geschäftsführer: Lars Bräuer, Gregor Lawatscheck, Dr. Robert Lawatscheck
Am 19.05.2010 14:30, schrieb KumpelJ:
Hello
I have browsed the archives but have not found the answer to this question...
I have stunnel set up to handle https connections. It sits on a Debian server alongside HAProxy and works fine with every browser except for Internet Explorer.
When I connect with Internet Explorer, I get a blank "Please choose a digital certificate" pop-up.
How do we turn off the request for the client certificate in IE?
Here are my details....thanks in advance.
#vi /etc/stunnel/stunnel.conf verify=0 CAfile=/etc/ssl/certs/chain.pem cert=/etc/ssl/certs/multidomain.pem CApath=/etc/ssl/certs/
pid = /etc/stunnel/stunnel.pid debug = 3 output = /etc/stunnel/stunnel.log
socket=l:TCP_NODELAY=1 socket=r:TCP_NODELAY=1
client=no
[https] accept=192.168.11.32:443 connect=localhost:444 TIMEOUTclose=0 xforwardedfor=yes
#usr/local/bin/stunnel -version stunnel 4.32 on x86_64-unknown-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
Global options debug = daemon.notice pid = /usr/local/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH session = 300 seconds stack = 65536 bytes sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users