Hello, we have been connecting to a test API site where we specified a PEM cert saved locally, and succeeded. I believe this is the 'certificate pinning' approach. Now we are transitioning to the production API, where the tech documentation says there is no certificate needed, "the certificate is sent during the handshake". So a PKI client connection, I guess. But we can't connect. Any suggestions would be appreciated.  Our stunnel config is below. Thanks.
STUNNEL CONFIG FILE:
debug = 7
output = stunnel.log
sslVersion = all
options = NO_SSLv2
ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM
[ice_client]
client = yes
accept = 127.0.0.1:8080
connect = 63.nnn.nnn.207:443
checkHost = *.xxxxx.com
CAfile = ca-certs.pem
; CAPath = certs
verifyChain = yes
--