[stunnel-users] "choose a digital certificate" pop-up in IE

KumpelJ bender.thomas at web.de
Wed May 19 15:56:14 CEST 2010


Hello Lars,

thansk for your reply.

Unfortunately this is not working..:(

popup still says: http://img266.imageshack.us/img266/7016/ie1we9.gif
..so the problem seems to be that the server asks the client/browser to
identify himself (but only with Internet Explorer 6?)...but I find no
configuration to turn this off.



Lars Braeuer-2 wrote:
> 
> Hi Thomas,
> 
> try the following settings in the global section of your config:
> 
> sslVersion = all
> options = NO_SSLv2
> 
> The default config seems to have just SSLv3 enabled. Some Internet
> Explorer versions only work if
> TLSv1 is enabled, at least as long as SSLv2 is disabled.
> 
> Best regards,
> 
> Lars Bräuer
> -- 
> MPeX.net GmbH / Werner-Voß-Damm 62  / D-12101 Berlin / Germany
> MPeXnetworks / www.mpexnetworks.de
> Tel: ++49-30-78097 180 / Fax: ++49-30-78097 181
> 
> Sitz, Registergericht: Berlin, Amtsgericht Charlottenburg, HRB 76688
> Geschäftsführer: Lars Bräuer, Gregor Lawatscheck, Dr. Robert Lawatscheck
> 
> Am 19.05.2010 14:30, schrieb KumpelJ:
>> 
>> Hello
>> 
>> I have browsed the archives but have not found the answer to this
>> question...
>> 
>> I have stunnel set up to handle https connections. It sits on a Debian
>> server alongside HAProxy and works fine with every browser except for
>> Internet Explorer.
>> 
>> When I connect with Internet Explorer, I get a blank "Please choose a
>> digital certificate" pop-up.
>> 
>> How do we turn off the request for the client certificate in IE?
>> 
>> Here are my details....thanks in advance.
>> 
>> #vi /etc/stunnel/stunnel.conf
>> verify=0
>> CAfile=/etc/ssl/certs/chain.pem
>> cert=/etc/ssl/certs/multidomain.pem
>> CApath=/etc/ssl/certs/
>> 
>> pid = /etc/stunnel/stunnel.pid
>> debug = 3
>> output = /etc/stunnel/stunnel.log
>> 
>> socket=l:TCP_NODELAY=1
>> socket=r:TCP_NODELAY=1
>> 
>> client=no
>> 
>> [https]
>> accept=192.168.11.32:443
>> connect=localhost:444
>> TIMEOUTclose=0
>> xforwardedfor=yes
>> 
>> #usr/local/bin/stunnel -version
>> stunnel 4.32 on x86_64-unknown-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
>> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
>>  
>> Global options
>> debug           = daemon.notice
>> pid             = /usr/local/var/run/stunnel/stunnel.pid
>> RNDbytes        = 64
>> RNDfile         = /dev/urandom
>> RNDoverwrite    = yes
>>  
>> Service-level options
>> cert            = /usr/local/etc/stunnel/stunnel.pem
>> ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
>> session         = 300 seconds
>> stack           = 65536 bytes
>> sslVersion      = SSLv3 for client, all for server
>> TIMEOUTbusy     = 300 seconds
>> TIMEOUTclose    = 60 seconds
>> TIMEOUTconnect  = 10 seconds
>> TIMEOUTidle     = 43200 seconds
>> verify          = none
>> 
>> 
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> 
> 

-- 
View this message in context: http://old.nabble.com/%22choose-a-digital-certificate%22-pop-up-in-IE-tp28607531p28608649.html
Sent from the Stunnel - Users mailing list archive at Nabble.com.




More information about the stunnel-users mailing list