[stunnel-users] "choose a digital certificate" pop-up in IE
KumpelJ
bender.thomas at web.de
Wed May 19 15:56:14 CEST 2010
Hello Lars,
thansk for your reply.
Unfortunately this is not working..:(
popup still says: http://img266.imageshack.us/img266/7016/ie1we9.gif
..so the problem seems to be that the server asks the client/browser to
identify himself (but only with Internet Explorer 6?)...but I find no
configuration to turn this off.
Lars Braeuer-2 wrote:
>
> Hi Thomas,
>
> try the following settings in the global section of your config:
>
> sslVersion = all
> options = NO_SSLv2
>
> The default config seems to have just SSLv3 enabled. Some Internet
> Explorer versions only work if
> TLSv1 is enabled, at least as long as SSLv2 is disabled.
>
> Best regards,
>
> Lars Bräuer
> --
> MPeX.net GmbH / Werner-Voß-Damm 62 / D-12101 Berlin / Germany
> MPeXnetworks / www.mpexnetworks.de
> Tel: ++49-30-78097 180 / Fax: ++49-30-78097 181
>
> Sitz, Registergericht: Berlin, Amtsgericht Charlottenburg, HRB 76688
> Geschäftsführer: Lars Bräuer, Gregor Lawatscheck, Dr. Robert Lawatscheck
>
> Am 19.05.2010 14:30, schrieb KumpelJ:
>>
>> Hello
>>
>> I have browsed the archives but have not found the answer to this
>> question...
>>
>> I have stunnel set up to handle https connections. It sits on a Debian
>> server alongside HAProxy and works fine with every browser except for
>> Internet Explorer.
>>
>> When I connect with Internet Explorer, I get a blank "Please choose a
>> digital certificate" pop-up.
>>
>> How do we turn off the request for the client certificate in IE?
>>
>> Here are my details....thanks in advance.
>>
>> #vi /etc/stunnel/stunnel.conf
>> verify=0
>> CAfile=/etc/ssl/certs/chain.pem
>> cert=/etc/ssl/certs/multidomain.pem
>> CApath=/etc/ssl/certs/
>>
>> pid = /etc/stunnel/stunnel.pid
>> debug = 3
>> output = /etc/stunnel/stunnel.log
>>
>> socket=l:TCP_NODELAY=1
>> socket=r:TCP_NODELAY=1
>>
>> client=no
>>
>> [https]
>> accept=192.168.11.32:443
>> connect=localhost:444
>> TIMEOUTclose=0
>> xforwardedfor=yes
>>
>> #usr/local/bin/stunnel -version
>> stunnel 4.32 on x86_64-unknown-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
>> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
>>
>> Global options
>> debug = daemon.notice
>> pid = /usr/local/var/run/stunnel/stunnel.pid
>> RNDbytes = 64
>> RNDfile = /dev/urandom
>> RNDoverwrite = yes
>>
>> Service-level options
>> cert = /usr/local/etc/stunnel/stunnel.pem
>> ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
>> session = 300 seconds
>> stack = 65536 bytes
>> sslVersion = SSLv3 for client, all for server
>> TIMEOUTbusy = 300 seconds
>> TIMEOUTclose = 60 seconds
>> TIMEOUTconnect = 10 seconds
>> TIMEOUTidle = 43200 seconds
>> verify = none
>>
>>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>
--
View this message in context: http://old.nabble.com/%22choose-a-digital-certificate%22-pop-up-in-IE-tp28607531p28608649.html
Sent from the Stunnel - Users mailing list archive at Nabble.com.
More information about the stunnel-users
mailing list