[stunnel-users] "choose a digital certificate" pop-up in IE

KumpelJ bender.thomas at web.de
Wed May 19 17:42:01 CEST 2010


of course i've considered these points but it does not work :/


Lars Braeuer-2 wrote:
> 
> Hello Thomas,
> 
> did you empty the cache of MSIE6 or did you restart the browser before
> trying again?
> 
> Another stupid question: Did you restart stunnel properly? Check if the
> pid is really different
> after the restart in order to make sure stunnel is not hanging around just
> pretending it did a restart.
> 
> Best regards,
> 
> Lars Bräuer
> -- 
> MPeX.net GmbH / Werner-Voß-Damm 62  / D-12101 Berlin / Germany
> MPeXnetworks / www.mpexnetworks.de
> Tel: ++49-30-78097 180 / Fax: ++49-30-78097 181
> 
> Sitz, Registergericht: Berlin, Amtsgericht Charlottenburg, HRB 76688
> Geschäftsführer: Lars Bräuer, Gregor Lawatscheck, Dr. Robert Lawatscheck
> 
> Am 19.05.2010 15:56, schrieb KumpelJ:
>> 
>> Hello Lars,
>> 
>> thansk for your reply.
>> 
>> Unfortunately this is not working..:(
>> 
>> popup still says: http://img266.imageshack.us/img266/7016/ie1we9.gif
>> ..so the problem seems to be that the server asks the client/browser to
>> identify himself (but only with Internet Explorer 6?)...but I find no
>> configuration to turn this off.
>> 
>> 
>> 
>> Lars Braeuer-2 wrote:
>>>
>>> Hi Thomas,
>>>
>>> try the following settings in the global section of your config:
>>>
>>> sslVersion = all
>>> options = NO_SSLv2
>>>
>>> The default config seems to have just SSLv3 enabled. Some Internet
>>> Explorer versions only work if
>>> TLSv1 is enabled, at least as long as SSLv2 is disabled.
>>>
>>> Best regards,
>>>
>>> Lars Bräuer
>>> -- 
>>> MPeX.net GmbH / Werner-Voß-Damm 62  / D-12101 Berlin / Germany
>>> MPeXnetworks / www.mpexnetworks.de
>>> Tel: ++49-30-78097 180 / Fax: ++49-30-78097 181
>>>
>>> Sitz, Registergericht: Berlin, Amtsgericht Charlottenburg, HRB 76688
>>> Geschäftsführer: Lars Bräuer, Gregor Lawatscheck, Dr. Robert Lawatscheck
>>>
>>> Am 19.05.2010 14:30, schrieb KumpelJ:
>>>>
>>>> Hello
>>>>
>>>> I have browsed the archives but have not found the answer to this
>>>> question...
>>>>
>>>> I have stunnel set up to handle https connections. It sits on a Debian
>>>> server alongside HAProxy and works fine with every browser except for
>>>> Internet Explorer.
>>>>
>>>> When I connect with Internet Explorer, I get a blank "Please choose a
>>>> digital certificate" pop-up.
>>>>
>>>> How do we turn off the request for the client certificate in IE?
>>>>
>>>> Here are my details....thanks in advance.
>>>>
>>>> #vi /etc/stunnel/stunnel.conf
>>>> verify=0
>>>> CAfile=/etc/ssl/certs/chain.pem
>>>> cert=/etc/ssl/certs/multidomain.pem
>>>> CApath=/etc/ssl/certs/
>>>>
>>>> pid = /etc/stunnel/stunnel.pid
>>>> debug = 3
>>>> output = /etc/stunnel/stunnel.log
>>>>
>>>> socket=l:TCP_NODELAY=1
>>>> socket=r:TCP_NODELAY=1
>>>>
>>>> client=no
>>>>
>>>> [https]
>>>> accept=192.168.11.32:443
>>>> connect=localhost:444
>>>> TIMEOUTclose=0
>>>> xforwardedfor=yes
>>>>
>>>> #usr/local/bin/stunnel -version
>>>> stunnel 4.32 on x86_64-unknown-linux-gnu with OpenSSL 0.9.8g 19 Oct
>>>> 2007
>>>> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
>>>>  
>>>> Global options
>>>> debug           = daemon.notice
>>>> pid             = /usr/local/var/run/stunnel/stunnel.pid
>>>> RNDbytes        = 64
>>>> RNDfile         = /dev/urandom
>>>> RNDoverwrite    = yes
>>>>  
>>>> Service-level options
>>>> cert            = /usr/local/etc/stunnel/stunnel.pem
>>>> ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
>>>> session         = 300 seconds
>>>> stack           = 65536 bytes
>>>> sslVersion      = SSLv3 for client, all for server
>>>> TIMEOUTbusy     = 300 seconds
>>>> TIMEOUTclose    = 60 seconds
>>>> TIMEOUTconnect  = 10 seconds
>>>> TIMEOUTidle     = 43200 seconds
>>>> verify          = none
>>>>
>>>>
>>> _______________________________________________
>>> stunnel-users mailing list
>>> stunnel-users at mirt.net
>>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>>
>>>
>> 
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> 
> 

-- 
View this message in context: http://old.nabble.com/%22choose-a-digital-certificate%22-pop-up-in-IE-tp28607531p28610117.html
Sent from the Stunnel - Users mailing list archive at Nabble.com.




More information about the stunnel-users mailing list