tis 2007-06-19 klockan 17:15 -0400 skrev Vootla, Bhagwan:
> by running 'openssl s_client -connect ldap:636' I got to see the exact
> Common Name (CN) and had specify in the command like above.
>
> I got to see successful ldaps connections on my ldap server. Hopefully
> -Z is no more needed for me. Please correct me if I am wrong.
-Z is more modern than ldaps. But either method works.
> To avoid sending plain text from browser to Squid proxy, I created a ssh
> tunnel using my putty(from localhost port 8080 to proxy:8080), And I
> specified localhost in the browser. This seems to be working fine,
> except that I need to keep the putty session open always.
I would use stunnel to set up an SSL wrapper between the client and
Squid. If you have logon scripts it's just a matter of getting an
stunnel setup, and starting it from the logon script.
connecting to an https_port on Squid.
this way you upgrade the browsers to be capable of SSL encrypting the
proxy connections.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT