tor 2007-06-14 klockan 07:47 -0400 skrev Vootla, Bhagwan: > 1) I have read that SSL encryption can be achieved from proxy > server to ldap server only. How can I achieve from browser to proxy > server ? Squid has all the support that is needed on the proxy side of things for this, by using the https_port directive. However, there is no known browsers supporting SSL to proxies. > 2) I created a cert in /etc/openldap/cacerts/cert.pem. How do I > tell squid_ldap_auth to use this cert and encrypt the password. (my ldap > server listens on 389,636 ports). By asking it to use TLS. > I also tried with -Z option from the command line, But I get "Could not > Activate TLS connection" Then it probably didn't find the CA certificate. /etc/openldap/cacers is an openssl hashed certificate directory. It's not sufficient to just place the certificate file there, it also needs to be named properly for OpenSSL to find it.. There is a tool somewhere which sets up symbolic links for the hashed certificate names, unfortunately I don't remember it's name. But the following should work: cd /etc/openldap/cacerts/ ln cert.pem `openssl x509 -in cert.pem -hash -noout`.0 Also make sure the file is world-readable. chmod a+r cert.pem Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
