tis 2007-06-19 klockan 17:15 -0400 skrev Vootla, Bhagwan: > by running 'openssl s_client -connect ldap:636' I got to see the exact > Common Name (CN) and had specify in the command like above. > > I got to see successful ldaps connections on my ldap server. Hopefully > -Z is no more needed for me. Please correct me if I am wrong. -Z is more modern than ldaps. But either method works. > To avoid sending plain text from browser to Squid proxy, I created a ssh > tunnel using my putty(from localhost port 8080 to proxy:8080), And I > specified localhost in the browser. This seems to be working fine, > except that I need to keep the putty session open always. I would use stunnel to set up an SSL wrapper between the client and Squid. If you have logon scripts it's just a matter of getting an stunnel setup, and starting it from the logon script. http://www.stunnel.org/ connecting to an https_port on Squid. this way you upgrade the browsers to be capable of SSL encrypting the proxy connections. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
