tor 2007-06-14 klockan 07:47 -0400 skrev Vootla, Bhagwan:
> 1) I have read that SSL encryption can be achieved from proxy
> server to ldap server only. How can I achieve from browser to proxy
> server ?
Squid has all the support that is needed on the proxy side of things for
this, by using the https_port directive.
However, there is no known browsers supporting SSL to proxies.
> 2) I created a cert in /etc/openldap/cacerts/cert.pem. How do I
> tell squid_ldap_auth to use this cert and encrypt the password. (my ldap
> server listens on 389,636 ports).
By asking it to use TLS.
> I also tried with -Z option from the command line, But I get "Could not
> Activate TLS connection"
Then it probably didn't find the CA certificate. /etc/openldap/cacers is
an openssl hashed certificate directory. It's not sufficient to just
place the certificate file there, it also needs to be named properly for
OpenSSL to find it..
There is a tool somewhere which sets up symbolic links for the hashed
certificate names, unfortunately I don't remember it's name. But the
following should work:
cd /etc/openldap/cacerts/
ln cert.pem `openssl x509 -in cert.pem -hash -noout`.0
Also make sure the file is world-readable.
chmod a+r cert.pem
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT