On 5/11/10 9:39 AM, Ross Walker wrote: > > As for the SSL part, you can monitor traffic over it in a couple of > ways. For internal services being served out you can have the SSL > connection terminate at the gateway and the gateway establish an > internal SSL connection to the service. For internal clients > connecting to external services I have used SSL inspectors, these > basically initiate an SSL connection to the destination, take the > certificate, generate a per-destination itself and pass that to the > client, basically acting as a man in the middle, as long as the > gateway/inspector is a trusted intermediate CA and the subject is > preserved then the client doesn't have a problem with it. I believe this is one of the methods that was looked at to enable ISPs to filter/censor/log SSL connections should the government policies become legislation here. Except for all outbound connections. The rest of us call it a MitM (when used for outbound or between third parties, not in your example). Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20101105/84f5de49/attachment-0005.sig>