|
| |
| Sun Java System Portal Server 6 2004Q2 �z���n | |
�� 19 ��
�]�w Portal Server �H�ϥΦw���~�� LDAP �ؿ��A���b�w�]�w�ˤ��ASun Java™ System Portal Server�BSun Java™ System Identity Server �M Sun Java™ System Directory Server �n�鳣�O�b�ۦP�D��W���C�M�ӡA�ھڳ��p���į�B�w���ʻP��X�ݨD�A�z�i�H�b�W�ߡB�~�����D��W���ؿ��A���A�èϥΦw���M���h (SSL) �b�w���s���W�� Portal Server �s��ؿ�C���F�z�L�w���s�u�s�� Directory Server�ASun Java™ System Application Server �����t�m���H��ñ�p�ؿ��ҮѪ��{�Ҿ�c�C
�]�w Sun Java System Portal Server �H�ϥΥ~�� LDAP �ؿ�A�ݭn���U�C�{�ǡG
�Y�n�t�m Directory Server �H�b SSL �U���
- ���� Directory Server (ns-slapd �{��) �P�z��A�� (ns-httpd �{��) �O�_�w�ҰʻP���C
- �H�W�ŨϥΪ̪�����A�b�ݾ��Ұʥؿ��A���D���x�A��k�O��J�G
/var/opt/mps/serverroot/startconsole
- �b��ܪ��n�J���A��J admin �@�� Directory Server ���ϥΪ̦W�ٻPpassphrase�C
- �b�D���x�������椤�A�i�}�ؿ��b [��A���s��] �U�ݨ� Directory Server ��ҡC
- ��� Directory Server ��Ҩë�@�U [�}��]�C
- ��� [���] ������ [�z�Ү�]�C
�Ĥ@�����o�ӥ�ȮɡA�t�η|�n�D�z��J�K�X�H�إ��ҮѸ�Ʈw�C�O��o�ӱK�X�A�]������|�ݭn�o�ӱK�X�Ұ� Directory Server�C
- ��@�U [�ШD]�C
�|�X�{ [�ҮѽШD���F]�C��Ӻ��F����ܨç����o�ǨB�J�H�����ҮѽШD�C�ШD�|�ǰe��u�ҮѺz��A�� (CMS)�v�H��o�\�i�CCMS �|�Ǧ^�u�����ҮѡC�x�s�ҮѽШD�ƥ��A��k�O�N�ШD��ƽƻs���ɮסC
- �b�ҮѽШD�ǰe�� CMS ����ACMS �z��|�{�i�ШD�ñN�w�{�i���ҮѶǦ^�C
- ��o�w���ͪ� DS �ҮѻP CMS �ҮѡC
�]�� CMS �|�� DS �����ҮѡA�ҥH CMS �]�����Q�H��A��k�O�N���Үѧ@���� CA �פJ�C
- ��� [�z�Ү�]�B[��A���Ү�]�A�M���@�U [�w��]�C
�|�X�{ [�ҮѦw�˽ШD���F]�C
- �N�w�\�i���ҮѸ�Ʊq�B�J 8 �ƻs�öK�W�ܤ�r�ϰ�ÿ�u���F��ܪ��B�J�H�w���ҮѡC
���\�w���ҮѤ���A�Үѷ|�H�Ӷ�������ܩ� [��A���Ү�] ���ҤW�C
- �}�� [�z�Ү�] ��A��� [CA �Ү�] ���ҡC
�p�G�z�b�B�J 9 ���q����o�ҮѪ� CA �i�H�b CA �ҮѲM�椤���A�z�N���ݭn�b�ӲM�椤�w���ҮѡC
�p�G�ҮѨå��b�M�椤�A�z�ݭn�z�L�z���{�Ҿ�c��o�� CA �ҮѨå[�H�w�ˡC
- ��@�U [��] �H�� [�z�Ү�] ��C
- ��� [�t�m] ���ҡC
- �b [���] ���Ҥ�����άO�b [�[�K�s����] ��줤��w���Ī��s����s���A�ë�@�U [�x�s]�C
�w�]�s���� 636�C
- ��@�U [�[�K] ���ҡA���o�Ӧ�A���֨� [�ҥ� SSL] �èϥΥ[�K�t�C�GRSA �֨���ë�@�U [�x�s]�C
- ���s�Ұ� Directory Server �ô��Ѧb�B�J 6 ����J���ҮѸ�Ʈw�K�X�C
�z���ؿ�{�b����ť�� SSL �s���� 636 �s���� (�w�])�C
�Y�n�إ߫H���Ʈw
�إ߫H���Ʈw�ɡA�z�n��w�N�Ω�K�_���ɮת��K�X�C�z�]�ݭn���K�X�Ұʦ�A���A��k�O�ϥΥ[�K���q�T�C
�z�إP�x�s���}�P�p�H�K�_���ҮѸ�Ʈw�٬��K�_���ɮסC�K�_���ɮ|�Ω� SSL �[�K�C��ШD�P�w�˦�A���ҮѮɷ|�ϥαK�_���ɮסC�b�w�˫��Үѷ|�x�s�b�ҮѸ�Ʈw���C
�إ��ҮѸ�Ʈw���{�Ƿ|�ھڨϥΪ� Web �e�������өw�C�U�C�O�b Sun Java System Application Server �W�إ��ҮѸ�Ʈw����ܡC�z�]�i�H�b http://docs.sun.com ���uSun Java System Application Server 7 Administration Guide to Security�v��������C
����b Sun Java System Web Server �إ��ҮѸ�Ʈw������A�i�H�b http://docs.sun.com ���uSun Java system Web Server, Enterprise Edition Administration Guide�v���C
����b Sun Java System Application Server �إ��ҮѸ�Ʈw������A�Цb�z���������U�C�B�J�G
�ϥ� password.conf �ɮ�
�p�G�z�Ʊ� SSL/TLS �ҥΪ� Sun ONE Application Server �b�w�� SSL �t�m�ɯ��۰ʭ��s�ҰʡA�z�i�H�N�H���Ʈw�K�X�x�s�b password.conf �ɮפ��C
���� password.conf �ɮת��i�@�B��T�A�i�H�b�uSun ONE Application Server Administrator s Configuration File Reference�v�����uUsing the password.conf File�v�����C
�@��Ө��A�z����ϥ� /etc/rc.local �� /etc/inittab �ɮױҰʤw�ҥ� Unix SSL ����A���A�]����A���b�Ұʤ��e�ݭn��J�K�X�C��M�p�G�z�N�K�X�O�s�b�@�ӯ¤�r�ɤ��A�N�i�H�۰ʱҰʤw�ҥΪ� SSL ��A���A��M����ij�z�ϥγo�Ӥ�k�C��A���� password.conf �ɮ�3�Ӷ��ݩ�کΦw�˦�A�����ϥΪ̡A�u���Ҧ��H�~�i�H�i��Ū��P�g�J�C�b Unix �W�A�b password.conf �ɮפ��O�d�w�ҥ� SSL ��A�����K�X���ܤj���w�����I�C�i�H�s���ɮת��H�֦��s��w�ҥ� SSL ��A�����K�X�C�b password.conf �ɮפ��O�s�w�ҥ� SSL ��A���K�X���e�A�ЦҼ{�w�����I�C
�w�ˮڻ{�Ҿ�c (CA) �Ү�
�w�ˮ� CA �ҮѪ��{�Ƿ|�ھڨϥΪ� Web �e�������өw�C
�U�C�{�ǻ���p��b Sun Java System Application Server �W�w�ˮ� CA�C�z�]�i�H�b http://docs.sun.com ���uSun Java System Application Server 7 Administration Guide to Security�v�������C
����b Sun Java System Web Server �w�ˮ� CA ������A�i�H�b http://docs.sun.com �����uSun Java System Web Server, Enterprise Edition Administration Guide�v���C
�����ҮѪ��ӷ��P�z��o�� CA �ҮѪ��ӷ��ۦP�C
�Y�n�q CA �w���ҮѡA�Цb�z���������U�C�B�J�G
- �b�����椤�s�� App Server ��Ҩÿ���A����ҡC
- �s��w���ʡC
- ��� [�ҮѺz]�C
- ��@�U [�w��] �s���C
�N�|��� [�w�˦�A���Ү�]�C
- �� CA ���Үѿ�ܥi�H��{�Ҿ�c (CA)�A�ӱz�|����{�Ҿ�c�@���Τ�ݻ{�Ҫ���H�� CA�C
- �бq�U�Ԧ��M�椤���[�K�ҲաC
- ��J�K�_���ɮת��K�X�C
- �p�G�ҮѬO����A����ҨϥΪ��ߤ@�ҮѡA�бN�Ү����W�٫O�d�ťաA���D�G
- ���&�A���N�ϥΦh���ҮѡC�p�G�O�o�ر��p�A�п�J�b��A����Ҥ��ߤ@���ҮѦW�١C
- �ϥΤF�P�������P���[�K�ҲաC�p�G�O�o�ر��p�A�п�J�b��@�[�K�Ҳժ��Ҧ���A����Ҥ��ߤ@���ҮѦW�١C
�p�G�w�g��J�W�١A�ӦW�ٱN�|��ܦb [�z�Ү�] �M�椤�A�ӥB��y�z�ʡC�Ҧp�AUnited States Postal Service CA �O CA ���W�١F�� VeriSign Class 2 Primary CA �h�P�ɴy�z CA �M�Ү������C
- ��ܤ@�ءG
- ��@�U [�T�w]�C
- ��� [�s�W�Ү�] �H�w�˷s���ҮѡC
- �b�����椤�s�� App Server ��һP��A����ҡA�M���@�U [�M���ܧ�]�C
- ����í��s�Ұʦ�A���ϤW�z�ܧ�ͮġC�Үѷ|�x�s�b��A�����ҮѸ�Ʈw���C�ɮצW�ٱN�|�O cert8.db�C
�ҥ� Identity Server �H�K�Q�� SSL �P Directory Server �q�T
�Y�n�� Directory Server �ҥ� SSL�A�нs�� /etc/opt/SUNWam/config/AMConfig.properties �ɮסC���B�J�P�e���L��A�ӥB Sun Java System Web Server �H�� Sun Java System Application Server ��������榹�B�J�C
�NAMConfig.properties �ɮת��U�C�]�w�q�G
com.iplanet.am.directory.ssl.enabled=false
com.iplanet.am.directory.host=server12.example.com (if it needs to be changed)
com.iplanet.am.directory.port=389
�ܬ�
com.iplanet.am.directory.ssl.enabled=true
com.iplanet.am.directory.host=server1.example.com
com.iplanet.am.directory.port=636 (port on which DS uses encryption)
�b identity-server-install-dir/SUNWam/config/ums/serverconfig.xml �ɮפ��ܧ�s�u�s����P�s�u�����ȡA�N���}�Ҧ��ܧ� SSL�C
�s�� serverconfig.XML �ɮרñN�U�C�U��q�G
�ܬ��G
�b������ serverconfig.xml �ɮשҰ����ܧ�A�Э��s�Ұ� Web �e���C