SSL �M TLS ��w�䴩�U�إΩ��A���M�Τ�ݬۤ��{�ҡB�ǿ���ҩM�إ߶��q�@�~�K�_���K�X�C�Τ�ݩM��A���i�H�䴩�U�رK�X�թαK�X���A�o��M��U�ئ]�!A�Ҧp�Ҥ䴩����w�B���q����[�K�j�ת������H�άF����[�K�n�骺�X�f����C�b��L��Ƥ��ASSL �M TLS �洫��w�N�M�w��A���M�Τ�ݦp��өw�ΨӶi��q�T���K�X�աC
�ϥ� SSL �P LDAP �q�T
�z3�ӭn�D Administration Server �ϥ� SSL �P LDAP �i��q�T�C
�b Administration Server �W�ҥ� SSL
- �s�� Administration Server�A�M���@�U [Global Settings] ���ҡC
- ��@�U [Configure Directory Service] �s���C
- �b��ܪ���椤��@�U�ؿ�A�Ȫ��s���C�N��� [Configure Directory Service] �����C�Y�|���إ߰�� LDAP ���ؿ�A�ȡA�бq [Create New Service of Type] �U�Ԧ��M�椤��� [LDAP Server]�A�M���@�U [New] �Ӱt�m�ؿ�A�ȡC�p�ݧ�h����w���� LDAP ���ؿ�A�ȩ���ܪ��S�w��쪺��T�A�аѾ\�u�W����C
- ��� [Yes] �H�ϥ� SSL �i��s�u�A�M���@�U [Save Changes]�C
�g�L Proxy Server �إ� SSL �q�D
��z�H����V��� Proxy Server (�N�z��A��) �B�Τ�ݽШD�g�L�N�z��A���P�w����A���i�� SSL �s�u�ɡA�N�z��A���N�}�Ҥ@�s�V�w����A�����s�u�A�M��ƻs��V����ơA�Ӥ��z�Z�w���@�~�ƥ�C���{�Ǻ٬��إ� SSL �q�D�A�Ш��U�Ϫ�����C
�� 5-1 �ϥ� SSL �s�u�ɡAProxy Server �L�k�˵�ۤv�ǿ骺��ơC
�Y�n�N SSL �q�D�P HTTPS URL �t�X�ϥΡA�Τ�ݥ����䴩 SSL �P HTTPS�CHTTPS �O�z�L�N�@�� HTTP �P SSL �t�X�ϥι�@�Ӧ����C���䴩 HTTPS ���Τ�ݤ��i�ϥ� Proxy Server �� HTTPS �N�z�\��s�� HTTPS ���C
SSL �q�D�O�@�ؤ��|�v�T3�ε{���h�� (HTTPS) ���C���@�~�CSSL �q�D���w���ʬ۷��L�N�z�� SSL�C�s�b��䶡���N�z��A�����|�H���覡�묹�w���ʩέ��C SSL ���\��ʡC
���F SSL�A��Ƭy�N�Q�[�K�A�ϥN�z��A���L�k�s���ڪ��@�~�ƥ�C�]���A�s��O��K���|�C�X�q���ݦ�A�����������A�X�μ��Y��סC�p����i�קK�N�z��A���Υ���L�ĤT����ť�@�~�ƥ�C
�]���N�z��A������L�k�˵��ơA�]���Y�L�k���ҥΤ�ݻP���ݦ�A�������ҥ�y����w�O SSL�C�o�N��ۥN�z��A����L�k�����L��w�q�L�C�z3���w SSL �s�u�u�q���� Internet Assigned Numbers Authority (IANA) �ҫ�w���ۦW SSL �s����A��Y�s���� 443 (HTTPS) �γs���� 563 (SNEWS)�C�Y�����I�b��L�s����W���w����A���A�z�i��T�]�w�ҥ~���p�A�H���\�s�u��Y�ǥD��W����L�s����C�W�z�@�~�O�ϥ� connect://.* �귽�������C
��ڤW�ASSL �q�D�\��O�@�ؤ@�몺�B���� SOCKS ���\��A�P��w�L��A�]���z��i���L�A�ȨϥΦ��\��CProxy Server �i���䴩 SSL �����3�ε{���B�z SSL �q�D�A���ȭ��� HTTPS �P SNEWS ��w�C
�t�m SSL �q�D
�U�C�{�Ǵy�z�p��t�m Proxy Server �Өϥ� SSL �q�D�C
�t�m SSL �q�D
- �s��Y��A����Ҫ� Server Manager�A�M���@�U [Routing] ���ҡC
- ��@�U [Enable/Disable Proxying] �s���C
- �q�U�Ԧ��M���� connect://.*.443 �귽�Cconnect:// ��k�O�@�ؤ����N�z��A����ܪk�A���s�b��N�z��A���~�C�p�ݦ��� connect ����h��T�A�аѾ\ SSL �q�D���ԲӧN�ʸ�������U�C�y�z�C�Y�n���\�s�u���L�s����A�z�i�ϥνd�������� URL ���ˡC�p�ݦ���d������h��T�A�аѾ\�z�d���M�귽�C
- ��� [Enable Proxying Of This Resource]�A�M���@�U [OK]�C
|
|
�`�N
|
�Y�N�z��A���t�m��~�A�h�i��|�ݥ� SSL �N�z��A���ӧ��� telnet ���D�C��L�H�i�ϥΥN�z��A���� telnet �s�u��ܬ��ӦۥN�z��A���D��A�ӫD��ڪ��s�u�D��C�o�]���O�z���ह�\�ϥιL�h�D���n���s����A�B�����b�N�z��A���W�ϥΦs��� (���w�Τ�ݥD��) ����]�C
|
|
SSL �q�D���ԲӧN�ʸ��
�N����Ө��ASSL �q�D�ϥ� CONNECT ��k�A�H�ؼХD��W�٤γs���X�����ѼơA�ᱵ�ťզ�G
CONNECT energy.example.com:443 HTTP/1.0
���۴N�O�Ӧ� Proxy Server �����\�^�СA�ᱵ�@�ťզ�G
HTTP/1.0 200 Connection established
Proxy-agent: Sun-Java-System-Web-Proxy-Server/4.0
�Τ�ݻP���ݦ�A�������s�u�H�Y�إߡA��ƥi��V�ǿ�A���ܥ�@����s�u����C
��ڤW�A���F�q�H URL ���ˬ���¦���зǰt�m����q�A�D��W�٩M�s���X (energy.example.com:443) �Q�۰ʹ�M�ܤ@ URL�A�p�G
connect://energy.example.com:443
connect:// �ȬO Proxy Server �ϥΪ��@�ؤ�����ܪk�A�ΥH�ϰt�m��²��A�B�P��L URL ���ˤ@�P�C�b Proxy Server �~�Aconnect URL �ä��s�b�A�Y Proxy Server �q������o�˪� URL�A�|�N����L�ġA�B�ڵ��惡�ШD���ѪA�ȡC
����ť�q�T�ݱҥΦw����
�z�i�H�z�L�H�U�覡�ӫO�@��A����ť�q�T�ݪ��w���G
- �}�Ҧw����
- ����ť�q�T�ݿ���A������
- ���K�X
�}�Ҧw����
�z������}�Ҧw���ʥ\��A�M��~�ର��ť�q�T�ݰt�m��L�w���ʳ]�w�C�z�i�H�b�إ߷s����ť�q�T�ݩνs��{����ť�q�T�ݮɶ}�Ҧw���ʡC
�Y�n�b�إ߰�ť�q�T�ݮɶ}�Ҧw����
- �s�� Administration Server �� Server Manager�A�M���@�U [Preferences] ���ҡC
- ��@�U [Add Listen Sockets] �s���C
- ��J�ݭn����T�C�Y�n�}�Ҧw���ʡA�бq [Security] �U�Ԧ��M�椤��� [Enabled]�A�M���@�U [OK]�C�Ъ`�N�A�p�G�|���w�˦�A�����ҡA�h�u���� [Disabled]�C�p�ݦ���S�w�]�w����h��T�A�аѾ\�u�W����C
|
|
�Ƶ�
|
�b�إ߰�ť�q�T�ݫ�A�Шϥ� [Edit Listen Sockets] �s���t�m�w���ʳ]�w�C
|
|
�Y�n�b�s�谻ť�q�T�ݮɶ}�Ҧw����
- �s�� Administration Server �� Server Manager�A�M���@�U [Preferences] ���ҡC
- ��@�U [Edit Listen Sockets] �s���C
- ��@�U�z�n�s�誺��ť�q�T�ݪ��s���C
- �Y�n�}�Ҧw���ʡA�бq [Security] �U�Ԧ��M�椤��� [Enabled]�A�M���@�U [OK]�C�Ъ`�N�A�p�G�|���w�˦�A�����ҡA�h�u���� [Disabled]�C
����ť�q�T�ݿ���A������
�z�i�H�b Administration Server �� Server Manager ���N��ť�q�T�ݰt�m���ϥαz�w�ӽШæw�˪���A�����ҡC
�Y�n����ť�q�T�ݿ���A������
- �s�� Administration Server �� Server Manager�A�M���@�U [Preferences] ���ҡC
- ��@�U [Edit Listen Sockets] �s���C
- ��@�U�z�n�s�誺��ť�q�T�ݪ��s���C
- �Y�n�}�Ҧw���ʡA�бq [Security] �U�Ԧ��M�椤��� [Enabled]�A�M���@�U [OK]�C�Ъ`�N�A�p�G�|���w�˦�A�����ҡA�h�u���� [Disabled]�C
- ��� [Enabled] �ë�@�U [OK] ��A�бq��ť�q�T�ݪ� [Server Certificate Name] �U�Ԧ��M�椤����A�����ҡA�M��A��@�U [OK]�C
���K�X
�Y�n�O�@ Proxy Server ���w���A3�ӱҥ� SSL�C�z�i�H�ҥ� SSL 2.0�BSSL 3.0 �M TLS �[�K��w�ÿ��U�رK�X�աC�i�H�� Administration Server ����ť�q�T�ݱҥ� SSL �M TLS ��w�C�� Server Manager ����ť�q�T�ݱҥ� SSL �P TLS �۷�S�w��A����ҳ]�w�F�w���ʳߦn�]�w�C�����ܤ֦w�ˤ@�Ӿ��ҡC
|
|
�Ƶ�
|
�ﰻť�q�T�ݱҥ� SSL �ȾA�Ω�ϦV�N�z��A���*R�ť��C��Y�A�ȷ� Proxy Server �Q�t�m�����ϦV�N�z�ɡA�~��ﰻť�q�T�ݱҥ� SSL�C
|
|
�w�]�]�w���\�ϥγ̱`�Ϊ��K�X�C���D�z�����ϥίS�w�K�X�ժ��R�2z�ѡA�_�h�z3�������C�p�ݦ���S�w�K�X����h��T�A�аѾ\�uIntroduction to SSL�v�C
[TLS Rollback] ���w�]�Ϋ�ij�]�w�� [Enabled]�C�o�N��A���t�m������I�����^�_��;���xաC���F�P�Y�ǥ����T��@ TLS �W�檺�Τ�ݹ�{���q�ʡA�i��ݭn�N���ȳ]�w�� [Disabled]�C
�Ъ`�N�A���� TLS �^�_�N�ɭP�s�u��D��^�_��;�C�����^�_��;�O�@�ؾ��A�ĤT��i�H�z�L�o�ؾ��j��Τ�ݩM��A���ϥΦw���ʸ�C�����h�w (�Ҧp SSL 2.0) �i��q�T�C�ѩ� SSL 2.0 ��w���s�b���Ҷg�����ʳ��A�]���L�k����쪩���^�_��;�A�o�N�ϲĤT���e��I��M�ѱK�[�K���s�u�C
�ҥ� SSL �M TLS
- �s�� Administration Server �� Server Manager�A�M���@�U [Preferences] ���ҡC
- ��@�U [Edit Listen Sockets] �s���A�M��A��@�U�n�s�誺��ť�q�T�ݪ��s���C�w����ť�q�T�ݥi�ϥΪ��K�X�]�w�N��ܥX�ӡC
|
|
�Ƶ�
|
�p�G���ﰻť�q�T�ݱҥΦw���ʡA�h���|�C�X��� SSL �M TLS ��T�C�Y�n�ϥαK�X�A�аȥ�����ť�q�T�ݱҥΦw���ʡC�p�ݧ�h��T�A�аѾ\����ť�q�T�ݱҥΦw�����C
|
|
- �֨�һݥ[�K�]�w��3���֨���A�M���@�U [OK]�C
|
|
�Ƶ�
|
��� Netscape Navigator 6.0�A�ЦP�ɿ�� [TLS] �M [SSL 3.0]�C��� TLS �^�_�A�]�n��� TLS�A�ýT�w�w���� SSL 3.0 �M SSL 2.0�C
|
|
�b��A���W�ҥ� SSL ��A�� URL �N�ϥ� https�A�ӫD http�C��V�w�ҥ� SSL ����A���W��� URL �榡�p�U�G
https://servername.domain.dom:port
�Ҧp�Ahttps://admin.example.com:443�C
�p�G�ϥιw�]���w�� HTTP �s���� (443)�A�h�L���b URL ����J�s���X�C
����t�m�w����
�w�ˤw�ҥ� SSL ����A���ɡA�|�b magnus.conf �ɮ� (��A�����D�t�m�ɮ�) ��������w���ʰѼƫإ߫�O���ءC
�]�w SSL �t�m�ɮ�O����
- �w��Y��A����Ҧs�� Server Manager�C
- ��ʽs�� magnus.conf �ɮסA�M��w��U�C�]�w��J�ȡG
- SSLSessionTimeout
- SSLCacheEntries
- SSL3SessionTimeout
�o�� SSL �t�m�ɮ�O�p�U�ҭz�G�p�ݦ��� magnus.conf ����h��T�A�аѾ\�uProxy Server Configuration File Reference�v�C
SSLSessionTimeout
SSLSessionTimeout ��O�Ω� SSL 2.0 ���q�@�~���֨�C
�y�k
SSLSessionTimeout seconds
�䤤 seconds �O�֨� SSL ���q�@�~�O��Ī���ơC�w�]�Ȭ� 100�C�p�G��w�F SSLSessionTimeout ��O�A��ƪ��ȱN�۰ʭ��w�� 5 �� 100 �����C
SSLCacheEntries
��w�i�H�֨� SSL ���q�@�~���ƥءC
SSL3SessionTimeout
SSL3SessionTimeout ��O�Ω� SSL 3.0 �M TLS ���q�@�~���֨�C
�y�k
SSL3SessionTimeout seconds
�䤤 seconds �O�֨� SSL 3.0 ���q�@�~�O��Ī���ơC�w�]�Ȭ� 86400 �� (24 �p��)�C�p�G��w�F SSL3SessionTimeout ��O�A��ƪ��ȱN�۰ʭ��w�� 5 �� 86400 �����C
�ϥΥ~���[�K�Ҳ�
Proxy Server �䴩�H�U�ϥΥ~���[�K�Ҳ� (�p���z�d�ΰO������) ����k�G
�Ұ� FIPS-140 �[�K�зǤ��e�A�����W�[ PKCS #11 �ҲաC
���`�]�t�H�U�D�D�G
�w�� PKCS #11 �Ҳ�
Proxy Server �䴩���}�K�_�[�K�з� (PKCS) #11�A���зǩw�q�F�b SSL �M PKCS#11 �Ҳդ����q�T�ҨϥΪ������CPKCS #11 �ҲեΩ��{�P SSL �w��[�t�������зǪ��s���C�~���w��[�t�����פJ���ҩM�K�_�x�s�b secmod.db �ɮפ��A���ɮO�b�w�� PKCS #11 �Ҳծɲ��ͪ��C�ɮצ�� server_root/alias �ؿ�C
�ϥ� modutil �w�� PKCS #11 �Ҳ�
�i�H�ϥ� modutil �u��H .jar �ɮשΪ����ɮת��Φ��w�� PKCS #11 �ҲաC
�ϥ� modutil �w�� PKCS #11 �Ҳ�
- �T�w�w����Ҧ���A�� (�]�A Administration Server)�C
- �i�J�]�t��Ʈw�� server_root/alias �ؿ�C
- �N server_root/bin/proxy/admin/bin �W�[�� PATH ���C
- �b server_root/bin/proxy/admin/bin ����� modutil�C
- �]�w��ҡC�Ҧp�G
- �b UNIX �W�Gsetenv
LD_LIBRARY_PATH server_root/bin/proxy/lib:${LD_LIBRARY_PATH}
- �b Windows �W�A�N�H�U���e�W�[�� PATH
LD_LIBRARY_PATH server_root/bin/proxy/bin
�z�i�H�b�H�U�ؿ���z�q���� PATH�Gserver_root/proxy-admserv/start�C
- ��J��O�Gmodutil�C�N�C�X�U�ؿﶵ�C
- ���һݪ��ʧ@�C
�Ҧp�A�Y�n�b UNIX ���W�[ PCKS #11 �ҲաA�п�J�G
modutil -add (PKCS#11 �ɮת��W��) -libfile (PKCS #11 �� libfile) -nocertdb -dbdir . (�z�� db �ؿ�)
�ϥ� pk12util
�ϥ� pk12util �i�H�q������Ʈw���ץX���ҩM�K�_�A�ñN��פJ�����Υ~�� PKCS #11 �ҲաC�z�l�ץi�H�N���ҩM�K�_�ץX�ܤ�����Ʈw�A��h�ƥ~���O�����|���\�z�ץX���ҩM�K�_�C�̹w�]�Apk12util �ϥΦW�� cert8.db �M key3.db �����ҩM�K�_��Ʈw�C
�z�L pk12util �ץX
�q������Ʈw�ץX���ҩM�K�_
- �i�J�]�t��Ʈw�� server_root/alias �ؿ�C
- �N server_root/bin/proxy/admin/bin �W�[�� PATH ���C
- �b server_root/bin/proxy/admin/bin ����� pk12util�C
- �]�w��ҡC�Ҧp�G
- �b UNIX �W�Gsetenv
LD_LIBRARY_PATH/server_root/bin/proxy/lib:${LD_LIBRARY_PATH}
- �b Windows �W�A�N�H�U���e�W�[�� PATH
LD_LIBRARY_PATH server_root/bin/proxy/bin
�z�i�H�b�H�U�ؿ���z�q���� PATH�Gserver_root/proxy-admserv/start�C
- ��J��O�Gpk12util�C�N�C�X�U�ؿﶵ�C
- ���һݪ��ʧ@�C
�Ҧp�A�b UNIX ���A�п�J�G
pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host]
- ��J��Ʈw�K�X�C
- ��J pkcs12 �K�X�C
�z�L pk12util �פJ
�N���ҩM�K�_�פJ�����Υ~�� PKCS #11 �Ҳ�
- �i�J�]�t��Ʈw�� server_root/alias �ؿ�C
- �N server_root/bin/proxy/admin/bin �W�[�� PATH ���C
- �b server_root/bin/proxy/admin/bin ����� pk12util�C
- �]�w��ҡC�Ҧp�G
- �b UNIX �W�Gsetenv
LD_LIBRARY_PATH/server_root/bin/proxy/lib:${LD_LIBRARY_PATH}
- �b Windows �W�A�N�H�U���e�W�[�� PATH
LD_LIBRARY_PATH server_root/bin/proxy/bin
�z�i�H�b�H�U�ؿ���z�q���� PATH�Gserver_root/proxy-admserv/start�C
- ��J��O�Gpk12util�C�N�C�X�U�ؿﶵ�C
- ���һݪ��ʧ@�C
�Ҧp�A�b UNIX ���A�п�J�G
pk12util -i pk12_sunspot [-d certdir][-h "nCipher"][-P https-jones.redplanet.com-jones-]
-P ������b -h ����A�åB�����O�̫�@�ӤơC
��J���T���O���W�١A�]�A�j�g�r�)M���������Ů�C
- ��J��Ʈw�K�X�C
- ��J pkcs12 �K�X�C
�H�~�����ұҰʦ�A��
�p�G��A�������Ҧw�˦b�~�� PKCS #11 �Ҳ� (�Ҧp�A�w��[�t��) ���A��A���N�L�k�ϥΦ����ұҰʡA���D�z�� server.xml �ɮi��s��A�Ψ̦p�U�ҭz�ӫ�w���ҦW�١C
��A���l�xըϥΦW���uServer-Cert�v�����ұҰʡC��~�� PKCS #11 �Ҳդ������ҷ|�b���ѧO�X���]�t�Ҳժ��@�ӰO���W�١C�Ҧp�A�w�˦b�W�� smartcard0 ���~�����z�dŪ��W����A������3�R�W�� smartcard0:Server-Cert�C
�Y�n�ϥΦw�˦b�~���Ҳդ������ұҰʦ�A���A����������A������ť�q�T�ݫ�w���ҦW�١C
����ť�q�T�ݿ����ҦW��
����ť�q�T�ݿ����ҦW��
�p�G���ﰻť�q�T�ݱҥΦw���ʡA�h���|�C�X���Ҫ���T�C�Y�n����ť�q�T�ݿ����ҦW�١A����ȥ��ﰻť�q�T�ݱҥΦw���ʡC�p�ݧ�h��T�A�аѾ\����ť�q�T�ݱҥΦw�����C
- �s�� Administration Server �� Server Manager�A�M���@�U [Preferences] ���ҡC
- ��@�U [Edit Listen Sockets] �s���C
- ��@�U�n�P�������p����ť�q�T�ݪ��s���C
- �q [Server Certificate Name] �U�Ԧ��M�椤����ť�q�T�ݿ���A�����ҡA�M���@�U [OK]�C�M�椤�]�t�Ҧ��w�w�˪������M�~�����ҡC
�z�]�i�H��ʽs�� server.xml �ɮסA���A���H����A�����ұҰʡC�N SSLPARAMS ���� servercertnickname �ݩ��ܧG
$TOKENNAME:Server-Cert
�Y�n�d�� $TOKENNAME �ϥΪ��ȡA�в��ܦ�A���� [Security] ���Ҩÿ�� [Manage Certificates] �s���C��z�n�J���x�s Server-Cert ���~���ҲծɡA$TOKENNAME:$NICKNAME ��檺�M�椤�N��ܨ���ҡC
|
|
�Ƶ�
|
�p�G�����إߥi�H���Ʈw�A�h�b���~�� PKCS# 11 �ҲեӽЩΦw�˾��ҮɱN���z�إߤ@�ӥi�H���Ʈw�C�إߪ��w�]��Ʈw�S���K�X�A�B�L�k�s��C�~���Ҳեi�H�u�@�A��z����ӽЩM�w�˦�A�����ҡC�p�G�w�g�إߪ��w�]��Ʈw�S���K�X�A�Шϥ� [Security] ���ҤW�� [Create Database] �����ӳ]�w�K�X�C
|
|
FIPS-140 �з�
�z�i�H�Q�� PKCS #11 API �P���[�K�@�~���n��εw��Ҳճq�T�C�b Proxy Server �W�w�� PKCS #11 ��A�Y�i�N��A���t�m���P FIPS-140 �ۮe�AFIPS ��� Federal Information Processing Standards (�p����T�B�z�з�)�C�u�� SSL 3.0 ���]�t�o�ǵ{���w�C
�ҥ� FIPS-140
- �̾� FIPS-140 ����w�˦��~���{���C
- �s�� Administration Server �� Server Manager�A�M���@�U [Preferences] ���ҡC
- ��@�U [Edit Listen Sockets] �s���C[Edit Listen Socket] ��������ܦw����ť�q�T�ݥi�Ϊ��w���ʳ]�w�C
- �q [SSL Version 3] �U�Ԧ��M���� [Enabled] (�p�G�|�����)�C
- ���A�? FIPS-140 �K�X�աA�M���@�U [OK]�G
- �ҥ� 168 �줸�[�K���T�� DES �M SHA �{�� (FIPS)
- �ҥ� 56 �줸�[�K�� DES �M SHA �{�� (FIPS)
�]�w�Τ�ݦw���ʻݨD
���i�O�@��A���w���ʪ��Ҧ��B�J��A�i�H���Τ�ݳ]�w��L�w���ʻݨD�C
��� SSL �s�u�ӻ��A�Τ�ݻ{�ҨëD���n���{�ǡA��O�䪺�T�i�H�i�@�B�T�O�[�K��T�ǰe�ܥ��T����Ƥ�C�z�i�b�ϦV�N�z��A�����ϥΥΤ�ݻ{�ҡA�H�T�O���e��A�����|�P������v���N�z��A���ΥΤ�ݦ@�θ�T�C
���`�]�t�H�U�D�D�G
�n�D�Τ�ݻ{��
�z�i�H�� Administration Server �M�C�Ӧ�A����ұҥΰ�ť�q�T�ݡA�H�n�D�i��Τ�ݻ{�ҡC�p�G�ҥΥΤ�ݻ{�ҡA�������ѥΤ�ݻ{�ҡA��A���~��N�^3�ǰe���d�ߡC
Proxy Server �䴩�z�L���Τ�ݾ��Ҥ��� CA �P�Ω�ñ�p�Τ�ݾ��Ҫ��i�H�� CA �ӻ{�ҥΤ�ݾ��ҡC�z�i�H�b [Security] ���ҤW�� [Manage Certificates] �����˵�Ω�ñ�p�Τ�ݾ��Ҫ��i�H�� CA ���M��C
�z�i�H�N Proxy Server �t�m���ڵ����㦳�i�H�� CA �ֵo���Τ�ݾ��Ҫ����Τ�ݡC�Y�n����Ωڵ��i�H�� CA�A������ CA �]�w�Τ�ݫH��C�p�ݧ�h��T�A�аѾ\�z�����C
�p�G���Ҥw�L�aAProxy Server �N�O���~�B�ڵ����ҨæV�Τ�ݶǦ^�@�h�T���C�]�i�H�b [Manage Certificates] �������˵���Ǿ��Ҥw�g�L�aC
�z�i�H�N��A���t�m���q�Τ�ݾ��Ҧ�����T�ñN��P LDAP �ؿ�ϥΪ̶��ؤ��C�o�˥i�H�T�w�Τ�ݾ֦����Ī����ҩM LDAP �ؿ���ءC�ӥB�٥i�H�T�w�Τ�ݾ��һP LDAP �ؿ���Ҭ۲šC�Y�n�A�Ѧp��i�榹�@�~�A�аѾ\�N�Τ�ݾ��ҹ�M�� LDAP�C
�z�i�H�N�Τ�ݾ��ҩM�s���X�ϥΡA�H�K���F�Ӧۥi�H�� CA �H�~�A�P�������p���ϥΪ��٥����P�s���W�h (ACL) �۲šC�p�ݧ�h��T�A�аѾ\�ϥΦs����ɮ��C
�n�D�Τ�ݻ{��
- �s�� Administration Server �� Server Manager�A�M���@�U [Preferences] ���ҡC
- ��@�U [Edit Listen Sockets] �s���C
- ��@�U�Q�n�D�Τ�ݻ{�Ҫ���ť�q�T�ݪ��s���C
- �ϥ� [Client Authentication] �U�Ԧ��M��ӭn�D��ť�q�T�ݪ��Τ�ݻ{�ҡA�M���@�U [OK]�C
�ϦV�N�z��A�������Τ�ݻ{��
�b�ϦV�N�z��A�����A�i�̤U�C�*R�ť��Ӱt�m�Τ�ݻ{�ҡG
- Proxy-Authenticates-Client�C�b���*R�ť��U�A�z�i���\�s��Ҧ���i������Ҫ��Τ�ݡA�άO�Ȧs��Ǩ�i������ҥB�b Proxy Server ���s���M�椤�Q��{�i�ϥΪ̪��Τ�ݡC
- Content-Server-Authenticates-Proxy�C�b���*R�ť��U�A�z�i�T�O���e��A���u���P�z�� Proxy Server (�ӫD��L����A��) �s�u�C
- Proxy-Authenticates-Client and Content-Server-Authenticates-Proxy�C���*R�ť����z���ϦV�N�z��A�����ѳ̤j�{�ת��w���ʻP�{�ҡC
�p�ݦ���p��t�m�W�z�*R�ť�����T�A�аѾ\�]�w�ϦV�N�z��A�������Τ�ݻ{���C
�]�w�ϦV�N�z��A�������Τ�ݻ{��
�w���ϦV�N�z��A�������Τ�ݻ{�ҥi�i�@�B�T�O�z���s�u�w���L���C�H�U����e�N���&p��̾ڱz��ܪ��*R�ť��t�m�Τ�ݻ{�ҡC
|
|
�Ƶ�
|
�C�@�Ӥ*R�ť������]�z�㦳�w���� Client-to-Proxy �s�u�� Proxy-to-Content-Server �s�u�C
|
|
Proxy-Authenticates-Client
�t�m Proxy-Authenticates-Client �*R�ť�
- ����ϥΤϦV�N�z��A�����u�]�w�ϦV�N�z��A���v������ܡA�t�m�w���� Client-to-Proxy �P Proxy-to-Content Server �*R�ť��C
- �s��Y��A����Ҫ� [Server Manager]�A�M���@�U [Preferences] ���ҡC
- ��@�U [Edit Listen Sockets] �s���A�M��A�b��ܪ���椤��@�U�z�Q�n����ť�q�T�ݪ��s���C(�ϥ� [Add Listen Socket] �s���t�m�üW�[��ť�q�T�ݡC)
- ��w�Τ�ݻ{�һݨD�G
���\�s��㦳�ľ��Ҫ��Ҧ��ϥΪ̡G
- �b [Security] �Ϭq�A�ϥ� [Client Authentication] �]�w�n�D����ť�q�T�ݤW���Τ�ݻ{�ҡC�Ъ`�N�A�p�G�|���w�˦�A�����ҡA���]�w�N���|��ܡC
�Ȥ��\�s��Ǩ㦳�ľ��ҥB�w��w���s�����i����ϥΪ̪��ϥΪ̡G
- �b [Security] �Ϭq���A�N [Client Authentication] �]�w�O������A�C�Ъ`�N�A�p�G�|���w�˦�A�����ҡA���]�w�N���|��ܡC
- �b����A����Ҫ� [Server Manager Preferences] ���Ҥ��A��@�U [Administer Access Control] �s���C
- ��� ACL�A�M���@�U [Edit] ��s�C�N��� [Access Control Rules For] ���� (�Y�t�ε����{�Ҵ��ܡA�Х��{��)�C
- �}�Ҧs��� (�Y�|���֨� [Access control Is On] �֨���A�Ю֨�)�C
- ��@�U�һݦs���W�h�� [Rights] �s���A�b�U��ج[����w�s���v���A�M���@�U [Update] �H��s�����ءC
- ��@�U [Users/Groups] �s���C�b�U��ج[���A��w�ϥΪ̻P�s�աA��� SSL �����{�Ҥ�k�A�M���@�U [Update] �H��s�����ءC
- ��@�U�W��ج[���� [Submit] �H�x�s�z�����ءC
�p�ݦ���]�w�s����h��T�A�аѾ\������A�����s���C
Content-Server-Authenticates-Proxy
�t�m Content Server-Authenticates-Proxy �*R�ť�
- �п���]�w�ϦV�N�z��A��������ܡA�t�m�w���� Client-to-Proxy �P Proxy-to-Content-Server �*R�ť��C
- �b���e��A���W�}�ҥΤ�ݻ{�ҡC
|
|
�Ƶ�
|
�z�i�ק惡�*R�ť����P Proxy Server �i��D�w���Τ�ݳs�u�B�P���e��A���i��w���s�u����e��A���{�� Proxy Server�C�Y�n�o�A�z������[�K�\��A����N�z��A���Y��̾ڤU�C�ҭz�{�Ǫ�l�ƾ��ҡC
|
|
Proxy-Authenticates-Client and Content-Server-Authenticates-Proxy
�t�m Proxy-Authenticates-Client and Content-Server-Authenticates-Proxy �*R�ť�
�N�Τ�ݾ��ҹ�M�� LDAP
���`�y�z Proxy Server �N�Τ�ݾ��ҹ�M�� LDAP �ؿ�ت��{�ǡC
��A������Τ�ݪ��ШD�ɡA�|�b�B�z�ШD���e�߰ݥΤ�ݪ����ҡC���ǥΤ�ݷ|�N�Τ�ݾ��һP�ШD�@�P�ǰe����A���C
|
|
�Ƶ�
|
�N�Τ�ݾ��ҹ�M�� LDAP ���e�A�٥����t�m�һݪ� ACL�C�p�ݧ�h��T�A�аѾ\������A�����s���C
|
|
��A���N�xձN CA �P Administration Server �����i�H�� CA �M����C�Y�L�۲Ū� CA�AProxy Server �|����s�u�C�p�G�����۲Ū� CA�A��A���N�~��B�z�ШD�C
���Ҿ��ҬO�Ӧۥi�H�� CA ����A��A���|�z�L�H�U�覡�N���ҹ�M�� LDAP ���ءG
- �N�ӦۥΤ�ݾ��Ҫ��ֵo�̩M�D�� DN ��M�� LDAP �ؿ�$��I�C
- �b LDAP �ؿ�j�M�P�Τ�ݾ��Ҫ��D�� (�@��ϥΪ�) �����T�۲Ū����ءC
- (�i��) ���ҥΤ�ݾ��ҬO�_�P LDAP ���ؤ���3�� DN �����Ҭ۲šC
��A���ϥΦW�� certmap.conf �����ҹ�M�ɮרӨM�w�p���� LDAP �j�M�C��M�ɮױN�i�D��A���n�q�Τ�ݾ��Ҥ������ǭ� (�p�@��ϥΪ̪��W�١B�q�l�l���}��)�C��A���N�ϥγo�ǭȦb LDAP �ؿ�j�M�ϥΪ̶��ءA���A������ݭn�T�w�q LDAP �ؿ���Ӧ�m�}�l�j�M�C���ҹ�M�ɮפ]�|�i�D��A���}�l�j�M����m�C
��A�����D�ӱq��B�}�l�j�M�ηj�M��ض��� (�W�z�Ĥ@�I) ��A�K�|�b LDAP �ؿ���j�M (�ĤG�I)�C�p�G�����۲Ŷ��ةΧ��h�Ӭ۲Ŷ��ءA�åB���]�m��M�����Ҿ��ҡA�j�M�N���ѡC
�U��C�X�w�j��j�M���G�B�@�覡�C�Ъ`�N�A�z�i�b ACL ����w�w�j��B�@�覡�C�Ҧp�A�i��w����Ҥ�異�ѮɡAProxy Server �u���z�C�p�ݦ���p��]�w ACL �ߦn�]�w����h��T�A�аѾ\�ϥΦs����ɮ��C
�� 5-1 LDAP �j�M���G
|
LDAP �j�M���G
|
�}�Ҿ�������
|
���������
|
|
����춵��
|
�{�ҥ���
|
�{�ҥ���
|
|
��n���@�Ӷ���
|
�{�ҥ���
|
�{�Ҧ��\
|
|
���h�Ӷ���
|
�{�ҥ���
|
���v����
|
��A���b LDAP �ؿ���۲Ū����ةM���ҫ�A�N�i�H�ϥγo�Ǹ�T�ӳB�z�@�~�ƥ�C�Ҧp�A�Y�Ǧ�A���ϥξ��Ҩ� LDAP ����M�ӽT�w��Y�Ӧ�A�����s���v���C
�ϥ� certmap.conf �ɮ�
���ҹ�M�i�T�w��A���p��b LDAP �ؿ�d��ϥΪ̶��ءC�z�i�H�ϥ� certmap.conf �t�m���� (�̦W�٫�w) ��M�� LDAP ���ت��覡�C�z�i�H�s�覹�ɮסA�W�[���ءA�Ӥ�� LDAP �ؿ�c�æC�X�z�Ʊ�ϥΪ֦̾������ҡC�ϥΪ̥i�H���ϥΪ� ID�B�q�l�l���}�� subjectDN ���ϥΪ�����L�ȶi��{�ҡC����ӻ��A��M�ɮץi�w�q�H�U��T�G
- ��A��3�q LDAP �𪬵��c�������Ӷ}�l�j�M
- �b LDAP �ؿ�j�M�ɡA��A��3�ϥέ��Ǿ����ݩʰ����j�M���
- ��A���O�_�n����L���ҵ{��
���ҹ�M�ɮצ��H�U��m�G
server_root/userdb/certmap.conf
���ɮץ]�t�@�өΦh�өR�W����M�A�C�ӹ�M���A�ΩP�� CA�C��M���y�k�p�U�G
certmap name issuerDN
name:property [value]
�Ĥ@��Ω��w���ت��W�٥H�ΧΦ� CA ���Ҥ���O�W�٪��ݩʡCname �O��N���A�z�i�H�N�w�q�C��O�AissuerDN �����P�ֵo�Τ�ݾ��Ҫ� CA ���ֵo�� DN �����۲šC�Ҧp�A�H�U��Ӯֵo�� DN ��Ȧb�9j�ݩʪ��Ů�W���Үt���A���A���N����Ӥ��P�����ءG
certmap sun1 ou=Sun Certificate Authority,o=Sun,c=US
certmap sun2 ou=Sun Certificate Authority, o=Sun, c=US
|
|
����
|
�p�G���b�ϥ� Sun Java System Directory Server �æb���ֵo�� DN �ɹJ����D�A�Цb Directory Server ��~�O��d�䦳�Ϊ���T�C
|
|
�w�R�W��M�����ĤG��M�H�᪺��i�H���ݩʻP�Ȭ۲šCcertmap.conf �ɮפ��]�t���ӹw�]�S�� (�i�H�ϥξ��� API �ۭq�S��)�G
- DNComps �O�@�t�C�γr���9j���ݩʡA�Ω�T�w��A���q LDAP �ؿ���Ӧ�m�}�l�j�M�ŦX�ϥΪ� (�Y�Τ�ݾ��Ҫ��֦���) ��T�����ءC��A���q�Τ�ݾ��Ҧ����o���ݩʪ��ȡA�åγo�ǭȧΦ� LDAP DN�A�M��Y�i�T�w��A���q LDAP �ؿ���Ӧ�m�}�l�j�M�C�Ҧp�A�p�G�N DNComps �]�w���ϥ� DN �� o �P c �ݩʡA�h��A���|�q LDAP �ؿ� o=org, c= country ���ض}�l�j�M�A�䤤 org �P country �ξ��Ҥ� DN ���ȩҴ%N�C
�Ъ`�N�H�U���ΡG
- �p�G��M�����s�b DNComps ���ءA��A���N�ϥ� CmapLdapAttr �]�w�ΥΤ�ݾ��Ҥ�����ӥD�� DN (�Y�@��ϥΪ̸�T)�C
- �p�G DNComps ���ئs�b��S����3���ȡA��A���N�b��� LDAP �𤤷j�M�ŦX�z�ᄍ�����ءC
- FilterComps �O�@�t�C�γr���9j���ݩʡA�Ω�z�L�����Τ�ݾ��Ҥ����ϥΪ� DN ��T�ӫإ߿z�ᄍ�C��A���N�ϥγo���ݩʪ��ȡA�ӧΦ��Ω��� LDAP �ؿ�U���ت��j�M���C�p�G��A���b LDAP �ؿ���F�@�өΦh�ӻP�q���Ҥ������쪺�ϥΪ̸�T�۲ŦX�����ءA�h��ܷj�M���\�åB��A���i�H��ܰ��Y�����ҡC
�Ҧp�A�p�G FilterComps �]�w���ϥιq�l�l���}�M�ϥΪ� ID �ݩ� (FilterComps=e,uid)�A��A���|�b�ؿ�j�M�Y���ءA�����ت��q�l�l��ΨϥΪ� ID �ȻP�q�Τ�ݾ��ҩҨ�o���@��ϥΪ̸�T�۲ŦX�C�q�l�l���}�M�ϥΪ� ID �O�D�`�n���z�ᄍ�A�]�����̦b�ؿ�q�`�O�ߤ@���C�z�ᄍ�ݭn����쨬�H�P LDAP ��Ʈw�����@�� (�B�u���@��) ���ج۲šC
�z�ᄍ���ݩʦW�٥����O�Ӧ۾��� (�ӫD�Ӧ� LDAP �ؿ�) ���ݩʦW�١C�Ҧp�A�ϥΪ̹q�l�l���}�b�Y�Ǿ��Ҥ���3�� e �ݩʡA�� LDAP �N���٬� mail�C
�U��C�X x509v3 ���Ҫ��ݩʡC
�� 5-2 x509v3 ���Ҫ��ݩ�
|
�ݩ�
|
�y�z
|
|
c
|
��a/�a��
|
|
o
|
��´
|
|
cn
|
�@�ΦW��
|
|
l
|
��m
|
|
st
|
���A
|
|
ou
|
��´�椸
|
|
uid
|
UNIX/Linux �ϥΪ� ID
|
|
email
|
�q�l�l���}
|
- verifycert �|�i����A���O�_3�N�Τ�ݾ��һP LDAP �ؿ���Ҭۤ��C���ϥΨ�ӭȡG[on] �M [off]�C�u���� LDAP �ؿ�]�t���ҮɡA�~��ϥΦ��S�ʡC���\��U��T�w�@��ϥΪ̨ϥΪ����Ҧ��ĥB���Q�M�P�C
- CmapLdapAttr �O LDAP �ؿ�]�t�ϥΪ̥������Ҥ��D�� DN ���ݩʦW�١C���S�ʪ��w�]�Ȭ� certSubjectDN�C���ݩʤ��O�зǪ� LDAP �ݩʡA�]���n�ϥΦ��S�ʡA�������� LDAP �Ҧ��C�p�ݧ�h��T�A�аѾ\�uIntroduction to SSL�v�C
�p�G certmap.conf �ɮפ��s�b���S�ʡA��A���N�b��� LDAP �ؿ�j�M�ݩ� (�H���S�ʩR�W) �P���㪺�D�� DN (�q���Ҥ���o) �۲ŦX�����ءC�p�G������ءA��A���N�ϥ� DNComps �M FilterComps ��M���s�xշj�M�C
�p�G����ϥ� DNComps �M FilterComps �i�涵�ؤ��A�h�o�ع����һP LDAP ���ت���k�D�`���ΡC
- Library �S�ʪ��Ȭ��@�ε{���w�� DLL ����|�W�١C�u����ϥξ��� API �إߦۤv���S�ʮɤ~�ݭn�ϥΦ��S�ʡC
- InitFn �S�ʪ��Ȭ��ۭq�{���w�� init ��ƪ��W�١C�u����ϥξ��� API �إߦۤv���S�ʮɤ~�ݭn�ϥΦ��S�ʡC
�p�ݦ���o�ǯS�ʪ���h��T�A�аѾ\�H�U�p�`�����d�ҡG��M�d���C
�إߦۭq�S��
�i�ϥΥΤ�ݾ��� API �ӫإߦۤv���S�ʡC�إߦۭq��M��A�N�i��p�U�榡�ѷӹ�M�G
name:library path_to_shared_library
name:InitFN name_of_init_function
�Ҧp�G
certmap default1 o=Sun Microsystems, c=US
default1:library /usr/sun/userdb/plugin.so
default1:InitFn plugin_init_fn
default1:DNComps ou o c
default1:FilterComps l
default1:verifycert on
��M�d��
certmap.conf �ɮפ�3�ܤ֥]�t�@�Ӷ��ءC�H�U�d�һ��� certmap.conf �����P�ϥΤ覡�C
�d�� #1
���d�ҥN��u���@�ӹw�]��M�� certmap.conf �ɮסG
certmap default default
default:DNComps ou, o, c
default:FilterComps e, uid
default:verifycert on
�ϥΥ��d�ҮɡA��A���|�b�]�t ou=orgunit, o=org, c=country ���ت� LDAP �$��I�}�l�j�M�A�䤤�����r�N�Q�Τ�ݾ��Ҥ��D�� DN ���ȩҴ%N�C
�M��A��A���ϥξ��Ҥ����q�l�l���}�P�ϥΪ� ID �ȨӦb LDAP �ؿ�j�M�۲Ū����ءC���۲Ū����خɡA��A���N�Τ�ݶǰe�����һP�ؿ��x�s�����Ҭۤ��A�H���Ҿ��ҡC
�d�� #2
�H�U�d���ɮפ��]�A��ӹ�M�G�@�ӥΩ�w�]�A�t�@�ӥΩ� US Postal Service�G
certmap default default
default:DNComps
default:FilterComps e, uid
certmap usps ou=United States Postal Service, o=usps, c=US
usps:DNComps ou,o,c
usps:FilterComps e
usps:verifycert on
�Y��A�����쪺���Ҥ��O�Ӧ� US Postal Service�A���|�ϥιw�]��M (�q LDAP �𪬵��c���ݶ}�l�j�M�ŦX�Τ�ݹq�l�l��P�ϥΪ� ID ������)�C�Y���ҨӦ� US Postal Service�A�h��A���|�q�]�t��´�椸�� LDAP �$�}�l�j�M�۲Ū��q�l�l���}�C�t�Ъ`�N�A�Y���ҨӦ� US Postal Service�A�h��A���|���Ҧ����ҡC�Ӥ��|���Ҩ�L���ҡC
|
|
�`�N
|
���Ҥ����ֵo�� DN (�Y CA ����T) �����P��M���Ĥ@�椤�ҦC���ֵo�� DN �@�P�C�b�W�Ҥ��A�Ӧۮֵo�� DN ������ (o=United States Postal Service,c=US) �N���۲šA�]�� o �M c �ݩʤ����S���Ů�C
|
|
�d�� #3
�U�Ҩϥ� CmapLdapAttr �S�ʦb LDAP ��Ʈw���j�M�W�� certSubjectDN ���ݩʡA���3�P�Τ�ݾ��Ҥ�����ӥD�� DN �����۲šC
certmap myco ou=My Company Inc, o=myco, c=US
myco:CmapLdapAttr certSubjectDN
myco:DNComps o, c
myco:FilterComps mail, uid
myco:verifycert on
�p�G�Τ�ݾ��Ҫ��D�鬰�G
uid=Walt Whitman, o=LeavesOfGrass Inc, c=US
��A���N����j�M�]�t�H�U��T�����ءG
certSubjectDN=uid=Walt Whitman, o=LeavesOfGrass Inc, c=US
�p�G���@�өΦh�Ӭ۲Ū����ءA��A���N�~�����ҦU���ءC�p�G�����۲Ū����ءA��A���|�ϥ� DNComps �M FilterComps �j�M�۲Ū����ءC�b���d�Ҥ��A��A���|�b o=LeavesOfGrass Inc, c=US �U���Ҧ����ؤ��j�M uid=Walt Whitman�C
|
|
�Ƶ�
|
���d�Ұ��] LDAP �ؿ�]�t�a�� certSubjectDN �ݩʪ����ءC
|
|
�]�w�W�j���[�K
�z�L [Server Manager Preferences] ���Ҥ��� [Set Cipher Size] �ﶵ�i�H��ܨϥ� 168 �줸�B128 �줸�� 56 �줸�j�p���K�_�i��s��A�Ϊ̤����w�K�_�j�p�C�z�i�H��w���ŦX������ɨϥΪ��ɮסC�p�G����w�ɮסAProxy Server �N�Ǧ^ [Forbidden] ���A�C
�p�G�ҿ��s��K�_�j�p�P [Security Preferences] �U�ثe���K�X�]�w���@�P�AProxy Server �|��ܤ@�ӧ����ܤ��Aĵ�i�z�ݭn�ҥαK�_�j�p��j���K�X�C
�K�_�j�p�����@��� obj.conf ���� NSAPI PathCheck ��O�A�Ӥ��O Service fn=key-toosmall�C����O���G
PathCheck fn="ssl-check" [secret-keysize=nbits] [bong-file=filename]
�䤤�Anbits �O�K�_���һݪ��̤p�줸�ơAfilename �O���ŦX������ɩҥ��ɮת��W�١C
�p�G���ҥ� SSL �Ϊ̥���w secret-keysize �ѼơAPathCheck �N�Ǧ^ REQ_NOACTION�C�Y�ثe���q�@�~���K�_�j�p�p���w�� secret-keysize�A�h��Ʒ|�Ǧ^���A�� PROTOCOL_FORBIDDEN �� REQ_ABORTED (�Y����w bong-file) �� REQ_PROCEED�A��|�ܼƳQ�]�w�� bong-file filename�C�ӥB�A�p�G���ŦX�K�_�j�p����A�ثe���q�@�~�� SSL ���q�@�~�֨�رN���ġA�o�ˤU����P�@�ӥΤ�ݳs�u���A���ɡA�N�o�ͧ��㪺 SSL �洫�C
|
|
�Ƶ�
|
��b [Set Cipher Size] ��椤�W�[ PathCheck fn=ssl-check �ɡA���|�����b����쪺�Ҧ� Service fn=key-toosmall ��O�C
|
|
�]�w�W�j���[�K
- �s��Y��A����Ҫ� [Server Manager]�A�M���@�U [Preferences] ���ҡC
- ��@�U [Set Cipher Size] �s���C
- �q�U�Ԧ��M�椤���n�M�μW�j�[�K���귽�A�M���@�U [Select]�C�z��i��w�`�W��ܦ��C�p�ݧ�h��T�A�аѾ\�z�d���M�귽�C
- ���K�_�j�p����G
- 168 �줸�Χ�j
- 128 �줸�Χ�j
- 56 �줸�Χ�j
- �L����
- ��w�n�ڵ��s��T���Ҧb���ɮצ�m�A�M���@�U [OK]�C
�p�ݦ���K�X����h��T�A�аѾ\�uIntroduction to SSL�v�C
��L�w���ʦҶq
���F�Y�ǤH�|�xկ}�ѱz���K�X�~�A�٦���L�w���ʭ��I�s�b�C����{�����I�Ӧۥ~���M�������b�ȡA�L�̨ϥΦU�ؤ�k�xզs��z����A���H�Φ�A���W����T�C�]���A���F�b��A���W�ҥΥ[�K�~�A��3�Ĩ��B�~���w�����@���I�C�Ҧp�A�N��A���q����b�@�Ӧw�����ж����A�����\��i�H��ϥΪ̱N�{���W�Ǧܱz����A���C���`�y�z�F���Ϧ�A����w�����Y�ǭn�I�C
���`�]�t�H�U�D�D�G
�������s��
�o��²�檺�w����k�g�`�|�Q��ѡC�N��A���q����b�@�ӤW�ꪺ�ж����A�u���g�L���v���ϥΪ̤~��i�J�ж��C�o�˥i�H������H��;��A���q�������C�ӥB�A�n�O�@�n�q�����z (��) �K�X (�p�G������)�C
����z�s��
�p�G�ϥλ��ݰt�m�A�аȥ��]�w�s���A�u���\�ּƨϥΪ̩M�q���i��z�C�p�G�Ʊ� Administration Server ���@��ϥΪ̴��ѹ� LDAP ��A���Υ���ؿ��T���s���v���A�ЦҶq���@��� Administration Server �M�ϥ��O���z�C�o�˱ҥΤF SSL �� Administration Server �i�����D��A���A�ӥt�@�� Administration Server �h�Ω�@��ϥΪ̪��s��C�p�ݦ����O������h��T�A�аѾ\�z��A���O���C
�z��3�� Administration Server �}�ҥ[�K�\��C�p�G���ϥ� SSL �s�u�i��z�A����z�L�D�[�K������滷�ݦ�A���z��3�Ӯ�~�p�ߡC�]�����H���i�H�I��z���z�K�X�í��s�t�m�z����A���C
��ܼW�j���K�X
�z�i�H�b��A�����ϥΦh�ӱK�X�G�z�K�X�B�p�K�K�_�K�X�B��Ʈw�K�X�����C�z�K�X�O�����K�X���̭��n���@�ӡA�]�������K�X���ϥΪ̧��i�H�b�z���q���W�t�m����A���C�p�K�K�_�K�X�O�����n���K�X�C�p�G�Y�ӨϥΪ̨�o�F�z���p�K�K�_�M�p�K�K�_�K�X�A�h�i�H�إ߰���A�����˦��z����A���A�Ϊ̺I��M�ܧ�i�X�z��A�����q�T��ơC
�K�X�̦n�O�K��z�ۤv�O�СA�L�H�S�L�k�q��C�Ҧp�AMCi12!mo �i�O���uMy Child is 12 months old!�v�C�Ӥp�Ĥl���m�W�Υͤ鵥���A�X���K�X�C
�إ���H�}�Ѫ��K�X
�H�U�o��²�檺��ɭ�h�i0�U�z�إW�j���K�X�C������@�ӱK�X�M�ΥH�U�Ҧ��W�h�A��ϥΪ��W�h�V�h�A�z���K�X�N�V��H�Q�}�ѡC�@�Ǵ��ܡG
- �K�X���3�� 6 �� 14 �Ӧr��
- ���n�ϥΫD�k�r���G*�B" �ΪŮ�
- ���n�ϥ������ (���y��)
- ���n�i��`�Ϊ��r�(�N�A�Ҧp�� 3 �%N E �Υ� 1 �%N L
- �ɥi��h�a�]�t�H�U�r���G
- �j�g�r��
- �p�g�r��
- �Ʀr
- �Ÿ�
�ܧ�K�X�� PIN
�w���ܧ�i�H���Ʈw/�K�_���ɮױK�X�� PIN �O�@�Ӧn�ߺD�C�p�G�b Administration Server ���ҥΤF SSL�A�h�Ұʦ�A���ɻݭn���K�X�C�w���ܧ�K�X�i�H�W�[���A�����B�~�O�@�C
�u3�b����q���W�ܧK�X�C�p�ݦ����ܧ�K�X���`�N�ƶ��M��A�аѾ\�إ���H�}�Ѫ��K�X�C
�ܧ�i�H���Ʈw/�K�_���ɮױK�X
- �s�� Administration Server �� Server Manager�A�M���@�U [Security] ���ҡC
- ��@�U [Change Key Pair File Password] �s���C
- �q [Cryptographic Module] �U�Ԧ��M�椤���n�b�䤤�ܧ�K�X���w���ʰO���C�̹w�]�A�����K�_��Ʈw���w���ʰO���� [Internal]�C�Y�w�w�� PKCS #11 �ҲաA�h�N�C�X�Ҧ��w���ʰO���C
- ��J�ثe�K�X�C
- ��J�s�K�X�C
- �A����J�K�X�A�M���@�U [OK]�C
�T�w�z���K�_���ɮר��O�@�CAdministration Server �N�K�_���ɮ��x�s�b server_root/alias �ؿ�C
�A���ɮO�_�x�s�b�ƥ�ϱa�W�άO�_��Q��L�H�I��]�ܭ��n�C�p�G�o�ˡA�h�������O�@��A���@�˺ɤO�O�@�z���ƥ�C
�����A���W����L3�ε{��
���ԷV�Ҽ{�b��A���q���W��檺�Ҧ�3�ε{���C�Q�Φ�A���W��檺��L�{�������|�}�i�H�}��A�����w���O�@�C�а��ΩҦ������n���{���M�A�ȡC�Ҧp�AUNIX sendmail �`�n�{����H�w���a�t�m�A�ӥB�i�H�z�L�{���]�p�Ӧb��A���q���W����L�i��`���{���C
UNIX �M Linux
�J�ӿ�ܱq inittab �M rc �{���ɱҰʪ��{�ǡC���n�q��A���q����� telnet �� rlogin�C�z�礣3�b��A���q���W��� rdist�C�p���i�5o�ɮסA���i�Ω��s��A���q���W���ɮסC
Windows
�P��L�q���@�κϺо�M�ؿ�ɭn��~�p�ߡC�ӥB�A�n�Ҷq���ǨϥΪ̨㦳�b���� Guest �v���C�z�ݯS�O�d�N�b��A���w�˭��ǵ{���Τ��\��L�H�b��A���W�w�˭��ǵ{���C��L�ϥΪ̪��{���i��|�s�b�w���|�}�C���V�|���O�A���H�i��|�W�Ǵc�N�{���A�W�N�}�a��A�����w���ʡC�b�z����A���W�w�˵{�����e�@�w�n�J���ˬd�o�ǵ{���C
����Τ�ݧ֨� SSL �ɮ�
�z�L�b HTML �ɮת� <HEAD> �Ϭq���W�[�H�U��A�i�H����Τ�ݧ֨�[�K�e���ɮסG
<meta http-equiv="pragma" content="no-cache">
����s����
���ιq���W���ϥΪ��Ҧ��s����C�ϥθ�Ѿ��Ψ�����t�m�i����~�����ϥΪ̳s�u�ܵ���̤p�s���H�~�����s����C�o�N��ۨ�o�q���W Shell ���ߤ@��k�N�O��ڦa�ϥΦ�A���q���A��3�Ӧ�b�@�ӭ��w���ϰ줺�C
�A�Ѧ�A��������
��A�����Ѧ�A���M�Τ�ݤ������w���s�u�C�Τ�ݨ�o��T����A��A���J�L�k�����T���w���ʡA���]�L�k������A���q�������Ψ�ؿ�M�ɮת��s��C
�A�ѳo�ǭ���U��z�A�ѭn�קK���DZ��ΡC�Ҧp�A�z�i�H�z�L SSL �s�u��o�H�Υd���A��o�Ǹ��X�O�_�x�s�b��A���q���W���w���ɮפ��O�HSSL �s�u�פ��A�o�Ǹ��X�|��˩O�H �аȥ���Τ�ݳz�L SSL �ǰe���z������T��I�w���O�@�C
