SSL �M TLS ��w�䴩�U�إΩ��A���M�Τ�ݪ��ۤ��{�ҡB�ǿ��ҮѩM�إ߶��q�@�~���_���K�X�C�Τ�ݩM��A���i�H�䴩�U�رK�X�թαK�X���A�o��M��U�ئ]�!A�Ҧp�Ҥ䴩����w�B���q����[�K�j�ת������H�άF����[�K�n�骺�X�f���w�C�b��L�禡���ASSL �M TLS �洫��w�N�M�w��A���M�Τ�ݦp���ӥH�T�w�N�Ω�q�T���K�X�աC
�ϥ� SSL �P LDAP �q�T
�z3�ӭn�D Administration Server �ϥ� SSL �P LDAP �i��q�T�C�Y�n�ҥ� Administration Server �W�� SSL�A�а��U�C�B�J�G
- �s�� [Administration Server] �ÿ�� [Global Settings] ���ҡC
- ��@�U [Configure Directory Service] �s���C
- ��� [Yes] �H�ϥΦw���M���r�h (SSL) �i��s�u�C
- ��@�U [Save Changes]�C
- ��@�U [OK] �H�N�z���s�����ܧϥ� SSL �� LDAP �зdzs����C
����ť�M���r�ҥΦw����
�z�i�H�z�L�H�U�覡�ӫO�@��A����ť�M���r���w���G
- �}�Ҧw����
- ����ť�M���r����A���Ү�
- ���K�X
�}�Ҧw����
�z�����}�Ҧw���ʡA�M��~�ର��ť�M���r�t�m��L�w���ʳ]�w�C�z�i�H�b�إ߷s����ť�M���r�νs��{����ť�M���r�ɶ}�Ҧw���ʡC
�إ߰�ť�M���r�ɶ}�Ҧw����
�Y�n�b�إ߷s��ť�M���r�ɶ}�Ҧw���ʡA�а��U�C�B�J�G
- �s�� [Server Manager] �ñq�U�Ԧ��M�椤���n�b�䤤�إ߰�ť�M���r����A����ҡC
- ��� [Preferences] ���� (�p�G�|�����)�C
- ��� [Edit Listen Sockets] �s���C
�ù�W�|��� [Edit Listen Sockets] �����C
- ��@�U [New] ��s�C
�ù�W�|��� [Add Listen Socket] �����C
- ��J�һݸ�T�ÿ��w�]�����&�A���C
- �Y�n�}�Ҧw���ʡA�бq [Security] �U�Ԧ��M���� [Enabled]�C
- ��@�U [OK]�C
- ��@�U [Apply]�A�M���@�U [Restart] �H���ܧ�ͮġC
|
|
�Ƶ�
|
�z�ݭn�b�إ߰�ť�M���r��A�ϥ� [Edit Listen Sockets] �s���Ӱt�m�w���ʳ]�w�C
|
|
�s�谻ť�M���r�ɶ}�Ҧw����
�z�]�i�H�b�g�� Administration Server �� Server Manager �s�谻ť�M���r�ɶ}�Ҧw���ʡC�Y�n�b�s�谻ť�M���r�ɶ}�Ҧw���ʡA�а��U�C�B�J�G
- �s�� [Administration Server] �� [Server Manager]�A�M���� [Security] ���ҡC
��� [Server Manager]�A�z������q�U�Ԧ��M�椤����A����ҡC
- ��� [Preferences] ���� (�p�G�|�����)�C
- ��� [Edit Listen Sockets] �s���C
�ù�W�|��� [Edit Listen Sockets] �����C
- �Y�n�s�谻ť�M���r�A�Ы�@�U�n�s�誺��ť�M���r�� [Listen Socket ID]�C
�ù�W�|��� [Edit Listen Socket] �����C
- �Y�n����ť�M���r�}�Ҧw���ʡA�бq [Security] �U�Ԧ��M���� [Enabled]�C
- ��@�U [OK]�C
- ��� [Server Manager]�A��@�U [Apply]�A�M���@�U [Restart] �H���ܧ�ͮġC
����ť�M���r����A���Ү�
�z�i�H�b Administration Server �� Server Manager ���t�m��ť�M���r�A�H�K�ϥαz�w�ӽШæw�˪���A���ҮѡC
�Y�n����ť�M���r����A���ҮѥH�i��ϥΡA�а��U�C�B�J�G
- �s�� [Administration Server] �� [Server Manager]�A�M���� [Preferences] ���ҡC
��� [Server Manager]�A�z������q�U�Ԧ��M�����A����ҡC
- ��� [Edit Listen Sockets] �s���C
�ù�W�|��� [Edit Listen Sockets] �����C
- �Y�n�s�谻ť�M���r�A�Ы�@�U�n�s�誺��ť�M���r�� [Listen Socket ID]�C
�ù�W�|��� [Edit Listen Socket] �����C
- �Y�n����ť�M���r�}�Ҧw���ʡA�бq [Security] �U�Ԧ��M���� [Enabled]�C
|
|
�Ƶ�
|
�p�G�w�ˤF�~���ҲաA�ù�W�|��� [Manage Server Certificates] �����A�ín�D�b�~��ʧ@���e��J�~���Ҳժ��K�X�C
|
|
- �q [Server Certificate Name] �U�Ԧ��M�椤����ť�M���r����A���ҮѡC
�ӲM��]�t�Ҧ��w�w�˪������M�~���ҮѡC
|
|
�Ƶ�
|
�p�G���w�˥���A���ҮѡA�N���ĵ�i�T���ӫD [Server Certificate Name] �U�Ԧ��M��C
|
|
- ��@�U [OK]�C
- ��� [Server Manager]�A��@�U [Apply]�A�M���@�U [Restart] �H���ܧ�ͮġC
���K�X
���F�O�@ Web ��A�����w���A3�ӱҥ� SSL�C�z�i�H�ҥ� SSL 2.0�BSSL 3.0 �M TLS �[�K��w�M���U�رK�X�աC�i�H�b Administration Server ��ť�M���r�W�ҥ� SSL �M TLS�C�b Server Manager ����ť�M���r�W�ҥ� SSL �M TLS �N���P�Ӱ�ť�M���r���p���Ҧ����&�A���]�w�w���ʳߦn�]�w�C
�p�G�Ʊ�ϥΫD�[�K�����&�A���A�h�����N��t�m���ϥάۦP����ť�M���r�A�åB��w���ʡC
�w�]�]�w���\�ϥγ̱`�Ϊ��K�X�C���D���R�2z�Ѥ��ϥίS�w�K�X�աA�_�h3�ӥ����ϥΡC�p�ݦ���S�w�K�X����h��T�A�аѾ\�uIntroduction to SSL�v�C
tlsrollback �Ѽƪ��w�]�M��ij�]�w�� true�C�o�|���A���i��t�m�H����I�����^���;���xաC���F�P�Y�ǥ����T��� TLS �W�d���Τ�ݹ�{�ۤ��i�ާ@�ʡA�i��ݭn�N���ȳ]�w�� false�C
�Ъ`�N�A�N tlsrollback �]�w�� false �|���C�s�u�睊���^���;�����@��O�C�����^���;�O�@�ؾ��A�ĤT��i�H�z�L�o�ؾ��j��Τ�ݩM��A���ϥΦw���ʸ�C�����h�w (�Ҧp SSLv2) �i��q�T�C�ѩ� SSLv2 ��w���s�b���Ҷg�����ʳ��A�]���L�k����쪩���^���;�A�o�N�ϲĤT���e��I��M�ѱK�[�K���s�u�C
�Y�n�ҥ� SSL �M TLS�A�а��U�C�B�J�G
- �s�� [Administration Server] �� [Server Manager]�A�M���� [Preferences] ���ҡC
��� [Server Manager]�A�z������q�U�Ԧ��M�椤����A����ҡC
- ��@�U [Edit Listen Sockets] �s���C
�ù�W�|��� [Edit Listen Sockets] �����C���w����ť�M���r�A[Edit Listen Socket] ��������ܥi�Ϊ��K�X�]�w�C
|
|
�Ƶ�
|
�p�G���b��ť�M���r�W�ҥ� [Security]�A�h���|�C�X��� SSL �M TLS ��T�C�Y�n�ϥαK�X�A�нT�w�w�b���ť�M���r�W�ҥΤF�Ӧw���ʡC�p�ݧ�h��T�A�аѾ\�u����ť�M���r�ҥΦw�����v�C
|
|
- �֨��3��һݥ[�K�]�w���֨���C
|
|
�Ƶ�
|
��� Netscape Navigator 6.0�A�ЦP�ɮ֨� [TLS] �M [SSL3]�C��� TLS �^��A�]�n�֨� TLS�A�ýT�w�w���� SSL3 �M SSL2�C
|
|
- ��@�U [OK]�C
- ��� [Server Manager]�A��@�U [Apply]�A�M���@�U [Restart] �H���ܧ�ͮġC
|
|
�Ƶ�
|
��z�b�}�Ұ�ť�M���r���w���ʤ���M���ܧ�ɡA�t�αN�۰ʭק� magnus.conf �ɮץH��ܦw���ʤw�}�ҡA�åB�۰ʫ�w�P�Ӱ�ť�M���r���p���Ҧ����&�A�����w�]�w���ʰѼơC
|
|
�b��A���W�ҥ� SSL ��A���� URL �N�ϥ� https�A�ӫD http�C��V�ҥΤF SSL ����A���W��� URL �榡�p�U�G
�Ҧp�Ahttps://admin.sun.com:443�C
�p�G�ϥιw�]���w�� http �s���� (443)�A�h�L���b URL ����J�s���C
����t�m�w����
�w�˱ҥΤF SSL ����A���N�b magnus.conf �ɮ� (��A�����D�t�m�ɮ�) ��������w���ʰѼƫإ߫�O���ءC�����N�w���ʳ]�w���uon�v�A���&�A�����w���ʳ]�w�~�|���ġC���&�A���� SSL �S�ʥi�H�H��A�������b server.xml �ɮת� SSLPARAMS ���$����C
�Y�n�]�w SSL �t�m�ɮ�O���ȡA�а��U�C�B�J�G
- �s�� [Server Manager] �ñq�U�Ԧ��M�椤�����&�A������A����ҡC
- �T�w���n�t�m����ť�M���r�ҥΤF�w���ʡC�Y�n�i�榹�ʧ@�A�а��U�C�B�J�G
- ��@�U [Edit Listen Sockets] �s���C
- ��@�U�n�ҥΨ�w���ʪ���ť�M���r�ҹ�3�� [Listen Socket ID]�C
�N��� [Edit Listen Socket] �����C
- �q [Security] �U�Ԧ��M���� [Enabled]�C
- ��@�U [OK]�C
- ��@�U [Magnus Editor] �s���C
- �q�U�Ԧ��M���� [SSL Settings] �ë�@�U [Manage]�C
- ��J�H�U�U�Ѽƪ��ȡG
- SSLSessionTimeout
- SSLCacheEntries
- SSL3SessionTimeout
- ��@�U [OK]�C
- ��@�U [Apply]�A�M���@�U [Restart] �H���ܧ�ͮġC
�o�� SSL �t�m�ɮ�O�p�U�ҭz�G
SSLSessionTimeout
SSLSessionTimeout ��O�Ω� SSL2 ���q�@�~���֨�C
�y�k
SSLSessionTimeout seconds
�䤤 seconds �O�֨� SSL ���q�@�~�O��Ī���ơC�w�]�Ȭ� 100�C�p�G��w�F SSLSessionTimeout ��O�A��ƪ��ȱN�۰ʭ��w�� 5 �� 100 �����C
SSLCacheEntries
��w�i�H�֨� SSL ���q�@�~���ƥءC
SSL3SessionTimeout
SSL3SessionTimeout ��O�Ω� SSL3 �M TLS ���q�@�~�֨�C
�y�k
SSL3SessionTimeout seconds
�䤤 seconds �O�֨� SSL3 ���q�@�~�O��Ī���ơC�w�]�Ȭ� 86400 �� (24 �p��)�C�p�G��w�F SSL3SessionTimeout ��O�A��ƪ��ȱN�۰ʭ��w�� 5 �� 86400 �����C
�ϥΥ~���[�K�Ҳ�
Sun ONE Web Server 6.1 �䴩�H�U�ϥΥ~���[�K�Ҳ� (�p���z�d�ΰO����) ����k�G
�Ұ� FIPS-140 �[�K�зǤ��e�A�z�ݭn�W�[ PKCS #11 �ҲաC
�w�� PKCS#11 �Ҳ�
Sun ONE Web Server �䴩���}���_�[�K�з� (PKCS) #11�A�Ӽзǩw�q�F�b SSL �M PKCS#11 �Ҳդ����q�T�ҨϥΪ������CPKCS#11 �ҲեΩ��V SSL �w��[�t�����зdzs�u�C�~���w��[�t�����פJ�ҮѩM���_�x�s�b secmod.db �ɮפ��A���ɮצb�w�� PKCs#11 �Ҳծɲ��͡C
�ϥ� modutil �u��w�� PKCS#11 �Ҳ�
�i�H�ϥ� modutil �u��åH .jar �ɮשΪ����ɮת��Φ��w�� PKCS#11 �ҲաC
�Y�n�ϥ� modutil �w�� PKCS#11 �ҲաA�а��U�C�B�J�G
- �T�w��F�Ҧ���A�� (�]�A Administration Server)�C
- ���ܥ]�t��Ʈw�� server_root/alias �ؿ��C
- �N server_root/bin/https/admin/bin �W�[�ܱz�� PATH ���C
- �b server_root/bin/https/admin/bin ����� modutil�C
- �]�w��ҡC�Ҧp�G
- �b UNIX �W�Gsetenv
LD_LIBRARY_PATH server_root/bin/https/lib:${LD_LIBRARY_PATH}
- �b IBM-AIX �W�GLIBPATH
- �b HP-UX �W�GSHLIB_PATH
- �b Windows �W�A�N�H�U���e�W�[�� PATH
LD_LIBRARY_PATH server_root/bin/https/bin
�z�i�H�b�H�U�ؿ���z��� PATH�Gserver_root/https-admin/start�C
- ��J��O�Gmodutil�C
�N�C�X�U�ؿﶵ�C
- ���һݪ��ʧ@�C
�Ҧp�A�n�b UNIX ���W�[ PCKS#11 �ҲաA�z�ݭn��J�G
modutil -add (PCKS#11 �ɮת��W��) -libfile (PCKS#11 �� libfile) -nocertdb -dbdir (�z�� db �ؿ�)�C
�ϥ� pk12util
�ϥ� pk12util �i�H�q������Ʈw���ץX�ҮѩM���_�A�ñN��פJ�����Υ~�� PKCS#11 �ҲաC�z�i�H�N�ҮѩM���_�l�ץX�ܤ�����Ʈw�A��h�ƥ~���O�����|���\�z�ץX�ҮѩM���_�C�̹w�]�Apk12util �ϥΦW�� cert8.db �M key3.db ���ҮѩM���_��Ʈw�C
�z�L pk12util �ץX
�Y�n�q������Ʈw���ץX�ҮѩM���_�A�а��U�C�B�J�G
- ���ܥ]�t��Ʈw�� server_root/alias �ؿ��C
- �N server_root/bin/https/admin/bin �W�[�ܱz�� PATH ���C
- �b server_root/bin/https/admin/bin ����� pk12util�C
- �]�w��ҡC�Ҧp�G
- �b UNIX �W�Gsetenv
LD_LIBRARY_PATH/server_root/bin/https/lib:${LD_LIBRARY_PATH}
- �b IBM-AIX �W�GLIBPATH
- �b HP-UX �W�GSHLIB_PATH
- �b Windows �W�A�N�H�U���e�W�[�� PATH
LD_LIBRARY_PATH server_root/bin/https/bin
�z�i�H�b�H�U�ؿ���z��� PATH�Gserver_root/https-admin/start�C
- ��J��O�Gpk12util�C
�N�C�X�U�ؿﶵ�C
- ���һݪ��ʧ@�C
�Ҧp�A�b UNIX ���A�z�ݭn��J�G
pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host]
- ��J��Ʈw�K�X�C
- ��J pkcs12 �K�X�C
�z�L pk12util �פJ
�Y�n�N�ҮѩM���_�פJ�����Υ~�� PKCS#11 �ҲաA�а��U�C�B�J�G
- ���ܥ]�t��Ʈw�� server_root/alias �ؿ��C
- �N server_root/bin/https/admin/bin �W�[�ܱz�� PATH ���C
- �b server_root/bin/https/admin/bin ����� pk12util�C
- �]�w��ҡC�Ҧp�G
- �b UNIX �W�Gsetenv
LD_LIBRARY_PATH/server_root/bin/https/lib:${LD_LIBRARY_PATH}
- �b IBM-AIX �W�GLIBPATH
- �b HP-UX �W�GSHLIB_PATH
- �b Windows �W�A�N�H�U���e�W�[�� PATH
LD_LIBRARY_PATH server_root/bin/https/bin
�z�i�H�b�H�U�ؿ���z��� PATH�Gserver_root/https-admin/start�C
- ��J��O�Gpk12util�C
�N�C�X�U�ؿﶵ�C
- ���һݪ��ʧ@�C
�Ҧp�A�b UNIX ���A�z�ݭn��J�G
pk12util -i pk12_sunspot [-d certdir][-h nCipher][-P https-jones.redplanet.com-jones-]
-P ������b -h ����A�åB�����O�̫�@�ӤơC
��J���T���O���W�١A�]�A�j�g�r�)M���������Ů�C
- ��J��Ʈw�K�X�C
- ��J pkcs12 �K�X�C�z�L�Y�ӥ~���ҮѱҰʦ�A���C
�p�G��A�����ҮѦw�˦b�~�� PKCS#11 �Ҳ� (�Ҧp�A�w��[�t��) ���A��A���N�L�k�ϥθ��ҮѶi��ҰʡA���D�z�� server.xml �i��s��A�Ψ̦p�U�ҭz�ӫ�w�ҮѦW�١C
��A���l�xըϥΦW���uServer-Cert�v���ҮѱҰʡC��~�� PKCS#11 �Ҳդ����ҮѱN�b�ѧO�X���]�t�ӼҲժ��Y�ӰO���W�١C�Ҧp�A�W���usmartcard0�v���~�����z�dŪ��W�w�˪���A���Ү�3�W���usmartcard0:Server-Cert�v�C
�Y�n�ϥΦw�˦b�~���Ҳդ����ҮѱҰʦ�A���A�N�ݭn������A������ť�M���r��w�ҮѦW�١C
����ť�M���r����ҮѦW��
�Y�n����ť�M���r����ҮѦW�١A�а��U�C�B�J�G
|
|
�Ƶ�
|
�p�G���b��ť�M���r�W�ҥ� [Security]�A�h���|�C�X�ҮѪ���T�C�Y�n����ť�M���r����ҮѦW�١A����T�w�w�ҥΤF�ӮM���r�W���w���ʡC�p�ݧ�h��T�A�аѾ\�u����ť�M���r�ҥΦw�����v�C
|
|
- �s�� [Administration Server] �� [Server Manager]�A�M���� [Preferences] ���ҡC
��� [Server Manager]�A�z������q�U�Ԧ��M�椤����A����ҡC
- ��� [Preferences] ���� (�p�G�|�����)�C
- ��@�U [Edit Listen Sockets] �s���C
�ù�W�|��� [Edit Listen Sockets] �����C
- ��@�U�n�P�Ү����p����ť�M���r�ҹ�3�� [Listen Socket Id] �s���C
�ù�W�|��� [Edit Listen Socket] �����C
- �q [Server Certificate Name] �U�Ԧ��M�椤����ť�M���r����A���ҮѡC
�ӲM��]�t�Ҧ��w�w�˪������M�~���ҮѡC
|
|
�Ƶ�
|
�p�G���w�˥���A���ҮѡA�N���ĵ�i�ӫD [Server Certificate Name] �U�Ԧ��M��C
|
|
- ��@�U [OK]�C
- ��� [Server Manager]�A��@�U [Apply]�A�M���@�U [Restart] �H���ܧ�ͮġC
�z�]�i�H��ʽs�� server.xml �ɮסA���A���z�L�Ӧ�A���ҮѱҰʡC�N SSLPARAMS ���� servercertnickname �ݩ��ܧG
�Y�n�d�� $TOKENNAME �ϥΪ��ȡA�в��ܦ�A���� [Security] ���Ҩÿ�� [Manage Certificates] �s���C��z�n�J���x�s Server-Cert ���~���ҲծɡA$TOKENNAME:$NICKNAME ��檺�M�椤�N��ܨ��ҮѡC
|
|
�Ƶ�
|
�p�G�����إߥi�H���Ʈw�A�h�|�b���~�� PKCS#11 �ҲեӽЩΦw���ҮѤ��ɬ��z�إߤ@�ӥi�H���Ʈw�C�إߪ��w�]��Ʈw�S���K�X�A�B�L�k�s��C�~���Ҳեi�H�u�@�A��z����ӽЩM�w�˦�A���ҮѡC�p�G�إߪ��w�]��Ʈw�S���K�X�A�Шϥ� [Security] ���ҩM [Create Database] �����ӳ]�w�K�X�C
|
|
FIPS-140 �з�
�z�L PKCS#11 API�A�z�i�H�P���[�K�@�~���n��εw��Ҳնi��q�T�C�b��A���W�w�� PKCS#11 ����A�z�i�H�� Sun ONE Web Server �i��t�m�A�H�Ϩ�P�p����T�B�z�з� (FIPS)-140 �ۮe�C�o�ǵ{���w�ȥ]�t�b SSL 3.0 �������C
�Y�n�ҥ� FIPS-140�A�а��U�C�B�J�G
- �̾� FIPS-140 ��������w�˸� Plug-in�C
- �s�� [Administration Server] �� [Server Manager]�A�M���� [Preferences] ���ҡC
��� [Server Manager]�A�z������q�U�Ԧ��M�椤����A����ҡC
- ��@�U [Edit Listen Sockets] �s���C
�ù�W�|��� [Edit Listen Sockets] �����C���w����ť�M���r�A[Edit Listen Socket] ��������ܥi�Ϊ��w���ʳ]�w�C
|
|
�Ƶ�
|
�Y�n�ϥ� FIPS-140�A�нT�w�w�b���ť�M���r�W�ҥΤF�Ӧw���ʡC�p�ݧ�h��T�A�аѾ\�u����ť�M���r�ҥΦw�����v�C
|
|
- �q SSL ���� 3 �U�Ԧ��M���� [Enabled] (�p�G�|�����)�C
- �֨�A�? FIPS-140 �K�X�աG
- (FIPS) 56 �줸�[�K�� DES �M SHA �T���{��
- (FIPS) 168 �줸�[�K���T�� DES �M SHA �T���{��
- ��@�U [OK]�C
- ��� [Server Manager]�A��@�U [Apply]�A�M���@�U [Restart] �H���ܧ�ͮġC
�]�w�Τ�ݦw���ʻݨD
���i�O�@��A���w���ʪ��Ҧ��B�J��A�i�H���Τ�ݳ]�w��L�w���ʻݨD�C
�n�D�Τ�ݻ{��
�z�i�H�� Administration Server �M�C�Ӧ�A����ұҥΰ�ť�M���r�A�H�n�D�Τ�ݻ{�ҡC�ҥΥΤ�ݻ{�ҫ�A�������ѥΤ���ҮѡA��A���~��V�d�߶ǰe�^3�C
Sun ONE Web Server �䴩�z�L�ϥΤ���ҮѤ��� CA �Pñ�W�Τ���ҮѮɫH�� CA �ǰt�����ҥΤ���ҮѡC�z�i�H�b Administration Server �� [Manage Certificates] �������� [Security] �U�˵�ñ�W�Τ���ҮѮɫH�� CA �M��C���|�������� CA�G
- ���i�H�� CA (���ǰt)
- �i�H���A�� CA (���ǰt)
- �i�H��Τ�� CA (�ǰt)
- �i�H��Τ��/��A�� CA (�ǰt)
�z�i�H�t�m Web ��A���A�H�ڵ����㦳�Ӧۥi�H�� CA �Τ���ҮѪ��Ҧ��Τ�ݡC�Y�n����Ωڵ��i�H�� CA�A�����w�g�� CA �]�w�F�Τ�ݫH��C�p�ݧ�h��T�A�аѾ\�u�z�Ү��v�C
�p�G�ҮѤw�L�aASun ONE Web Server �N�O���~�B�ڵ��ҮѨæV�Τ�ݶǦ^�@�h�T���C�]�i�H�b Administration Server �� [Manage Certificates] �������˵�w�L�j��ҮѡC
�z�i�H���A���i��t�m�A�H�K�q�Τ���ҮѦ�����T�èϨ�P LDAP �ؿ�ϥΪ̶��ؤǰt�C�o�˥i�H�T�w�Τ�ݾ֦����Ī��ҮѩM LDAP �ؿ���ءC�ӥB�٥i�H�T�w�Τ���ҮѻP LDAP �ؿ��ҮѬۤǰt�C�Y�n�A�Ѧp��i�榹�@�~�A�аѾ\�u�N�Τ���Үѹ�M�� LDAP�v�C
�z�i�H�N�Τ���ҮѩM�s���X�ϥΡA�H�K���F�Ӧۥi�H�� CA �H�~�A�P�Ү����p���ϥΪ��٥����P�s���W�h (ACL) �ۤǰt�C�p�ݧ�h��T�A�аѾ\�u�ϥΦs����ɮ��v�C
�z�]�i�H�B�z�Τ���ҮѪ���T�C�p�ݧ�h��T�A�аѾ\�uSun ONE Web Server 6.1 NSAPI Programmer's Guide�v�C
�ӽХΤ�ݻ{��
�Y�n�ӽХΤ�ݻ{�ҡA�а��U�C�B�J�G
- �s�� [Administration Server] �� [Server Manager]�A�M���� [Preferences] ���ҡC
��� [Server Manager]�A�z������q�U�Ԧ��M�椤����A����ҡC
- ��@�U [Edit Listen Sockets] �s���C
�ù�W�|��� [Edit Listen Sockets] �����C
- ��@�U�n�ӽХΤ�ݻ{�Ҫ���ť�M���r�ҹ�3�� [Listen Socket Id] �s���C
�ù�W�|��� [Edit Listen Socket] �����C
- �Y�n����ť�M���r�ӽХΤ�ݻ{�ҡA�бq [Client Authentication] �U�Ԧ��M���� [Required]�C
- ��@�U [OK]�C
- ��� [Server Manager]�A��@�U [Apply]�A�M���@�U [Restart] �H���ܧ�ͮġC
|
|
�Ƶ�
|
�ثe�A�C�� Web ��A����ҥu���@�ӥi�H���ҮѸ�Ʈw�C�b�Ӧ�A����ҤU��檺�Ҧ��w�����&�A�����@�ΦP�@�ӥi�H��Τ�� CA �M��C�p�G��ӵ��&�A���ݭn���P���i�H�� CA�A�h�o�ǵ��&�A��3�Ӧb�㦳��W�i�H���Ʈw�����P��A����Ҥ����C
|
|
�N�Τ���Үѹ�M�� LDAP
���`���� Sun ONE Web Server �ΨӱN�Τ���Үѹ�M�� LDAP �ؿ�ت��{�ǡC
��A���q�Τ�ݨ�o�ӽЫ�A�N�b�B�z�ӽФ��e�mn�Τ�ݪ��ҮѡC�Y�ǥΤ�ݷ|�b�V��A���ǰe�ӽЪ��P�ɶǰe�Τ���ҮѡC
|
|
�Ƶ�
|
�N�Τ���Үѹ�M�� LDAP ���e�A�ٻݭn�]�w�һݪ� ACL�F�p�ݧ�h��T�A�аѾ\�u������A�����s���v�C
|
|
��A���N�x��˵�� CA �O�_�P Administration Server �����Y�ӥi�H�� CA �ǰt�C�p�G�䤣��ǰt�� CA�ASun ONE Web Server �N�פ�s�u�C�p�G�����ǰt�� CA�A��A���N�~��B�z�ӽСC
�����ҮѬO�Ӧۥi�H�� CA ����A��A���|�z�L�H�U�覡�N�Үѹ�M�� LDAP ���ءG
- �N�ֵo�̩M�D�D DN �q�Τ���Үѹ�M�� LDAP �ؿ�$��I�C
- �b LDAP �ؿ�j�M�P�Τ���ҮѪ��D�D (�@��ϥΪ�) �����T�ۤǰt�����ءC
- (�i��) ���ҥΤ���ҮѬO�_�P��3�� DN �� LDAP ���ؤ����ҮѬۤǰt�C
��A���ϥΦW�� certmap.conf ���Үѹ�M�ɮרӽT�w�p��i�� LDAP �j�M�C��M�ɮױN�i�D��A���n�ϥΥΤ���ҮѤ������ǭ� (�p�@��ϥΪ̪��W�١B�q�l�l���}��)�C��A���N�ϥγo�ǭȷj�M LDAP �ؿ�ϥΪ̶��ءA���A������ݭn�T�w�q LDAP �ؿ���Ӧ�m�}�l�j�M�C�Үѹ�M�ɮפ]�|�i�D��A���}�l�j�M����m�C
��A���A�ѤF�}�l�j�M����m�M�ݭn�j�M�����e (�B�J 1) ����A�N�b LDAP �ؿ���j�M (�B�J 2)�C�p�G�����ǰt���ةΧ��h�Ӥǰt���ءA�åB���]�w��M�H�����ҮѡA�j�M�N���ѡC�p�ݦ���w�wj�M���G�欰������M��A�аѾ\�U��u�� 6-1�v�C�Ъ`�N�A�z�i�H�b ACL ����w�w�j��欰�A�Ҧp�A�z�i�H��w Sun ONE Web Server �b�ҮѤǰt���Ѯɶȱ���z�C�p�ݦ���p��]�w ACL �ߦn�]�w����h��T�A�аѾ\�u�ϥΦs����ɮ��v�C
�� 6-1 LDAP �j�M���G
|
LDAP �j�M���G
|
�Ү����ҡu�}�ҡv
|
�Ү����ҡu��v
|
|
����춵��
|
�{�ҥ���
|
�{�ҥ���
|
|
��n���@�Ӷ���
|
�{�ҥ���
|
�{�Ҧ��\
|
|
���h�Ӷ���
|
�{�ҥ���
|
���v����
|
��A���b LDAP �ؿ���ǰt�����ةM�Үѫ�A�N�i�H�ϥθӸ�T�B�z���ʡC�Ҧp�A�Y�Ǧ�A���ϥ��ҮѨ� LDAP ����M�ӽT�w��Y�Ӧ�A�����s���v���C
�ϥ� certmap.conf �ɮ�
�Үѹ�M�Ω�T�w��A���b LDAP �ؿ�d��ϥΪ̶��ت��覡�C�z�i�H�ϥ� certmap.conf �t�m�Ү� (�̦W�٫�w) ��M�� LDAP ���ت��覡�C�z�i�H�s�覹�ɮרüW�[���ءA�H�ǰt LDAP �ؿ��´�M�C�X�z�Ʊ�ϥΪ֦̾����ҮѡC�ϥΪ̥i�H��� subjectDN ���ϥΪ��ϥΪ� ID�B�q�l�l���}�Υ���L�ȶi��{�ҡC�S�O�O�A��M�ɮץi�w�q�H�U��T�G
- ��A��3�ӱq LDAP �𤤶}�l�j�M����m
- �b LDAP �ؿ�i��j�M�ɡA��A��3�ӧ@���j�M����Ү��ݩ�
- ��A���O�_�n����L���ҵ{��
�Үѹ�M�ɮצ��H�U��m�G
���ɮץ]�t�F�@�өΦh�Ӥw�R�W��M�A�C�ӹ�M���M�ΩP�� CA�C��M���y�k�p�U�G
certmap <name> <issuerDN>
<name>:<property> [<value>]
�Ĥ@��Ω��w���ت��W�٥H�ΧΦ� CA �ҮѤ��ϧO�W�٪��ݩʡC�ӦW�٬O��N���A�z�i�H�N��w�q���һݪ����W�١C��O�AissuerDN �����P�ֵo�Τ���ҮѪ� CA ���ֵo�� DN �����ǰt�C�Ҧp�A�H�U��� issuerDN ��Ȧb�9j�ݩʪ��Ů�W���Үt���A���A���N����Ӥ��P�����ءG
certmap sun1 ou=Sun Certificate Authority,o=Sun, c=US
certmap sun2 ou=Sun Certificate Authority,o=Sun, c=US
|
|
����
|
�p�G�ϥΪ��O Sun ONE Directory Server �æb�ǰt issuerDN �ɹJ����D�A���ˬd Directory Server ��~��x���O�_�s�b���Ϊ���T�C
|
|
�w�R�W��M�����ĤG��M�H�᪺��i�H���ݩʻP�Ȭۤǰt�Ccertmap.conf �ɮפ��]�t���ӹw�]�S�� (�i�H�ϥ��Ү� API �ۭq�S��)�G
- DNComps �O�@�t�C�γr���9j���ݩʡA�Ω�T�w��A���q LDAP �ؿ���Ӧ�m�}�l�j�M�ǰt�ϥΪ� (�Y�Τ���ҮѪ��֦���) ��T�����ءC��A���q�Τ���ҮѤ������o���ݩʪ��ȡA�åγo�ǭȧΦ� LDAP DN�A�M��Y�i�T�w��A���q LDAP �ؿ���Ӧ�m�}�l�j�M�C�Ҧp�A�p�G�N DNComps �]�w���ϥ� DN �� o �M c �ݩʡA��A���N�q LDAP �ؿ� o=<org>, c=<country> ���ض}�l�j�M�A�䤤 <org> �M <country> �N��N���ҮѤ� DN ���ȡC
�Ъ`�N�H�U���ΡG
- �p�G��M�����s�b DNComps ���ءA��A���N�ϥ� CmapLdapAttr �]�w�ΥΤ���ҮѤ�����ӥD�D DN (�Y�@��ϥΪ̪���T)�C
- �p�G DNComps ���ئs�b��S����3���ȡA��A���N�b��� LDAP �𤤷j�M�ǰt�L�o�������ءC
- FilterComps �O�@�t�C�γr���9j���ݩʡA�Ω�z�L�����Τ���ҮѤ��ϥΪ� DN ����T�ӫإ߹L�o���C��A���N�ϥγo���ݩʪ��ȡA�H�Φ��ǰt LDAP �ؿ�U���ت��j�M���C�p�G��A���b LDAP �ؿ���F�@�өΦh�ӻP�q�ҮѤ������쪺�ϥΪ̸�T�ǰt�����ءA�h��ܷj�M���\�åB��A���i�H��ܰ��Y�����ҡC
�Ҧp�A�p�G FilterComps �]�w���ϥιq�l�l���}�M�ϥΪ� ID �ݩ� (FilterComps=e,uid)�A��A���N�b�ؿ�j�M�q�l�l���}�M�ϥΪ� ID ���ȻP�q�Τ���ҮѤ������쪺�@��ϥΪ̸�T�ǰt�����ءC�q�l�l���}�M�ϥΪ� ID �O�D�`�n���L�o���A�]�����̦b�ؿ�q�`�O�ߤ@�����ءC�L�o���ݭn�D�`����A�H�K�Ȥǰt LDAP ��Ʈw�����Y�@���ءC
�p�ݦ��� x509v3 �Ү��ݩʪ��M��A�аѾ\�U��G
�� 6-2 x509v3 �ҮѪ��ݩ�
|
�ݩ�
|
�y�z
|
|
c
|
��a/�a��
|
|
o
|
��´
|
|
cn
|
�@�ΦW��
|
|
l
|
��m
|
|
st
|
���A
|
|
ou
|
��´�椸
|
|
uid
|
UNIX/Linux �ϥΪ� ID
|
|
email
|
�q�l�l���}
|
�L�o�����ݩʦW�٥����O�Ӧ��Ү� (�ӫD�Ӧ� LDAP �ؿ�) ���ݩʦW�١C�Ҧp�A�Y���ҮѱN e �ݩʥΩ�ϥΪ̪��q�l�l���}�A�� LDAP �h�ٸ��ݩʬ� mail�C
- verifycert �i�D��A���O�_�ݭn���Τ���ҮѩM LDAP �ؿ��쪺�ҮѡC���ϥΨ�ӭȡGon �M off�C�p�G LDAP �ؿ�]�t�ҮѡA�h�u��ϥΦ��S�ʡC���\��U��T�w�@��ϥΪ̨ϥΪ��ҮѦ��ĥB���Q�o��C
- CmapLdapAttr �O LDAP �ؿ�]�t�ӨϥΪ̥����ҮѤ��D�D DN ���ݩʦW�١C�ӯS�ʪ��w�]�Ȭ� certSubjectDN�C���ݩʤ��O�зǪ� LDAP �ݩʡA�]���n�ϥθӯS�ʡA�������� LDAP ��ءC�p�ݧ�h��T�A�аѾ\�uIntroduction to SSL�v�C
�p�G certmap.conf �ɮפ��s�b���S�ʡA��A���N�b��� LDAP �ؿ�j�M���ݩ� (�H���S�ʩR�W) �P���㪺�D�D DN (�q�ҮѤ���o) �ۤǰt�����ءC�p�G�j�M�����ءA��A���N�ϥ� DNComps �M FilterComps ��M���s�xշj�M�C
��ϥ� DNComps �M FilterComps �ǰt���عJ��x��ɡA�o�إΩ�ǰt�ҮѻP LDAP ���ت���k�D�`���ΡC
- Library �O���Ȭ��@�ε{���w�� DLL ����|�W�٤��S�ʡC�u����ϥ��Ү� API �إߦۤv���S�ʮɤ~�ݭn�ϥΦ��S�ʡC�p�ݧ�h��T�A�аѾ\�uNSAPI Programmer's Guide�v�C
- InitFn �O���Ȭ��ۭq�{���w�� init �禡�W�٪��S�ʡC�u����ϥ��Ү� API �إߦۤv���S�ʮɤ~�ݭn�ϥΦ��S�ʡC
�p�ݦ���o�ǯS�ʪ���h��T�A�аѾ\�u��M�d���v
�إߦۭq�S��
�z�i�H�ϥΥΤ���Ү� API �إߦۤv���S�ʡC�p�ݦ���{���]�p�M�ϥΥΤ���Ү� API ����h��T�A�аѾ\�uNSAPI Programmer's Guide�v�C
�إߦۭq��M��A�N�i�H�ѷӥH�U�榡����M�G
<name>:library <path_to_shared_library>
<name>:InitFn <name_of_init_function>
�Ҧp�G
certmap default1 o=Sun Microsystems, c=US
default1:library /usr/sun/userdb/plugin.so
default1:InitFn plugin_init_fn
default1:DNComps ou o c
default1:FilterComps l
default1:verifycert on
��M�d��
certmap.conf �ɮפ�3�ܤ֥]�t�@�Ӷ��ءC�H�U�d�Үi�ܤF�i�H�ϥ� certmap.conf �ɮת����P�覡�C
�d�� #1
���d�Ҫ�ܥu���@�ӡu�w�]�v��M�� certmap.conf �ɮסG
certmap default default
default:DNComps ou, o, c
default:FilterComps e, uid
default:verifycert on
�ϥΥ��d�ҡA��A���i�H�b�]�t ou=<orgunit>, o=<org>, c=<country> ���ت� LDAP �$��I�B�}�l�j�M�A�䤤 <> ������r�N��N���Τ���ҮѤ��D�D DN ���ȡC
�M��A��A���N�ϥ��ҮѤ����q�l�l���}�M�ϥΪ� ID ���Ȧb LDAP �ؿ�j�M�ǰt�����ءC���ǰt�����خɡA��A���N���Τ�ݶǰe���ҮѩM�x�s�b�ؿ��ҮѡA�H���Ҹ��ҮѡC
�d�� #2
�H�U�d���ɮפ��]�A��ӹ�M�G�@�ӥΩ�w�]�A�t�@�ӥΩ���l�F�A�ȡG
certmap default default
default:DNComps
default:FilterComps e, uid
certmap usps ou=United States Postal Service, o=usps, c=US
usps:DNComps ou,o,c
usps:FilterComps e
usps:verifycert on
�p�G��A����o���ҮѨӦ۬��l�F�A�ȥH�~����L�ϥΪ̡A�h��A���N�ϥιw�]��M�A�Y�q LDAP �𪺳��ݱҰʨ÷j�M�ǰt�Τ�ݹq�l�l���}�M�ϥΪ� ID �����ءC�p�G�ҮѨӦ۬��l�F�A�ȡA��A���N�q�]�t��´�椸�� LDAP �$�Ұʨ÷j�M�ǰt���q�l�l���}�C�ӥB�Ъ`�N�A�p�G�ҮѨӦ� USPS�A��A���N���Ҹ��ҮѡA�Ӥ��|���Ҩ�L�ҮѡC
|
|
ĵ�i
|
�ҮѤ����ֵo�� DN (�Y CA ����T) �����P��M���Ĥ@�椤�ҦC���ֵo�� DN �����ۦP�C�b�H�W�d�Ҥ��A�Ӧۮֵo�� DN (�Y o=United States Postal Service,c=US) ���ҮѴN���ǰt�A�]�� o �M c �ݩʤ����S���Ů�C
|
|
�d�� #3
�H�U�d�Ҩϥ� CmapLdapAttr �S�ʷj�M LDAP ��Ʈw���W�� certSubjectDN ���ݩʡA��ȻP�Τ���ҮѤ�����ӥD�D DN �����ǰt�C
certmap myco ou=My Company Inc, o=myco, c=US
myco:CmapLdapAttr certSubjectDN
myco:DNComps o, c
myco:FilterComps mail, uid
myco:verifycert on
�p�G�Τ���ҮѪ��D�D���G
uid=Walt Whitman, o=LeavesOfGrass Inc, c=US
��A���N����j�M�]�t�H�U��T�����ءG
certSubjectDN=uid=Walt Whitman, o=LeavesOfGrass Inc, c=US
�p�G���@�өΦh�Ӥǰt�����ءA��A���N�~�����ҦU���ءC�p�G�����ǰt�����ءA��A���N�ϥ� DNComps �M FilterComps �j�M�ǰt�����ءC�b���d�Ҥ��A��A���|�b o=LeavesOfGrass Inc, c=US �U���Ҧ����ؤ��j�M uid=Walt Whitman�C
|
|
�Ƶ�
|
���d�Ұ��] LDAP �ؿ�]�t�a�� certSubjectDN �ݩʪ����ءC
|
|
�]�w��j�K�X
[Stronger Ciphers] �ﶵ�i��z��ܥΩ�s�� 168 �줸�B128 �줸�� 56 �줸�j�p�����_�٥i��ܤ����w�j�p�����_�C�z�i�H��w���ŦX���w���ɨϥΪ��ɮסC�p�G����w�ɮסASun ONE Web Server �N�Ǧ^�uForbidden�v���A�C
�p�G�Ω�s��ҿ���_�j�p�P [Security Preferences] �U���ثe�K�X�]�w���@�P�ASun ONE Web Server �N��ܤ@���۲{����ܤ��Aĵ�i�z�ݭn�ҥαa����j���_�j�p���K�X�C
���_�j�p���w����I�ثe��� obj.conf ���� NSAPI PathCheck ��O�A�Ӥ��O Service fn=key-toosmall�C�ӫ�O���G
�䤤�A<nbits> �O���_���һݪ��̤p�줸�ơA<filename> �O���ŦX���w���ɨϥΪ��ɮ� (�ӫD URI) ���W�١C
�p�G���ҥ� SSL �Ϊ̥���w secret-keysize �ѼơAPathCheck �N�Ǧ^ REQ_NOACTION�C�p�G�ثe���q�@�~�����_�j�p�p���w�� secret-keysize�A�禡�N�Ǧ^���A�� PROTOCOL_FORBIDDEN �� REQ_ABORTED (�p�G����w bong-file) �Ψ�L REQ_PROCEED�A�åB�upath�v�ܼƳQ�]�w�� bong-file <filename>�C�ӥB�A�p�G���ŦX���_�j�p���w�A�ثe���q�@�~�� SSL ���q�@�~�֨�رN���ġA�]���U����P�@�ӥΤ�ݳs�u���A���ɡA�N�o�ͧ��㪺 SSL �洫�C
|
|
�Ƶ�
|
��b�u��j�K�X�v��椤�W�[ PathCheck fn=ssl-check �ɡA���N�����b����쪺�Ҧ� Service fn=key-toosmall ��O�C
|
|
�Y�n�]�w��j�K�X�A��U�C�B�J�G
- �s�� [Server Manager] �ñq�U�Ԧ��M�椤����A����ҡC
- ��@�U [Virtual Server Class] ���ҡC
- �q�U�Ԧ��M����@�����O�ë�@�U [Manage]�C
�ù�W�|��� [Class Manager] �����C
- ��� [Content Mgmt] ���ҡC
- ��� [Stronger Ciphers]�C
- ��ܳz�L�H�U�覡�i��s��G
- �q�U�Ԧ��M�椤
- ��@�U [Browse]
- ��@�U [Wildcard]
- �����_�j�p�����w�G
- 168 �줸�Χ�j
- 128 �줸�Χ�j
- 56 �줸�Χ�j
- �L���w
- ��J�n�ڵ��s��T���Ҧb���ɮצ�m�C
- ��@�U [OK]�C
- ��@�U [Apply]�C
- ���w���Ұ�/���s�ҰʩΰʺA�M�ΡC
�p�ݧ�h��T�A�аѾ\�uIntroduction to SSL�v�C
�Ҷq��L�w���ʰ��D
���F�Y�ǨϥΪ̷|�xկ}�ѱz���[�K�H�~�A�٦s�b��L�w���ʭ��I�C����{�����I�Ӧۥ~���M�������b�ȡA�L�̨ϥΦU�ؤ�k�xզs��z����A���H�Φ�A���W����T�C
�]���A���F�b��A���W�ҥΥ[�K�~�A��3�Ĩ��B�~���w�����@���I�C�Ҧp�A�N��A�����b�@�Ӧw�����ж����A�����\��i�H��ϥΪ̱N�{���W��ܱz����A���C
�H�U�p�`�y�z�F���Ϧ�A����w���ү��檺�̭��n�ʧ@�G
- �������s��
- ����z�s��
- ��ܥi�a���K�X
- �ܧ�K�X�� PIN
- �����A���W����L3�ε{��
- ����Τ�ݧ֨� SSL �ɮ�
- ����s����
- �A�Ѧ�A��������
- �i���L�ܧ�H�O�@��A��
�������s��
�o��²�檺�w����k�g�`�|�Q��ѡC�N��A�����b�@�ӤW�ꪺ�ж����A�u���g�L���v���ϥΪ̤~��i�J�өж��C�o�˥i�H������H��;��A��������C
�ӥB�A�n�O�@�n����z (��) �K�X (�p�G��)�C
����z�s��
�p�G�ϥλ��ݰt�m�A�нT�w�]�w�F�s���A�H�K�u��ּƨϥΪ̩M�q���i��z�C�p�G�Ʊ� Administration Server ���@��ϥΪ̴��ѹ� LDAP ��A���Υ���ؿ��T���s���v���A�ЦҶq���@��� Administration Server �M�ϥ��O���z�C�o�˱ҥΤF SSL �� Administration Server �i�@���D��A���A�ӥt�@�� Administration Server �h�Ω�@��ϥΪ̪��s��C
�p�ݦ����O������h��T�A�аѾ\�u����O���v�C
�z��3�Ӭ� Administration Server �}�ҥ[�K�\��C�p�G���N SSL �s�u�Ω�z�A����z�L�D�[�K������滷�ݦ�A���z��3�Ӯ�~�p�ߡA�]�����H���i�H�I��z���z�K�X�í��s�t�m�z����A���C
��ܥi�a���K�X
�z�i�H�b��A�����ϥΦh�ӱK�X�G�z�K�X�B�p�K���_�K�X�B��Ʈw�K�X�����C�z�K�X�O�����K�X���̭��n���@�ӡA�]������ӱK�X���ϥΪ̧��i�H�b�z���q���W�t�m����A���C�p�K���_�K�X�O�����n���K�X�C�p�G�Y�ӨϥΪ̨�o�F�z���p�K���_�M�p�K���_�K�X�A�h�i�H�إ߰���A�� (���˦��z����A��)�A�Ϊ̺I��M�ܧ�z��A�����q�T��T�C
�K�X�̦n�O�K��z�ۤv�O�СA�L�H�S�L�k�q��C�Ҧp�A�z�i�H�N MCi12!mo �O���uMy Child is 12 months old!�v�C���n�ϥΫĤl���m�W�Υͤ�@���K�X�C
�إ���H�}�Ѫ��K�X
�H�U�o��²�檺��ɭ�h�i0�U�z�إߧ�n���K�X�C
�����N�H�U�����W�h���Ω�@�ӱK�X�A��ϥΪ��W�h�V�h�A�z���K�X�N�V��H�Q�}�ѡG
- �K�X�����3�Ӭ� 6 �� 14 �Ӧr�� (Mac �K�X���o�W�L 8 �Ӧr��)�C
- �ФŨϥΡu�D�k�v�r���G*�B" �ΪŮ�
- �ФŨϥ������ (���y��)
- �ФŶi��`���r�(�N�A�Ҧp�N E ��N�� 3 �αN L ��N�� 1
- �ɥi��h�a�]�t�H�U�r���G
- �j�g�r��
- �p�g�r��
- �Ʀr
- �Ÿ�
�ܧ�K�X�� PIN
�w���ܧ�z���i�H���Ʈw/���_���ɮױK�X�� PIN �O�@�Ӧn�ߺD�C�p�G�b Administration Server ���ҥΤF SSL�A�h�Ұʦ�A���ɻݭn���K�X�C�w���ܧ�K�X�i�H�W�[���A�����B�~�O�@�C
�u��b�����W�ܧK�X�C�p�ݦ����ܧ�K�X���`�N�ƶ��M��A�аѾ\�u�إ���H�}�Ѫ��K�X�v�C
�ܧ�K�X
�Y�n�ܧ� Administration Server �Φ�A����Ҫ��i�H���Ʈw/���_���ɮױK�X�A�а��U�C�B�J�G
- �s�� [Administration Server] �� [Server Manager]�C
��� [Server Manager]�A�z������q�U�Ԧ��M�椤����A����ҡC
- ��� [Change Password] �s���C
- �q�U�Ԧ��M�椤���n�b�䤤�ܧ�K�X���w���ʰO���C
�̹w�]�A�������_��Ʈw���w���ʰO�����uinternal�v�C�p�G�w�ˤF PKCS#11 �ҲաA�h�|�ݨ�C�X���Ҧ��O���C��@�U [Change Password] �s���C
- ��J�ثe�K�X�C
- ��J�s�K�X�C
- �A����J�s�K�X�C
- ��@�U [OK]�C
- ��� [Server Manager]�A��@�U [Apply]�A�M���@�U [Restart] �H���ܧ�ͮġC
�T�w�z�����_���ɮר��O�@�CAdministration Server �N���_���ɮ��x�s�b server_root/alias �ؿ�C�ЦҶq���ɮשM�ؿ�u��Q�z�q���W�w�˪� Sun ONE ��A��Ū��C
�A�ѳƥ�ϱa�W�O�_�x�s�F���ɮץH�Ψ�L�H�O�_���I����ɮפ]�ܭ��n�C�p�G�x�s�F���ɮסA�h�������O�@��A���@�˺ɤO�O�@�z���ƥ�C
�����A���W����L3�ε{��
��Ҧ�3�ε{�����b�@����A�����P�@�x��W���ɡA�ݭn��~�p�ߡC�Q�Φ�A���W��檺��L�{�������|�}�i�H�}��A�����w���O�@�C�а��ΩҦ������n���{���M�A�ȡC�Ҧp�AUNIX sendmail �`�n�{����H�i��w���a�t�m�A�]���]�N�i�H���i��{���]�p�A�H�b��A����W����L�i��`���{���C
UNIX �M Linux
�J�ӿ�ܱq inittab �M rc �{���ɱҰʪ��{�ǡC�Фűq��A������ telnet �� rlogin�C�åB�A�]��3�Ӧb��A����W��� rdist (����O�i�ΨӤ0t�ɮסA��]�i�Ω��s��A����W���ɮ�)�C
Windows
�P��L��@�κϺо�M�ؿ�ɭn��~�p�ߡC�ӥB�A�n�Ҷq���ǨϥΪ̨㦳�b���� Guest �v���C
�P�ˡA�b��A���W�w�˭��ǵ{���H�άO�_���\��L�ϥΪ̦b��A���W�i��w�˳��n��~�p�ߡC��L�ϥΪ̪��{���i��|�s�b�w���|�}�C���V�|���O�A���H�i��|�W���h���c�N���{���A�ت��N�O�}�a�z���w���ʡC�b�z����A���W�w�˵{�����e�@�w�n�J���ˬd�o�ǵ{���C
����Τ�ݧ֨� SSL �ɮ�
�z�L�b HTML �ɮת� <HEAD> ���$��W�[�H�U��A�i�H����Τ�ݧ֨�[�K���ɮסG
����s����
���ξ�W���ϥΪ��Ҧ��s����C�ϥθ�Ѿ��Ψ�����t�m�H����P����̤p�s���H�~�����s����i��i�Ӫ��s�u�C�o�N��ۨ�o��W Shell ���ߤ@��k�N�O��ڨϥΦ�A������A�Ӿ�3�Ӧb�@�ӭ��w���ϰ줺�C
�A�Ѧ�A��������
��A�����ѤF��A���M�Τ�ݤ������w���s�u�C�Τ�ݨ�o��T����A��A���J�L�k�����T���w���ʡA�]�L�k������A��������Ψ�ؿ�M�ɮת��s��C
�A�ѳo�ǭ���U��z�z�ѭn�קK���DZ��ΡC�Ҧp�A�z�i�H�z�L SSL �s�u��o�H�Υd���A��o�Ǹ��X�O�_�x�s�b��A����W���w���ɮפ��O�HSSL �s�u�פ��A�o�Ǹ��X�|��˩O�H�z3�ӹ�Τ�ݳz�L SSL �ǰe���z������T���w���ʭt�d�C
�i���L�ܧ�H�O�@��A��
�p�G�n�P�ɨϥΨ�O�@���M����O�@����A���A�h3�Ӧb��O�@����A���H�~����L��W��椣��O�@����A���C�p�G�z���귽�����A�����b�P�@�x��W��椣��O�@����A���M��O�@����A���A�а��H�U�@�~�G
- ��w���T���s���C�T�O��w����O�@��A���M����O�@��A�����s�����P�C�w��U���w�]�s�����G
- 443 (���O�@����A��)
- 80 (��O�@����A��)
- ��� UNIX �� Linux�A�бҥΤ��ڥؿ� chroot �S�ʡC����O�@����A��3�ӰѷӨϥ� chroot ���s�ɦV�����ڥؿ�C
chroot ���\�z�إ߲ĤG�Ӯڥؿ�A�H�����A���ϥίS�w���ؿ�C�N�ϥΦ��S�ʨӫO�@����O�@����A���C�Ҧp�A�z�i�H�N�ڥؿ�]�w�� /d1/ms�C����AWeb ��A���C���xզs��ڥؿ�A���|�u����o /d1/ms�C�p�G�xզs��O /dev�A�h�|��o /d1/ms/dev �����C�o���\�z�b UNIX/Linux �t�ΤW��� Web ��A���A�ӵL�ݱ¤������ڮڥؿ�U�����ɮת��s���v���C
��O�A�p�G�ϥΪ��O chroot�A�h�ݭn�b�%N�ڥؿ�U�]�w Sun ONE Web Server �һݪ�����ؿ�c�A�p�U�ϩҥܡG
chroot �ؿ�c�d��
�����&�A�����O��w chroot
�i�H�z�L���H�U�B�J�����&�A�����O��w chroot �ؿ�G
- �s�� [Server Manager] �ñq�U�Ԧ��M�椤����A����ҡC
- ��� [Virtual Server Class] ���ҡC
- ��@�U [Edit Classes] �s���C
- �T�w�Ʊ�b�䤤��w chroot �����O�� [Option] �]�w�� [Edit]�C
- ��@�U�����O�� [Advanced] ��s�C
�ù�W�|��� [Virtual Servers CGI Settings] �����C
- �b [Chroot] ��줤��J���㪺��|�W�١C
- ��@�U [OK]�C
- ��@�U [Apply]�C
- ��� [Load Configuration Files] �H�ʺA�M�ΡC
�����&�A����w chroot
�i�H�z�L���H�U�B�J���S�w���&�A����w chroot �ؿ�G
- �s�� [Server Manager] �ñq�U�Ԧ��M�����A����ҡC
- ��� [Virtual Server Class] ���ҡC
- �q��A�������˵�A��@�U�n��w chroot �ؿ���&�A�����s���C
- ��� [Settings] ���ҡC
�ù�W�|��� [Settings] �����C
- �b [Chroot Directory] ���䪺 [Set to] ��줤��J���㪺��|�W�١C
- ��@�U [OK]�C
- ��@�U [Apply]�C
- ��� [Load Configuration Files] �H�ʺA�M�ΡC
�z�]�i�H�ϥ� [Class Manager Virtual Servers] ���ҩM [CGI Settings] �s�������&�A����w chroot �ؿ�C
�p�ݦ���p���&�A����w chroot �ؿ��h��T�A�аѾ\�uSun ONE Web Server 6.1 Programmer's Guide�v�C
![��� [Edit Server Certificate] ���ϡC](images/edit.gif)