�� Ű ��

�� 忡�� Ű ��; ��Ͽ� Sun ONE Web Server 6.1�� ; ��ȭ�ϴ� �� մϴ�. �� پ�� ; ��Ͽ� ��͸� ��ȣ�ϰ� ħ�� ׼�� ź��ϸ� ��ϴ� �� ׼�� ϴ� �� մϴ�. Sun ONE Web Server 6.1�� Sun ONE �� Ű��ó�� ԵǾ� �ֽ4ϴ�. �� Ű��ó�� ִ�� ȣ ��뼺�� ϰ�; '�� ǥ�� w��; ��8�� Ǿ�4ϴ�.

�� ; �б� �� Ű ��ȣȭ�� ⺻ ��; �˰� �־�� մϴ�. �� 信�� ȣȭ �� ȣȭ, �� Ű, �� , ��ȣȭ �w�� Ե˴ϴ�. �ڼ�� : Introduction to SSL; ��v�Ͻʽÿ�.

��

��: �ź�; Ȯ��ϴ� ��d�Դϴ�. ��Ʈ��ũ ��ȣ�ۿ��̶�� ƶ�� : �� ٸ� �� ź�; ��Ȯ�� Ȯ��ϴ� ��Դϴ�. �� ; ��ϴ� �� Դϴ�.

��

�� , ȸ�� Ǵ� ��Ÿ ��ü�� ̸�; ��ϴ� �� ͷ� ��Ǹ� �� Ե� �� Ű�� ش� ��ü�� /�� ˻��մϴ�. Ŭ��̾�Ʈ�� ֽ4ϴ�.

�� (�Ǵ� CA)�� ϰ� ��8�� մϴ�. CA�� ͳݿ�� Ǹ��ϴ� ȸ�� 8�� ȸ�� Ʈ�� Ǵ� �ͽ�Ʈ��ݿ�8�� ϴ� �μ�� ֽ4ϴ�. �ٸ� �� ź�; Ȯ��ϴµ� �� ŷ�� ִ� CA�� մϴ�.

�� Ͽ� Ȯ�εǴ� �� Ű�� ü�� ̸�� Ͽ� �� , �� CA�� ̸� �� CA�� "�� "�� Ե˴ϴ�. �� Ŀ� �� ڼ�� : Introduction to SSL; ��v�Ͻʽÿ�.

��

�� ̶� Ŭ��̾�Ʈ�� ź�; Ȯ��ϴ� ��; ��մϴ�. ��, Ưd ��Ʈ��ũ �ּҿ�� å�� ִ� ��ü�� ź�; Ȯ��ϴ� ��Դϴ�.

Ŭ��̾�Ʈ ��

Ŭ��̾�Ʈ ��̶� �� Ŭ��̾�Ʈ�� ź�; Ȯ��ϴ� ��8��, ��, Ŭ��̾�Ʈ ��Ʈ�� ��ϴ� �� ź�; Ȯ��ϴ� ��Դϴ�. �� ź��; �� ִ� ��ó�� Ŭ��̾�Ʈ�� ; �� ֽ4ϴ�.

��

�� ٸ� �� ͺ��̽�� ο�� ֽ4ϴ�. �� ͺ��̽�� ; �� ֽ4ϴ�. �� ν��Ͻ�� ٸ� �� ; �� ֽ4ϴ�.


��	�� ݵ�� ȣȭ ��; ��ϱ� �� ġ�Ǿ�� մϴ�.

�ŷ� ��ͺ��̽� ��

�� û�ϱ� �� ݵ�� ŷ�� ִ� ��ͺ��̽�� մϴ�. Sun ONE Web Server�� Administration Server�� ν��Ͻ�� ü�� ŷ� ��ͺ��̽�� ο�� ֽ4ϴ�. �ŷ� ��ͺ��̽�� ǻ�Ϳ� �� մϴ�.

�ŷ� ��ͺ��̽�� Ű�� Ͽ�8�� й�ȣ�� d�մϴ�. �� ȣȭ�� ; ��Ͽ� �� й�ȣ�� ʿ��մϴ�. ��й�ȣ�� ϴ� �� ؾ� �� ħ: ��й�ȣ �Ǵ� PIN ��; ��v�Ͻʽÿ�.

�ŷ� ��ͺ��̽�� Ű�� ֽ4ϴ�. �̴� Ű�� ̶�� մϴ�. Ű�� : SSL ��ȣȭ�� ˴ϴ�. Ű�� : �� û�ϰ� ��ġ�� մϴ�. �� ġ�Ǹ� �ŷ� ��ͺ��̽�� ˴ϴ�. Ű�� : ��= ��丮�� ȣȭ�Ǿ� ��˴ϴ�.

Administration Server�� ϳ�� ŷ� ��ͺ��̽�� ֽ4ϴ�. �� ν��Ͻ�� ü�� ŷ� ��ͺ��̽�� ο�� ֽ4ϴ�. �� ش� �� ν��Ͻ��8�� ŷ� ��ͺ��̽�� մϴ�.

�ŷ� ��ͺ��̽� ��

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Create Database ��ũ�� ϴ�.

��ͺ��̽�� й�ȣ�� Է��մϴ�.

�ݺ��մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

password.conf ��

�⺻��8�� ϱ� �� ڿ�� Ű ��ͺ��̽� ��й�ȣ�� Է��϶�� w��Ʈ�� % �� ǥ�õ˴ϴ�. �� ۾�8�� % �� Ϸt� ��쿡�� й�ȣ�� password.conf ��Ͽ� �� ƾ� �մϴ�. �ý�� ȣ�Ǿ� �� ϰ� Ű ��ͺ��̽�� v�۵�� ; ��쿡�� ; ��Ͻʽÿ�.

�� UNIX SSL; ��ϴ� �� ϱ� �� й�ȣ�� ʿ��ϹǷ� etc/rc.local �Ǵ� etc/inittab ��; �� 4ϴ�. ��й�ȣ�� Ϲ� �ؽ�Ʈ ��Ͽ� ��Ͽ� SSL; ��ϴ� �� ڵ�8�� 8��, �̴� �� ʽ4ϴ�. �� password.conf ��: ��Ʈ �Ǵ� �� ġ�� /�� ϸ�, �� /�ڸ� �� ; �а� �� ־�� մϴ�.

UNIX�� SSL; ��ϴ� �� й�ȣ�� password.conf ��Ͽ� ��ܵθ� ��Ȼ�� '�� Ŀ��ϴ�. ��Ͽ� �׼�� ִ� ��ڴ� �� SSL; ��ϴ� �� й�ȣ�� ֽ4ϴ�. SSL; ��ϴ� �� й�ȣ�� password.conf ��Ͽ� ��ϱ� �� Ȼ� '�迡 �� ؾ� �մϴ�.

Windows�� NTSF �� ý��; ��ϴ� ��, password.conf ��; �� ʴ� �� ִ� ��丮�� ׼�� f��Ͽ� ��ȣ�ؾ� �մϴ�. ��丮�� % �� ڿ� �б�/�� ־�� մϴ�. ��丮�� ȣ�ϸ� �ٸ� �� ߸�� password.conf ��; �� մϴ�. FAT �� ý�� ׼�� f��ϴ� ��쿡�� 丮�� ȣ�� 4ϴ�.

SSL �� ڵ� ��

��Ȼ� '��; ��d�� ʴ� �� =�� SSL; ��ϴ� �� ڵ�8�� ֽ4ϴ�.

SSL�� Ǵ�� Ȯ��մϴ�.

�� ν��Ͻ�� config ��' ��丮�� password.conf ��; �� ϴ�.

�� Բ� f��Ǵ� �� PKCS#11 ��Ʈ�� ȣȭ ��; ��ϴ� ��쿡�� = d�� Է��մϴ�.

internal:your_password

�ٸ� PKCS#11 ��(�ϵ�� ȣȭ �Ǵ� �ϵ�� ӿ�); ��ϴ� ��쿡�� ش� PKCS#11 �� ̸�� й�ȣ�� d�մϴ�. �� =�� 4ϴ�.

nFast:your_password

�� ~�� ٽ� ��Ͽ� �� ǵ�� մϴ�.

password.conf ��; �� Ķ� % �� ׻� ��й�ȣ�� Է��϶�� w��Ʈ�� ǥ�õ˴ϴ�.

VeriSign �� û �� ġ

VeriSign: Sun ONE Web Server�� Ǵ� �� Դϴ�. VeriSign�� VICE �w��; ��ϸ� �� û �wμ�� ֽ4ϴ�. VeriSign�� b ȸ�� ִٴ� ��a�� ֽ4ϴ�.

�� ŷ� ��ͺ��̽�� û�ϰ� �̸� ��(CA)�� f�� ֽ4ϴ�. ȸ�翡 �� CA�� ִ� ��쿡�� ش� CA�� û�մϴ�. �� CA�κ�� ȹ�� 쿡�� CA�� ϰ� �ʿ�� d�� ִ�� մϴ�. Request a Certificate �� ϰ� �ش� ��Ʈ�� ũ�� ֽ4ϴ�. CA�� ʿ�� Ϳ� �� ڼ�� : Request a Certificate�� ִ� Server Administrator �Ǵ� Server Manager Security �� ִ� �� ; ��v�Ͻʽÿ�.

Administration Server�� ϳ�� ο�� ֽ4ϴ�. �� ν��Ͻ�� ü�� ο�� ֽ4ϴ�. �� ν��Ͻ� �� ֽ4ϴ�.

VeriSign �� û

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Request VeriSign Certificate ��ũ�� ϴ�.

�ʿ�� d; Ȯ��մϴ�.

OK�� ϴ�.

VeriSign �� մϴ�.

VeriSign �� ġ

VeriSign �� û�ϰ� �̿� �� ; ��8�� 3�� ̳�� Install VeriSign Certificate �� Ӵٿ� ��Ͽ� �� ǥ�õ˴ϴ�. VeriSign �� ġ�Ϸx� ��=�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Install VeriSign Certificate ��ũ�� ϴ�.

�ܺ� ��ȣȭ ��; �� ʴ� ��, ��ȣȭ �� Ӵٿ� ��Ͽ�� internal(software); ��մϴ�.

Ű �� й�ȣ �Ǵ� PIN; �Է��մϴ�.

��Ӵٿ� ��Ͽ�� Transaction ID to Retrieve�� մϴ�.

�� ׸�; ��մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

��Ÿ �� û �� ġ

VeriSign �ܿ�� ٸ� �� û�Ͽ� ��ġ�� ֽ4ϴ�. Request a Certificate�� Server Administrator�� Server Manager Security �� CA �� ֽ4ϴ�. ȸ�糪 v�� ü�� f�� ֽ4ϴ�. ��⿡�� ٸ� ~�� û�ϰ� ��ġ�ϴ� �� մϴ�.

�ʼ� CA d��

��û �wμ�� ϱ� �� CA�� 䱸�ϴ� d�� ˾ƾ� �մϴ�. �� CA �Ǵ� �� CA �� û�� ΰ�� = d�� f��ؾ� �մϴ�.

�� ̸��� DNS vȸ�� Ǵ� /ȿ�� ȣ��Ʈ �̸�; ��d�մϴ�(��: www.sun.com). �̴� �� Ʈ�� ϴ� URL �� ȣ��Ʈ �̸��Դϴ�. �̵� �̸� �� ġ�� 8�� Ŭ��̾�Ʈ�� ̸�� Ʈ �̸�� ġ�� ʴ´ٴ� �� ź�� ǽ� �ް� �˴ϴ�. CA�� 䱸 �� ٸ� �� 8�Ƿ� �ݵ�� ش� CA�� Ȯ��ؾ� �մϴ�.

�� ּ��� ּ��Դϴ�. �� ּҴ� CA�� ǰ� ��ȯ; '�Ͽ� ��˴ϴ�.

v���� ȸ��, ��0 ��, ��°�� , �� ̸�; ��d�մϴ�. ��κ�� CA�� d�� (�� )�� Ȯ�� ; �䱸�մϴ�.

v�� ' Unit�� ȸ�� v�� ; �Է��ϴ� �� ʵ��Դϴ�. �� ȸ�� ̸�;(�ֽ�ȸ��, �� ��; f��ϰ�) �˸�� ֽ4ϴ�.

��/��/���� ʵ�� v�� /�� Ǵ� �� Է��մϴ�.

��/���� ʼ� �׸�� ƴ�� CA�� 䱸�ϴ� ��쵵 �ֽ4ϴ�. ��κ�� CA�� ڸ� �� 8��, �ش� CA�� Ȯ��ϴ� �� }4ϴ�.

���� ʼ� �ʵ�� ̸�� ڸ� ��ڸ� ��d�մϴ�(ISO ��). �̱�� ڵ�� US�Դϴ�.

�� d�� DN(Distinguished Name)�̶�� ϴ� �Ϸ�� Ӽ� �� 8�� v�յǾ� �� ü�� /�ϰ� ��մϴ�.

�� CA�� ϴ� ��쿡�� ݵ�� CA�� Ͽ� �� ϱ� '�Ͽ� �ʿ�� ߰� d�� ִ�� Ȯ��ؾ� �մϴ�. ��κ�� CA�� źп� �� ; �䱸�մϴ�. �� , ȸ�� ̸�� Ȯ��, ȸ�簡 �� ϵ�� d�� ; Ȯ��ϸ� ��ڰ� f��ϴ� d�� ִ�� Ȯ�� Դϴ�.

�Ϻ� �� CA�� Ϻ�� ź�; f��ϴ� v��̳� ��ο�� ڼ��ϰ� dȮ�� f��մϴ�. �� , ��ڰ� www.sun.com ��ǻ�Ϳ� �� ڿ�� ִ�� Ȯ�� ʾ�8��, 3�Ⱓ �濵�ؿ� ȸ�� /�� ? �Ҽ�� ٴ� ��; ǥ��ϴ� �� ֽ4ϴ�.

��Ÿ �� û

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Request a Certificate ��ũ�� ϴ�.

�ű� �� Ǵ� �� մϴ�.

�� κ� 6��̳� 1�� , ��d �ð�� ϸ� ��ȿȭ�˴ϴ�. CA�� ڵ�8�� ; �۽��ϴ� ��쵵 �ֽ4ϴ�.

�� û; f��ϴ� ��; ��d�Ϸx� ��=�� մϴ�.

CA�� ޽�� û�� ۽��ؾ� �ϴ� ��쿡�� CA Email; ��ϰ� CA�� ּҸ� �Է��մϴ�. CA�� ; ��x� List of available certificate authorities�� ϴ�.

Netscape Certificate Server�� ϴ� �� CA�� û�Ϸx� CA URL; �� Certificate Server�� URL; �Է��մϴ�. �� URL: �� û; ó��ϴ� �� wα׷�; ��Ű�� URL�̾�� մϴ�. URL�� =�� 4ϴ�. https://CA.mozilla.com:444/cms.

��Ӵٿ� ��Ͽ�� û�� Ű�� Ͽ� ��ȣȭ ��; ��մϴ�.

Ű�� Ͽ� ��й�ȣ�� Է��մϴ�.

�� ƴ� �ٸ� ��ȣȭ ��; �� : ��, �� й�ȣ�� ŷ� ��͸� �� d�� й�ȣ�Դϴ�. �� й�ȣ

�� Ͽ� �� Ű�� ϰ� CA�� ۵Ǵ� �޽�� ȣȭ�մϴ�. �׷� ��, �� �� Ű�� ȣȭ�� ޽�� CA�� մϴ�. CA�� Ű�� Ͽ� �޽�� ص��մϴ�.

ID d�� Է��մϴ�.

�� d�� : CA�� ٸ��ϴ�. �� ʵ忡 �� Ϲ�� : Request a Certificate�� ִ� Server Administrator �Ǵ� Server Manager Security �� ִ� �� ; ��v�Ͻʽÿ�. �� d�� κ�: �� 쿡�� ʿ�� ʽ4ϴ�.

�Է�� dȮ�� ٽ� �� Ȯ��մϴ�.

d�� dȮ�� ε� �� ֽ4ϴ�. ��û�� ; '�� 쿡�� û; f��ϱ� �� d�� Ȯ��϶�� w��Ʈ�� ǥ�õ� ��Դϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

�� d�� ϴ� �� û; ��մϴ�. ��û�� Ű�� Ͽ� �� Ե˴ϴ�. CA�� ; ��Ͽ� ��û�� ǻ�Ϳ�� CA�� õǴ� �� v�۵�� ʾҴ�� ˻��մϴ�. �幰�� û�� v�۵� ��쿡�� CA�� ȭ�� Ͽ� ��ڿ�� մϴ�.

��û; �� Ϸ� �� û�� Ե� �� ޽�� ۼ��ϰ� �޽�� CA�� մϴ�. �� , �� ; ��Ͽ� ȸ�ŵ˴ϴ�. �� URL; ��d�ϴ� ��쿡�� URL; ��Ͽ� ��û; Certificate Server�� f��մϴ�. CA�� ȸ��: �� ; ��ϰų� �ٸ� ��; ��Ͽ� ��ŵ˴ϴ�.

CA�� ࿡ ��ϴ� �� ش� ��; ��մϴ�. ��κ�� CA�� ; ��Ͽ� �� մϴ�. ȸ�翡�� ϴ� �� ; ��Ͽ� �� ˻�� ֽ4ϴ�.

�� : ��, �̸� ��ġ�� ֽ4ϴ�. �� ȿ�� SSL �� ֽ4ϴ�.

��Ÿ �� ġ

CA�� ϸ� �� Ű�� ȣȭ�ǹǷ� �� ͻ縸 �̸� �ص�� ֽ4ϴ�. �� dȮ�� ŷ� ��ͺ��̽�� й�ȣ�� Է��ؾ߸� �� ص��ϰ� ��ġ�� ֽ4ϴ�.


��	�� CA�� û�ϴ� �� Ǵ� ��: �ƴմϴ�. ��: CA�� ϱ� �� ź� ��; �䱸�մϴ�. �� ο�� Ϸ翡�� ޱ�� ɸ� �� ֽ4ϴ�. ��ڴ� CA�� ʿ�� d�� ż�� f�� å�� ֽ4ϴ�.

Ŭ��̾�Ʈ�� f�� ü ��

�� ü�ο�� CA�� ü ��

�ŷڵ� CA��

�� ü��̶� �� Ϸ�� մϴ�. CA �� (CA); Ȯ��ϰ� �ش� �� ϴ� �� ˴ϴ�. �� CA �� ٽ� ��' CA�� CA �� Ͽ� ��Ǵ� ��d; ��Ǯ��Ͽ� ��Ʈ CA�� ̾��ϴ�.

CA�� ϸ� �� Ű�� ȣȭ�ǹǷ� �� ͻ縸 �̸� �ص�� ֽ4ϴ�. �� ġ�ϸ� �� d�� Ű �� й�ȣ�� Ͽ� �̸� �ص��մϴ�. �� ; �� ׼�� ִ� �ٸ� 'ġ�� ϰų� �� ؽ�Ʈ�� Install Certificate �� ش� 'ġ�� ٿ� ��; �� ֵ�� մϴ�.

�� ġ


��	CA�� ڵ�8�� ʴ� ��쿡�� û�ؾ� �մϴ�. ��: CA�� ͻ�� ִ� �� Ͽ� ��ü�� ϸ�, �� ÿ� ��ġ�մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Install Certificate ��ũ�� ϴ�.

��ġ�ϴ� �� /��; ��մϴ�.

This Server�� ϴ� �� Դϴ�.

Server Certificate Chain: �� ü��; ��ϴ� CA�� Դϴ�.

Trusted Certificate Authority(CA)�� Ŭ��̾�Ʈ ��; '�Ͽ� �ŷڵ� CA�� Ϸt� CA�� Դϴ�.

��Ӵٿ� ��Ͽ�� Cryptographic Module; ��մϴ�.

Ű�� й�ȣ�� Է��մϴ�.

�� ν��Ͻ��8�θ� �� 쿡�� ̸� �ʵ带 �Է�� ʽ4ϴ�. �׷�� : ��쿡�� =�� մϴ�.

�� ˴ϴ�.

�� ν��Ͻ�� /�� ̸�; �Է��մϴ�.

�� ƴ� ��ȣȭ �� ˴ϴ�.

�� ȣȭ ��⿡ �ִ� �� ν��Ͻ�� /�� ̸�; �Է��մϴ�.

�̸�; �Է��ϸ� Manage Certificates ��Ͽ� ǥ�õǹǷ� �� ̸�; �Է��Ͻʽÿ�. �� "United States Portal Service CA"�� CA�� ̸��̸� "VeriSign Class 2 Primary CA"�� CA�� /��; �� Ÿ�4ϴ�. �� ̸�; �Է�� 8�� ⺻�� ˴ϴ�.

��= �� մϴ�.

�� ޽�� ü �� Է�

�޽�� ؽ�Ʈ(�� ) �� ؽ�Ʈ �ٿ� �ֱ�

�ؽ�Ʈ�� Ͽ� �ٿ� ��: �� ݵ�� "Begin Certificate" �� "End Certificate"�� °� �Բ� ��ؾ� �մϴ�.

OK�� ϴ�.

��= �� մϴ�.

Add Certificate. �ű� �� ġ�ϴ� ��

Replace Certificate. �� ; ��ġ�ϴ� ��

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

�� ͺ��̽�� ˴ϴ�. �� ̸�: <��Ī>-cert8.db�Դϴ�. �� =�� 4ϴ�.

��׷��̵�� ̱׷��̼�

iPlanet Web Server 4.1�̳� 6.0�� ̱׷��̼��ϴ� �� ŷ� �� ͺ��̽�� Ͽ� �� ڵ�8�� Ʈ�˴ϴ�.

Ű�� ; ��ϴ� ��쿡�� ̱׷��̼ǵ˴ϴ�. �� Administration Server �� Server Management �� ִ� Security ��; ��Ͽ� Ű�� ̱׷��̼�� ֽ4ϴ�.

�� Ű�� : �� ν��Ͻ�� ִ� ��Ī�� Ͽ� ��v�Ǿ�4ϴ�. Administration Server�� Ī�� ش� �� ߽4ϴ�. Sun ONE Web Server 6.1�� Administration Server�� ν��Ͻ�� ü�� Ű�� 8��, �̴� ��Ī�� ƴ� �ŷ� �� մϴ�.

Administration Server�� 쿡�� ü��, �� ν��Ͻ�� 쿡�� Server Manager�� Ե� �� ; ��Ͽ� �ŷ� ��ͺ��̽�� ش� �� մϴ�. ��f �� Ű�� ͺ��̽� ��: �̸� ��ϴ� �� ν��Ͻ�� ̸�; �� ̸�� d�˴ϴ�. �� ν��Ͻ�� Ī; ��/�� , �� Ű�� ̸�: ��ο� �� ν��Ͻ��8�� ˴ϴ�.

�� ν��Ͻ�� ŷ� ��ͺ��̽� ��ü�� ̱׷��̼ǵ˴ϴ�. �� ͺ��̽�� ִ� �� Sun ONE Web Server 6.1 ��ͺ��̽�� ̱׷��̼ǵ˴ϴ�. CA�� ߺ��Ǵ� �� /ȿ �Ⱓ �� CA�� մϴ�. �ߺ��Ǵ� CA�� f�ϸ� �� ˴ϴ�.

�� Ʈ ��

��8�� ε�� ִ� ��Ʈ �� Sun ONE Web Server 6.1�� ԵǾ� ��8��, ��⿡�� VeriSign; ��Ͽ� ��: CA�� Ʈ �� ֽ4ϴ�. ��Ʈ �� ; ��ϸ� �� ξ� �� Ʈ �� ű� ��8�� ׷��̵�� ֽ4ϴ�. �� 7�� Ʈ �� ϳ�� f�ϰ� �� ϳ�� ġ�ؾ� �߽4ϴ�. ��f �� ˷�� CA �� ġ�ϴ� ��, �� Sun ONE Web Server�� ű� ��̳� Service Pack�� ǥ�� ; �ű� ��8�� Ʈ�ϸ� �˴ϴ�.

��Ʈ �� PKCS#11 ��ȣȭ �� ǹǷ� ��⿡ ��Ե� ��Ʈ �� f�� 8��, �ش� �� ϴ� �� f �ɼ�: �� ˴ϴ�. �� ν��Ͻ�� Ʈ �� f��Ϸx� �� alias ��Ͽ�� =; ��f�Ͽ� ��Ʈ �� ; �� ʵ�� d�ؾ� �մϴ�.

libnssckbi.so(��κ�� UNIX �÷�� )

libnssckbi.sl(HP-UX)

nssckbi.dll(Windows)

�� , ��Ʈ �� ; ��Ϸx� bin/https/lib(UNIX �� HP) �Ǵ� bin\https\bin(Windows)�� Ȯ�� ; ��Ī ��' ��丮�� ϸ� �˴ϴ�.

��Ʈ �� ŷ� d�� d�� ֽ4ϴ�. �ŷ� d�� Ʈ �� ü�� ƴ϶� ��ϴ� �� ν��Ͻ�� ͺ��̽�� ϵǾ� �ֽ4ϴ�.

��

�� ġ�� پ�� ŷ� ��d; Ȯ��, ��f �Ǵ� �� ֽ4ϴ�. ��⿡�� ͻ� ��ü�� CA�� Ե˴ϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Manage Certificates ��ũ�� ϴ�.

�� ȣȭ ��; ��ϴ� �⺻ �� ϴ� ��쿡�� ġ�� ش� /�� /ȿ �Ⱓ�� Բ� ǥ�õ˴ϴ�. �� server_root/alias�� ˴ϴ�.

�ϵ�� ӱ� �� ܺ� ��ȣȭ ��; ��ϴ� ��쿡�� 켱 �ش� �� ȣ�� Է��ϰ� OK�� մϴ�. �� ش� ��⿡ �ִ� �� Ͽ� ��Ʈ�˴ϴ�.

��Ϸt� Certificate Name; ��ϴ�.

�ش� /�� ɼ�� ִ� Edit Server Certificate �� ǥ�õ˴ϴ�. �� CA �� 쿡�� Ŭ��̾�Ʈ �ŷڸ� ��d �Ǵ� ��f�� ֽ4ϴ�. �ܺ� ��ȣȭ ��⿡ �� f�� 쵵 �ֽ4ϴ�.

Edit Server Certificate
Edit Server Certificate â: �׸�� ̴� �Ͱ� ��4ϴ�.

Edit Server Certificate â�� = �ɼ�; �� ֽ4ϴ�.

Delete Certificate �Ǵ� Quit - ��

Set client trust, Unset server trust �Ǵ� Quit - CA ��

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

�ŷ� ��d; �̿��Ͽ� Ŭ��̾�Ʈ �ŷڸ� ��d�ϰų� �� ŷڸ� ��f�� ֽ4ϴ�. LDAP �� ݵ�� ŷڵǾ�� մϴ�.

CRL �� KRL ��ġ/��

�� öȸ ��(CRL)�� v�� Ű ��(CKL): Ŭ��̾�Ʈ�� ڰ� �� ̻� �ŷ��ϸ� �� Ǵ� �� ǥ��մϴ�. �� /ȿ �Ⱓ�� ڰ� �繫��; ��ϰų� ��ϴ� �� Ͱ� ��Ǹ� �� ҵǸ� CRL�� ش� ��Ͱ� ǥ�õ˴ϴ�. Ű�� v�� Ǵ� ��Ǵ� �� ش� Ű�� Ͱ� CKL�� ǥ�õ˴ϴ�. CRL�� CKL: �� CA�� Ͽ� �� ֱ��8�� Ʈ�˴ϴ�.

CRL �Ǵ� CKL ��ġ

CRL�̳� CKL; �ٿ�ε�� CA�� URL; Ȯ��մϴ�.

�� URL; �Է��Ͽ� ��Ʈ�� ̵��մϴ�.

CA�� ? �� CRL �Ǵ� CKL; �� 丮�� ٿ�ε��մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Install CRL/CKL ��ũ�� ϴ�.

��= �� մϴ�.

Certificate Revocation List

Compromised Key List

�ش� �� ü �� ̸�; �Է��մϴ�.

OK�� ϴ�.

Certificate Revocation List�� ϸ� CRL d�� ִ� Add Certificate Revocation List �� ǥ�õ˴ϴ�.

Compromised Key List�� ϸ� CKL d�� ִ� Add Compromised Key List �� ǥ�õ˴ϴ�.



��	��ͺ��̽�� ̹� CRL �Ǵ� CKL �� ִ� ��쿡�� Replace Certificate Revocation List �Ǵ� Replace Compromised Key List �� ǥ�õ˴ϴ�.

Add�� ϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

CRL �� CKL ��

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Manage CRL/CKLs ��ũ�� ϴ�.

Manage Certificate Revocation List/Compromised Key List �� Ÿ�� ġ�� CRL�� CKL �� /ȿ �Ⱓ�� Բ� ǥ�õ˴ϴ�.

Server CRL �Ǵ� Server CKL ��Ͽ�� Certificate Name; ��մϴ�.

��=; ��մϴ�.

Delete CRL

Delete CKL

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

�� ⺻ ��d

�� , �� ۾�; �� ֽ4ϴ�. Sun ONE Web Server�� پ�� Ұ� f��˴ϴ�.

��ȣȭ�� d�� ȯ�Ͽ� �ǵ�� ܿ� �ƹ�� ˾ƺ� �� ϴ� �wμ��Դϴ�. ��ȣȭ�� ȣȭ�� d�� ȯ�Ͽ� �ٽ� �˾ƺ� �� ֵ�� ϴ� �wμ��Դϴ�. Sun ONE Web Server 6.1: SSL �� TLS ��ȣȭ �w��; ��մϴ�.

��ȣ�� ȣȭ �˰?��(�� Լ�)8�� ȣȭ �Ǵ� ��ȣȭ�� ˴ϴ�. SSL �� TLS �w��ݿ�� پ�� ȣ fǰ�� Ե˴ϴ�. �� ȣ�� ٸ��ϴ�. �Ϲ��8�� ȣ�� ϴ� ��Ʈ�� ;�� ͸� �ص��ϴ� �� ƽ4ϴ�.

�� ȣȭ �wμ�� ʿ�� ݵ�� ȣ�� ־�� մϴ�. �پ�� ȣ�� 8�Ƿ� �� 8�� Ǵ� ��ȣ��8�� d�ؾ� �մϴ�.

�� ῡ�� Ŭ��̾�Ʈ�� ſ� �� ִ� �� ȣȭ�� ϵ�� մϴ�. ��ȣ�� SSL2, SSL3 �� TLS �w�� ֽ4ϴ�.

��ȣȭ �wμ�� ü�δ� �� d�� ϴ� �� ʽ4ϴ�. ��f�� ȣȭ �� ų� �� ȣȭ�� d�� ص��Ϸx� ��ȣȭ ��ȣ�� Բ� Ű�� Ǿ�� մϴ�. �̸� '�ؼ� ��ȣȭ �wμ�� Ű�� Ű �� Ű�� ˴ϴ�. �� Ű�� ȣȭ�� d�� Ű�θ� �ص�� ֽ4ϴ�. �� Ű�� Ϻη� �� Ű�� ȣ�˴ϴ�.


��	SSL �� 2.0 �� Ȱ� �� Ǿ�8�Ƿ� SSL3; �� ִ� Ŭ��̾�Ʈ�� ƴ� ��쿡�� SSL2�� ϸ� �� ˴ϴ�. Ŭ��̾�Ʈ �� SSL 2 ��ȣ�� ۵��ǵ�� ʽ4ϴ�.

�پ�� ȣ fǰ�� Ű �� ڼ�� : Introduction to SSL; ��v�Ͻʽÿ�.

�� ִ� ��ȣ�� d�Ϸx� ��Ͽ�� ش� ��; ��մϴ�. Ưd ��ȣ�� ϸ� �� Ǵ� �� /�� ʴ� ��, �� ؾ� �մϴ�. �׷�� ȣȭ�� ġ�� ʴ� ��ȣ�� ; ��Դϴ�.

SSL �� TLS �w��

Sun ONE Web Server 6.1: ��ȣȭ ��ſ�8�� SSL(Secure Sockets Layer) �� TLS(Transport Layer Security) �w��; ��մϴ�. SSL�� TLS�� ?� �wα׷� ~�� w��ݷ� �?� �wα׷�� ϰ� ��ġ�� ֽ4ϴ�.

SSL�� TLS �w��: �� Ŭ��̾�Ʈ�� θ� ��ϰ�, �� ϸ� �� Ű�� d�ϴ� �� ۾� ��Ǵ� �پ�� ȣ�� մϴ�. Ŭ��̾�Ʈ�� ϴ� �w��, ��ȣȭ d�� ȸ�� då, ��ȣȭ�� Ʈ�� ⿡ �� d�� f ��, �پ�� ο� �� ϴ� ��ȣ fǰ�� ޶��ϴ�. �ٸ� �� SSL�� TLS �ڵ��ũ �w��ݿ� �� Ŭ��̾�Ʈ�� ſ� �� ȣ fǰ��; ��ϴ� ��; ��d�˴ϴ�.

LDAP�� ſ� SSL ��

Administration Server�� SSL; ��Ͽ� LDAP�� ϵ�� ؾ� �մϴ�. Administration Server�� SSL; ��ϵ�� d�Ϸx� ��=�� մϴ�.


��	"No Encryption, only MD5 message authentication"; ��ϸ� �� ˴ϴ�. Ŭ��̾�Ʈ�� ٸ� ��ȣ�� d; �⺻��8�� ǵ�� ȣȭ�� ʽ4ϴ�.

Administration Server�� ׼��ϰ� Global Settings ��; ��մϴ�.

Configure Directory Service ��ũ�� ϴ�.

Yes to use Secure Sockets Layer(SSL) for connections�� մϴ�.

Save Changes�� ϴ�.

OK�� Ʈ�� SSL; �� LDAP�� ⺻ ��Ʈ�� մϴ�.

û�� Ͽ� �� d

��

û�� Ͽ� ��

��ȣ ��

��

û�� Ͽ�8�� ٸ� �� d; ��ϱ� �� ݵ�� ; ��ϵ�� d�ؾ� �մϴ�. ��: �� û�� ; ��ų� ��x û�� ; �� d�� ֽ4ϴ�.

û�� ; �� d

Server Manager�� ׼��ϰ� ��Ӵٿ� ��Ͽ�� û�� ; �� ν��Ͻ�� մϴ�.

Preference �� ǥ�õ�� ʾ�8�� Ͽ� ǥ��մϴ�.

Edit Listen Sockets ��ũ�� մϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

New ��ư; ��ϴ�.

Add Listen Socket �� ǥ�õ˴ϴ�.

�ʿ�� d�� Է��ϰ� �⺻ �� մϴ�.

��; ��Ϸx� Security ��Ӵٿ� ��Ͽ�� Enabled�� մϴ�.

OK�� ϴ�.

Apply�� Restart�� ; ��մϴ�.



��	û�� ; �� d; ��Ϸx� Edit Listen Sockets ��ũ�� ؾ� �մϴ�.

û�� ; �� d

�� Administration Server�� Server Manager�� û�� ; �� ; ��ϵ�� d�� ֽ4ϴ�. û�� ; �� ; ��ϵ�� d�Ϸx� ��=�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Preference �� ǥ�õ�� ʾ�8�� Ͽ� ǥ��մϴ�.

Edit Listen Sockets ��ũ�� մϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

û�� ; ��Ϸx� ��Ϸt� û�� Listen Socket ID�� ϴ�.

Edit Listen Socket �� ǥ�õ˴ϴ�.

�ش� û�� ; ��Ϸx� Security ��Ӵٿ� ��Ͽ�� Enabled�� մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

û�� Ͽ� ��

Administration Server�� Server Manager�� û�� ; ��Ͽ� ��û �� ġ�� ֽ4ϴ�.


��	�ݵ�� ġ�� ̻� �־�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Edit Listen Sockets ��ũ�� մϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

û�� ; ��Ϸx� ��Ϸt� û�� Listen Socket ID�� ϴ�.

Edit Listen Socket �� ǥ�õ˴ϴ�.

�ش� û�� ; ��Ϸx� Security ��Ӵٿ� ��Ͽ�� Enabled�� մϴ�.



��	�ܺ� �� ġ�� 쿡�� ϱ� �� Manage Server Certificates �� ܺ� �� ȣ�� 䱸�ϴ� �޽�� ǥ�õ˴ϴ�.

Server Certificate ��Ӵٿ� ��Ͽ�� ش� ��Ͽ� �� մϴ�.

�� Ͽ�� ġ�� ܺ� �� ǥ�õ˴ϴ�.



��	��ġ�� Server Certificate Name ��Ӵٿ� �� ޽�� ǥ�õ˴ϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

��ȣ ��

% �� ; ��ȣ�Ϸx� SSL; ��ϵ�� d�ؾ� �մϴ�. SSL 2.0, SSL 3.0 �� TLS ��ȣȭ �w��; �� 8�� پ�� ȣ fǰ��; �� ֽ4ϴ�. SSL�� TLS�� Administration Server�� û�� Ͽ�� ϵ�� d�� ֽ4ϴ�. Server Manager�� û�� Ͽ�� SSL �� TLS�� ϸ� �ش� û�� Ͽ� �� ⺻ ��d�� d�˴ϴ�.

��ȵ�� : �� ϴ� ��, �ش� �� ; �� ʵ�� d�� û�� Ͽ� ��Ǿ�� մϴ�.

�⺻ ��d�� Ǵ� ��ȣ�� մϴ�. Ưd ��ȣ�� ϸ� �� Ǵ� �� /�� ʴ� ��, �� ؾ� �մϴ�. Ưd ��ȣ�� ڼ�� : Introduction to SSL; ��v�Ͻʽÿ�.


��	�ݵ�� ġ�� ̻� �־�� մϴ�.

tlsrollback �Ű� �� ⺻ �� d: true�Դϴ�. �̷�� ϸ� �� ߰��(man-in-the-middle) �� ѹ� �� õ�� ֽ4ϴ�. TLS ǥ��; �߸� �� Ϻ� Ŭ��̾�Ʈ�� ȣ ��뼺; '�Ͽ� �� d; false�� ؾ� �ϴ� ��쵵 �ֽ4ϴ�.

tlsrollback; false�� d�ϸ� �� ѹ� ��ݿ� ��ٴ� a�� /��Ͻʽÿ�. �� ѹ� ��: f 3�ڰ� Ŭ��̾�Ʈ�� Ͽ�� SSLv2 �� w��; ��ϵ�� ϴ� ��Դϴ�. SSLv2�� ˷�� 8�Ƿ� �� ѹ� ��; �� ϴ� �� f 3�ڰ� ��ȣȭ�� ; ��ä�� ص�� ֽ4ϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�. �� û�� Ͽ� �� Edit Listen Socket �� ȣ ��d�� ǥ�õ˴ϴ�.



��	û�� Ͽ�� Security�� ʴ� ��쿡�� SSL �� TLS d�� ǥ�õ�� ʽ4ϴ�. ��ȣ�� Ϸx� �� û�� Ͽ�� ǵ�� d�ؾ� �մϴ�. �ڼ�� : "û�� Ͽ� �� d"; ��v�Ͻʽÿ�.

�ʿ�� ȣȭ ��d�� ش��ϴ� ��ö�; ��մϴ�.



��	Netscape Navigator 6.0�� TLS�� SSL 3; �� մϴ�. TLS Rollback�� TLS�� ϰ� SSL 3�� SSL2�� 8�� d�Ǿ�� Ȯ��մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.



��	û�� Ͽ� ��; ��ϵ�� d�ϰ� �� ; ��ϸ� magnus.conf �� ڵ�8�� d�Ǿ� �� ǥ�õǸ�, �ش� û�� Ͽ� �� ⺻ �� Ű� �� d�˴ϴ�.

�� SSL; �� d�ϸ� URL: http�� ƴ� https�� մϴ�. SSL; ��ϴ� �� Ű�� URL�� : ��=�� 4ϴ�.

�⺻ �� http ��Ʈ ��ȣ(443); ��ϴ� �� URL�� Ʈ ��ȣ�� Է�� ʾƵ� �˴ϴ�.

��

SSL; ��ϴ� �� ġ�ϸ� magnus.conf��(�� ⺻ �� )�� Ű� �� ù� �׸�� ϴ�. �� d�� ۵��Ϸx� Security�� ݵ�� "on"8�� d�Ǿ�� մϴ�. �� SSL �� d�� server.xml �� SSLPARAMS ��ҿ� �ֽ4ϴ�.

Server Manager�� ׼��ϰ� ��Ӵٿ� ��Ͽ�� ش� �� ν��Ͻ�� մϴ�.

��Ϸt� û�� Ͽ�� ; ��ϴ�� Ȯ��Ͻʽÿ�. ��; ��ϵ�� d�Ϸx� ��=�� մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

��; ��ϵ�� d�Ϸt� û�� Ͽ� �ش��ϴ� Listen Socket ID�� ϴ�.

�̷�� ϸ� Edit Listen Socket �� ̵��մϴ�.

Security ��Ӵٿ� ��Ͽ�� Enabled�� մϴ�.

OK�� ϴ�.

Magnus Editor ��ũ�� ϴ�.

��Ӵٿ� ��Ͽ�� SSL Settings�� ϰ� Manage�� ϴ�.

��= �׸�� ; �Է��մϴ�.

SSLSessionTimeout

SSLCacheEntries

SSL3SessionTimeout

OK�� ϴ�.

Apply�� Restart�� ; ��մϴ�.

SSLSessionTimeout

��

�� ĳ�õ� SSL �� /ȿ �ð�; �� '�� Է��մϴ�. �⺻��: 100�Դϴ�. SSLSessionTimeout ��ù�� d�Ǹ� �� ' ��: �ڵ�8�� 5�� 100�ʷ� f�ѵ˴ϴ�.

SSLCacheEntries

SSL3SessionTimeout

SSL3SessionTimeout ��ù�: SSL3 �� TLS �� ĳ��; f��մϴ�.

��

�� ĳ�õ� SSL3 �� /ȿ �ð�; �� '�� Է��մϴ�. �⺻��: 86400(24�ð�)�Դϴ�. SSL3SessionTimeout �� d�Ǹ� �� ' ��: �ڵ�8�� 5�� 86400�ʷ� f�ѵ˴ϴ�.

�ܺ� ��ȣȭ ��

Sun ONE Web Server 6.1: ��Ʈ ī�峪 ��ū �� ܺ� ��ȣȭ ��; ��ϴ� ��=�� ; ��մϴ�.

FIPS-140 ��ȣȭ ǥ��; ��ϱ� �� PKCS#11 ��; �߰��ؾ� �մϴ�.

PKCS#11 �� ġ

Sun ONE Web Server�� PKCS(Public Key Cryptography Standard)#11; ��մϴ�. �̴� SSL�� PKCS#11 �� ſ�8�� Ǵ� ��̽�� d��մϴ�. PKCS#11 ��: SSL �ϵ�� ӱ⿡ �� ǥ�� 8�� ˴ϴ�. �ܺ� �ϵ�� ӽÿ�8�� n�� Ű�� secmod.db�� Ǹ�, �� : PKCS#11�� ġ�� ˴ϴ�.

modutil; ��Ͽ� PKCS#11 �� ġ

modutil �� Ͽ� PKCS#11 ��; .jar �� Ǵ� ��ü �� ·� ��ġ�� ֽ4ϴ�.

Administration Server�� Ͽ� �� ~��Ǿ�� մϴ�.

��ͺ��̽�� ִ� server_root/alias ��丮�� ̵��մϴ�.

server_root/bin/https/admin/bin; PATH�� ߰��մϴ�.

server_root/bin/https/admin/bin�� modutil; ã�4ϴ�.

ȯ��; ��d�մϴ�. �� =�� 4ϴ�.

UNIX: setenv

LD_LIBRARY_PATH server_root/bin/https/lib:${LD_LIBRARY_PATH}

IBM-AIX: LIBPATH

HP-UX: SHLIB_PATH

Windows�� ̸� PATH�� ߰��մϴ�.

LD_LIBRARY_PATH server_root/bin/https/bin

�Ʒ� �� ǻ�Ϳ� PATH�� ã; �� ֽ4ϴ�. server_root/https-admin/start.

modutil ��; �Է��մϴ�.

�ɼ�� ˴ϴ�.

�ʿ�� vġ�� մϴ�.

�� PCKS#11 ��; UNIX�� ߰��Ϸx� ��=�� Է��մϴ�.

modutil -add (PCKS#11 �� ̸�) -libfile (PCKS#11�� libfile) -nocertdb -dbdir . (��ϴ� db ��丮)

pk12util ��

pk12util; ��ϸ� �� ͺ��̽�� Ű�� ̸� �� Ǵ� �ܺ� PKCS#11 �� n�� ֽ4ϴ�. ��f�� Ű�� ͺ��̽�� 8��, �ܺ� ��ū�� κ� �� Ű�� 4ϴ�. �⺻��8�� pk12util: cert8.db�� kyes3.db�� ̸�� Ű ��ͺ��̽�� մϴ�.

pk12util; ��Ͽ� ��

��ͺ��̽�� ִ� server_root/alias ��丮�� ̵��մϴ�.

server_root/bin/https/admin/bin; PATH�� ߰��մϴ�.

server_root/bin/https/admin/bin�� pk12util; ã�4ϴ�.

ȯ��; ��d�մϴ�. �� =�� 4ϴ�.

UNIX: setenv

LD_LIBRARY_PATH/server_root/bin/https/lib:${LD_LIBRARY_PATH}

IBM-AIX: LIBPATH

HP-UX: SHLIB_PATH

Windows�� ̸� PATH�� ߰��մϴ�.

LD_LIBRARY_PATH server_root/bin/https/bin

�Ʒ� �� ǻ�Ϳ� PATH�� ã; �� ֽ4ϴ�. server_root/https-admin/start.

pk12util ��; �Է��մϴ�.

�ɼ�� ˴ϴ�.

�ʿ�� vġ�� մϴ�.

�� UNIX�� =�� Է��մϴ�.

pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host]

��ͺ��̽� ��й�ȣ�� Է��մϴ�.

pkcs12 ��й�ȣ�� Է��մϴ�.

pk12util; ��Ͽ� ��n�1�

��ͺ��̽�� ִ� server_root/alias ��丮�� ̵��մϴ�.

server_root/bin/https/admin/bin; PATH�� ߰��մϴ�.

server_root/bin/https/admin/bin�� pk12util; ã�4ϴ�.

ȯ��; ��d�մϴ�. �� =�� 4ϴ�.

UNIX: setenv

LD_LIBRARY_PATH/server_root/bin/https/lib:${LD_LIBRARY_PATH}

IBM-AIX: LIBPATH

HP-UX: SHLIB_PATH

Windows�� ̸� PATH�� ߰��մϴ�.

LD_LIBRARY_PATH server_root/bin/https/bin

�Ʒ� �� ǻ�Ϳ� PATH�� ã; �� ֽ4ϴ�. server_root/https-admin/start

pk12util ��; �Է��մϴ�.

�ɼ�� ˴ϴ�.

�ʿ�� vġ�� մϴ�.

�� UNIX�� =�� Է��մϴ�.

pk12util -i pk12_sunspot [-d certdir][-h "nCipher"][-P https-jones.redplanet.com-jones-]

-P�� ݵ�� -h �ڿ� �־�� ϸ� �� μ�� մϴ�.

�빮�ڿ� �ο� ��ȣ �� ; ��Ͽ� ��ū �̸�; dȮ�� Է��մϴ�.

��ͺ��̽� ��ȣ�� Է��մϴ�.

pkcs12 ��й�ȣ�� Է��մϴ�. �ܺ� �� Ͽ� �� ۵˴ϴ�.

�� ܺ� PKCS#11��(�ϵ�� ӱ� ��)�� ġ�� , server.xml; ��ϰų� �Ʒ�� Ͱ� �� ̸�; ��d�� 8�� Ͽ� �� 4ϴ�.

�� ׻� "Server-Cert"�� ̸�� Ͽ� ��Ϸp� �õ��մϴ�. �׷�� ܺ� PKCS#11 ��⿡ �ִ� �� ش� ID�� ū �̸� �� ϳ�� Ե˴ϴ�. �� ܺ� ��Ʈī�� ǵ��⿡ ��ġ�� "smartcard0"�� , �̸�: "smartcard0:Server-Cert"�� ˴ϴ�.

�ܺ� ��⿡ ��ġ�� Ͽ� �� Ϸx� �� Ǵ� û�� Ͽ� �� ̸�; ��d�ؾ� �մϴ�.

û�� Ͽ� �� ̸� ��


��	û�� Ͽ�� Security�� ʴ� ��쿡�� d�� ǥ�õ�� ʽ4ϴ�. û�� Ͽ� �� ̸�; ��Ϸx� �ݵ�� 켱 û�� Ͽ�� ; ��ϵ�� d�ؾ� �մϴ�. �ڼ�� : "û�� Ͽ� �� d"; ��v�Ͻʽÿ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Preference �� õ�� ʾ�8�� մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

�� Ϸt� û�� Ͽ� �ش��ϴ� Listen Socket ID ��ũ�� ϴ�.

Edit Listen Socket �� ǥ�õ˴ϴ�.

Server Certificate ��Ӵٿ� ��Ͽ�� ش� ��Ͽ� �� մϴ�.

�� Ͽ�� ġ�� ܺ� �� ǥ�õ˴ϴ�.



��	��ġ�� Server Certificate Name ��Ӵٿ� �� ? ǥ�õ˴ϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

�� server.xml ��; ��b ��Ͽ� �� ش� �� Ͽ� ��ϵ�� ֽ4ϴ�. SSLPARAMS�� servercertnickname; ��=8�� մϴ�.

$TOKENNAME ��8�� ; ã8�x� �� Security ��8�� ̵��Ͽ� Manage Certificate ��ũ�� մϴ�. Server-Cert�� ܺ� �� α��ϸ� �ش� �� $TOKENNAME:$NICKNAME �� Ͽ� ǥ�õ˴ϴ�.



��	�ŷ� ��ͺ��̽�� : ��쿡�� ܺ� PKCS#11 ��⿡�� û�ϰų� ��ġ�ϸ� �ڵ�8�� ϴ�. �� ⺻ ��ͺ��̽�� й�ȣ�� 8�� ׼�� 4ϴ�. �ܺ� ��: �۵�� û�ϰų� ��ġ�� 4ϴ�. �⺻ ��ͺ��̽�� й�ȣ �� Create Database�� Security �ǿ�� й�ȣ�� d�մϴ�.

FIPS-140 ǥ��

PKCS#11 API�� ϸ� ��ȣȭ �۾�; ��ϴ� ��Ʈ�� Ǵ� �ϵ�� ֽ4ϴ�. PKCS#11�� ġ�Ǹ� Sun ONE Web Server�� FIPS(Federal Information Processing Standards)-140 ǥ��; �� ֽ4ϴ�. �� ̺귯�� SSL �� 3.0�� ԵǾ� �ֽ4ϴ�.

FIPS-140�� ; �� ÷��; ��ġ�մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�. �� û�� Ͽ� �� Edit Listen Socket �� d�� ǥ�õ˴ϴ�.



��	FIPS-140; ��Ϸx� �� û�� Ͽ�� ǵ�� d�ؾ� �մϴ�. �ڼ�� : "û�� Ͽ� �� d"; ��v�Ͻʽÿ�.

Enable�� õǾ� �� 8�� SSL Version 3 ��Ӵٿ� ��Ͽ�� մϴ�.

�� FIPS-140 ��ȣ fǰ��; ��մϴ�.

(FIPS)56��Ʈ ��ȣȭ�� SHA �޽�� Ե� DES

(FIPS)168��Ʈ ��ȣȭ�� SHA �޽�� Ե� Triple DES

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

Ŭ��̾�Ʈ �� 䱸 �� d

�� ܰ踦 �� , Ŭ��̾�Ʈ�� ߰� �� 䱸 ��; ��d�� ֽ4ϴ�.

Ŭ��̾�Ʈ �� ʼ�ȭ

Administration Server�� û�� ; ��ϵ�� d�ϰ� �� ν��Ͻ�� Ŭ��̾�Ʈ ��; ��û�ϵ�� ֽ4ϴ�. Ŭ��̾�Ʈ ��; ��ϸ� �� 4�; �� Ŭ��̾�Ʈ�� 䱸�մϴ�.

Sun ONE Web Server�� Ŭ��̾�Ʈ �� ִ� CA�� Ŭ��̾�Ʈ �� 8�� ŷڵ� CA�� Ͽ� Ŭ��̾�Ʈ �� մϴ�. Ŭ��̾�Ʈ �� CA�� : Administrator Server�� Security�� ִ� Manage Certificates �� Ȯ�� ֽ4ϴ�. CA�� /��: �� Դϴ�.

Untrusted CA (��ġ�� =)

Trusted Server CA (��ġ�� =)

Trusted Client CA (��ġ��)

Trusted Client/Server CA (��ġ��)

% �� ŷڵ� CA�� /�� : Ŭ��̾�Ʈ�� ź��ϵ�� ֽ4ϴ�. CA�� Ǵ� �ź��Ϸx� �ݵ�� CA�� Ŭ��̾�Ʈ �ŷڸ� ��d�ؾ� �մϴ�. �ڼ�� : �� v�Ͻʽÿ�.

Sun ONE Web Server�� /ȿ �Ⱓ�� 7� ��ϰ� �� ź��ϸ� Ŭ��̾�Ʈ�� ޽�� ݼ��մϴ�. �� Administration Servers Manage Certificates �� Ȯ�� ֽ4ϴ�.

�� Ŭ��̾�Ʈ�� d�� Ͽ� �̸� LDAP ��丮�� ִ� �� ׸�� ϵ�� ֽ4ϴ�. �̷�� ϸ� Ŭ��̾�Ʈ�� /ȿ�ϸ� LDAP ��丮�� ׸�� ǵ�� մϴ�. �� Ŭ��̾�Ʈ �� LDAP ��丮�� ׸� �� ϳ�� ġ�ǵ�� մϴ�. �̿� �� : Ŭ��̾�Ʈ �� LDAP�� ; ��v�Ͻʽÿ�.

Ŭ��̾�Ʈ �� ׼�� f�� v�� 8�Ƿ� �ŷڵ� CA�� 䱸 �� ̿ܿ� �� ڴ� �ݵ�� ׼�� f�� Ģ(ACL)�� ġ�Ǿ�� մϴ�. �ڼ�� : �׼�� f�� ; ��v�Ͻʽÿ�.

�� Ŭ��̾�Ʈ �� d�� ó�� ֽ4ϴ�. �ڼ�� : Sun ONE Web Server 6.1 NSAPI Programmer's Guide�� v�Ͻʽÿ�.

Ŭ��̾�Ʈ �� 䱸

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences ��; ��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

Ŭ��̾�Ʈ ��; �䱸�� û�� Ͽ� �ش��ϴ� Listen Socket ID ��ũ�� ϴ�.

Edit Listen Socket �� ǥ�õ˴ϴ�.

�ش� û�� Ͽ� Ŭ��̾�Ʈ ��; �䱸�Ϸx� Client Authentication ��Ӵٿ� ��Ͽ�� Required�� մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.



��	�� % �� ν��Ͻ�� ϳ�� ŷ� ��ͺ��̽�� x��մϴ�. �ش� �� ν��Ͻ�� Ͽ� ��Ǵ� �� ŷ� �� CA�� /�մϴ�. �� ٸ� �� CA�� ʿ�� 쿡�� ش� �� ŷ� ��ͺ��̽�� ִ� �� ٸ� �� ν��Ͻ�� Ǿ�� մϴ�.

Ŭ��̾�Ʈ �� LDAP��

�� κп�� Sun ONE Web Server�� Ŭ��̾�Ʈ �� LDAP ��丮�� ׸�� ϴ� �� ϴ� �wμ�� մϴ�.

�� Ŭ��̾�Ʈ�� û�� ŵǸ� �̸� ó��ϱ� �� Ŭ��̾�Ʈ�� 䱸�մϴ�. Ŭ��̾�Ʈ�� û�� Բ� Ŭ��̾�Ʈ�� ϴ� ��쵵 �ֽ4ϴ�.

�� CA�� Administration Server�� ִ� �ŷ� CA�� ϰ� ��ġ��Ű�� մϴ�. ��ġ �׸�� 8�� Sun ONE Web Server�� ; ~��մϴ�. ��ġ �׸�� 8�� û ó�� մϴ�.


��	��, Ŭ��̾�Ʈ �� LDAP�� Ϸx� �ʿ�� ACL; ��d�ؾ� �մϴ�. �ڼ�� : �� ׼�� f�� v�Ͻʽÿ�.

Ŭ��̾�Ʈ �� ִ� ��ڿ� �� DN; LDAP ��丮�� б�a�� մϴ�.

LDAP ��丮�� Ŭ��̾�Ʈ �� (��~ ��)�� d�� ġ�ϴ� �׸�� ִ�� ˻��մϴ�.

(��) Ŭ��̾�Ʈ �� DN�� ش��ϴ� LDAP �׸� �� ϳ�� Ȯ��մϴ�.

�� certmap.conf�� ; ��Ͽ� LDAP �˻� ��; ��d�մϴ�. �� Ͽ� �� Ŭ��̾�Ʈ �� n�� (��~ �� ̸�, �� ּ� ��); ��d�մϴ�. �� ̵� ��; ��Ͽ� LDAP ��丮�� ׸�; �˻��, �켱 �� LDAP ��丮�� ˻�; �� 'ġ�� d�ؾ� �մϴ�. �� Ͽ�� 'ġ�� ֽ4ϴ�.

�� ˻�; �� 'ġ�� ˻�� ׸�; ��d�ϸ�(f 1�ܰ�) LDAP ��丮�� ˻�; ��մϴ�(f 2�ܰ�). ��ġ �׸�� ų� ��ġ �׸�� Ȯ��8�� d�� �ʰ� �˻�: ��մϴ�. ��Ǵ� �˻� �� ü ��: �Ʒ�� ǥ 5-1; ��v�Ͻʽÿ�. �� ACL�� Ǵ� �۵�; ��d�� ֽ4ϴ�. �� , Sun ONE Web Server�� ġ�� ϴ� ��쿡�� ϵ�� d�� ֽ4ϴ�. ACL �⺻ ��d�� ڼ�� : �׼�� f�� ; ��v�Ͻʽÿ�.

ǥ 6-1
LDAP �˻� ��
LDAP �˻� ��	�� ON	�� OFF
�˻�� ׸� ��=	��	��
dȮ�� ׸� ��ġ	��	��
�� ׸� ��ġ	��	��

�� LDAP ��丮�� ġ �׸�� ã8�� ش� d�� Ͽ� Ʈ��; ó�� ֽ4ϴ�. �� LDAP ��; ��Ͽ� �� ׼�� d�մϴ�.

certmap.conf ��

�� ο� �� LDAP ��丮�� ׸�; ã�� d�˴ϴ�. certmap.conf�� Ͽ� �̸�8�� õ� �� LDAP �׸�� ġ��Ű�� ; �� ֽ4ϴ�. �� ̸� ��ϰ� �׸�; �߰��Ͽ� LDAP ��丮�� v��; �˻��ϰ� ��ڿ�� ο�� ; ǥ�� ֽ4ϴ�. ��ڴ� �� ̵�, �� Ǵ� subjectDN�� Ǵ� �ٸ� ��; ��8�� ֽ4ϴ�. Ư��, �� Ͽ�� =�� d�� d�ǵ˴ϴ�.

�� ˻�; ��ϴ� LDAP Ʈ�� 'ġ

LDAP ��丮�� ׸�; �˻�� ˻� ��ַ� �� Ӽ�

�� ߰�� d; ��

��Ͽ�� ϳ� �̻�� ̸� �� 8��, �� : �� ٸ� CA�� ˴ϴ�. �� : ��=�� 4ϴ�.

ù ��° ��: �׸�� ̸�� CA �� ִ� ��/ �̸�; ��ϴ� �Ӽ�; ��d�մϴ�. name: ��Ƿ� ��ϴ� �̸�; d�� ֽ4ϴ�. �׷�� issuerDN: �ݵ�� Ŭ��̾�Ʈ �� CA�� DN�� dȮ�� ��ġ�ؾ� �մϴ�. �� Ʒ�� issuerDN �� ̴� �� Ӽ�; ��ϴ� �� ׸�; �� ٸ� ��8�� ó��մϴ�.

certmap sun1 ou=Sun Certificate Authority,o=Sun, c=US
certmap sun2 ou=Sun Certificate Authority,o=Sun, c=US



��	Sun ONE Directory Server�� ϸ� issuerDN; �˻��ϴµ� ��f�� ߻��ϴ� ��쿡�� Directory Server �7� �α׿� /�� d�� ִ�� Ȯ��Ͻʽÿ�.

�̸� �� ° �� : �� d�� մϴ�. certmap.conf ��Ͽ�� d�� ֽ4ϴ�. �� API�� Ͽ� �� d�� d�� ֽ4ϴ�.

DNComps�� ǥ�� и�� Ӽ� ��8��, LDAP ��丮�� d��(��, Ŭ��̾�Ʈ �� /��)�� ġ�ϴ� �׸� �˻�; �� 'ġ�� d�ϴµ� ��մϴ�. �� Ŭ��̾�Ʈ �� ̵� �Ӽ� ��; ��ϰ� ��; ��Ͽ� LDAP DN; ��մϴ�. �׷� �� LDAP ��丮�� ˻�; �� 'ġ�� d�մϴ�. �� , DNComps�� DN�� o�� c �Ӽ�; ��ϵ�� d�ϸ� �� LDAP ��丮�� Ӽ�� o=<org>, c=<country>�� ׸�� ˻�; ��մϴ�. ��⿡�� <org>�� <country>�� DN�� ִ� ��8�� ü�˴ϴ�.

FilterComps�� ǥ�� и�� Ӽ� ��8�� Ŭ��̾�Ʈ �� ִ� �� DN�� d�� Ͽ� ��͸� �� մϴ�. �� ̵� �Ӽ�� ; ��Ͽ� LDAP ��丮�� ׸�; ��ϴµ� �� ˻� ��ָ� ��մϴ�. LDAP�� d�� ġ�ϴ� �׸�� ϳ� �̻� �˻�Ǵ� �� ˻�: ��̸� �� 8�� ; ��մϴ�.

�� FilterComps�� ϰ� �� ̵� �Ӽ�; ��ϵ�� d�ϴ� ��(FilterComps=e, uid), �� 丮�� ϰ� �� ̵� �� Ŭ��̾�Ʈ �� d�� ġ�ϴ� �׸�; �˻��մϴ�. �� ּҿ� �� ̵�� 丮�� /�� ׸��̹Ƿ� ��: ��Դϴ�. LDAP ��ͺ��̽�� ϳ�� ׸� �˻��Ϸx� ��Ͱ� ��ü��̾�� մϴ�.

x509v3 �� Ӽ� ��: ��= ǥ�� v�Ͻʽÿ�.

ǥ 6-2 x509v3 �� Ӽ�
�Ӽ�	��
c	��
o	v��
cn	�� ̸�
l	'ġ
st	��
ou	v�� '
uid	UNIX/Linux �� ̵�
email	�� ּ�

��Ϳ� �Ӽ� �̸�: LDAP ��丮�� ƴ� �� Ӽ� �̸��̾�� մϴ�. �� Ϻ� �� ּҿ� �Ӽ�8�� e�� ִ� �ݸ� LDAP�� Ӽ�� ̸�: mail�Դϴ�.

�� verifycert�� d�� Ŭ��̾�Ʈ�� LDAP ��丮�� ˻�� d�մϴ�. ��: ON�̰ų� OFF�Դϴ�. �� d�� LDAP ��丮�� ִ� ��쿡�� ؾ� �մϴ�. �� : ��~ �� /ȿ�ϸ� ��ҵ�� ʾҴ�� Ȯ��ϴ� �� /��մϴ�.

CmapLdapAttr: LDAP ��丮�� ִ� �Ӽ� �̸�8�� ڿ�� DN; ��մϴ�. �� d�� ⺻��: certSubjectDN�Դϴ�. �� d�� ǥ�� LDAP �Ӽ�� ƴϹǷ� �� d�� Ϸx� �ݵ�� LDAP ��Ű�� Ȯ��ؾ� �մϴ�. �ڼ�� : Introduction to SSL; ��v�Ͻʽÿ�.

certmap.conf�� d�� 8�� ü LDAP ��丮�� Ӽ�� ü DN(�� n�� DN)�� ġ�ϴ� �׸�; �˻��մϴ�. �ش� �׸�� ˻�� ʴ� �� DNComps�� FilterComps ��; ��Ͽ� �ٽ� �˻��մϴ�.

�� LDAP �׸�� ġ��Ű�� b�� : DNComps�� FilterComps�� Ͽ� �׸�; ��ġ��Ű�� /��մϴ�.

Library�� / ��̺귯�� Ǵ� DLL�� ̸�� d��Դϴ�. �� d�� API�� Ͽ� ��ü�� d�� 쿡�� մϴ�. �ڼ�� : NSAPI Programmer's Guide�� v�Ͻʽÿ�.

InitFn: �� d�� ̺귯�� ִ� init �Լ�� ̸�� d��Դϴ�. �� d�� API�� Ͽ� ��ü�� d�� 쿡�� մϴ�.

�� d�� d��

Ŭ��̾�Ʈ �� API�� Ͽ� ��ü�� d�� ֽ4ϴ�. Ŭ��̾�Ʈ �� API �wα׷��ְ� �� : NSAPI Programmer's Guide�� v�Ͻʽÿ�.

<name>:library <path_to_shared_library>
<name>:InitFn <name_of_init_function>

�� f

certmap.conf ��Ͽ�� ּ�� ̻�� ׸�� ־�� մϴ�. certmap.conf ��; ��ϴ� �پ�� : ��= ��f�� ̴� �Ͱ� ��4ϴ�.

��f 1

�� f�� ϸ� �� ou=<orgunit>, o=<org>, c=<country> �׸�; ��ϴ� LDAP �б�a�� ˻�; ��ϸ�, ��⿡�� <>�� ؽ�Ʈ�� Ŭ��̾�Ʈ �� ִ� �� DN�� 8�� ü�˴ϴ�.

�� , �� ִ� �� ּҿ� �� ̵� ��; ��Ͽ� LDAP ��丮�� ġ�ϴ� �׸�� ִ�� ˻��մϴ�. �׸�� ˻�Ǹ� �� Ŭ��̾�Ʈ�� 丮�� ִ� �� Ͽ� �� մϴ�.

��f 2

�� ̱� �� 񽺰� �ƴ� �ٸ� �� ŵǸ� �⺻ ��; ��մϴ�. �� LDAP Ʈ�� ܿ�� Ͽ� Ŭ��̾�Ʈ�� ̵�� ġ�ϴ� �׸�; �˻��մϴ�. �̱� �� v�� '�� ϴ� LDAP �б⿡�� ˻�; ��ϸ� ��ġ�ϴ� �� ּҸ� �˻��մϴ�. �� USPS�� ̸� �� Ÿ �� ʽ4ϴ�.

��f 3


��	�� DN(��, CA d��): �ݵ�� ù ��° �� Ͽ� �ִ� �� DN�� ؾ� �մϴ�. �� f�� o=United States Postal Service,c=US�� DN�� o�� c �Ӽ� ��̿� �� 8�Ƿ� ��ġ�� ʽ4ϴ�.

��= ��f�� CmapLdapAttr �� d�� Ͽ� LDAP ��ͺ��̽�� certSubjectDN�̶�� ϴ� �Ӽ�; �˻��մϴ�. �� Ӽ�� : Ŭ��̾�Ʈ �� n�� DN ��ü�� dȮ�� ġ�մϴ�.

��ġ�ϴ� �׸�� ϳ� �̻�� 쿡�� ׸�; ��մϴ�. �˻�� ׸�� DNComps�� FilterComps�� Ͽ� ��ġ�ϴ� �׸�; �˻��մϴ�. �� f�� o=LeavesOfGrass Inc, c=US �Ʒ�� ׸񿡼� uid=Walt Whitman; �˻��մϴ�.


��	�� f�� LDAP ��丮�� certSubjectDN �Ӽ�� ִ� �׸�� Ե� ��8�� d�մϴ�.

�� d

Stronger Ciphers �ɼǿ�� ׼��8�� 168, 128 �Ǵ� 56��Ʈ �� Ű ũ�⸦ ��ϰų� f��; ��d�� ; �� ֽ4ϴ�. f�ѿ� �� ʴ� �� 񽺵� ��; ��d�� ֽ4ϴ�. ��; ��d�� 8�� Sun ONE Web Server�� "Forbidden" ��¸� ��ȯ�մϴ�.

�� ׼�� Ű ũ�Ⱑ Security Preferences�� ȣ ��d�� ʴ� �� Sun ONE Web Server�� ū �� Ű�� ȣ�� ؾ� �Ѵٴ� �� ȭ ��ڰ� ǥ�õ˴ϴ�.

�� Ű ũ�� f��: Service fn=key-toosmall�� ƴ� obj.conf�� NSAPI PathCheck ��ù�; ��8�� ˴ϴ�. ��ù�: ��=�� 4ϴ�.

��⿡�� <nbits>�� Ű�� ʿ�� ּ� ��Ʈ ��̸� <filename>: f��; ��w�� ʴ� �� 񽺵� �� ̸�(URL �ƴ�)�Դϴ�.

SSL; �� ʰų� secret-keysize �Ű� �� d�� : �� PathCheck�� REQ_NOACTION; ��ȯ�մϴ�. �� Ű ũ�Ⱑ ��d�� secret-keysize�� : ��, bong-file�� d�� 8�� Լ�� REQ_ABORTED�� PROTOCOL_FORBIDDEN ��¿� �Բ� ��ȯ�մϴ�. �׷�� : �� REQ_PROCEED�� ȯ�ϸ� "path" �� bong-file <filename>8�� d�˴ϴ�. �� Ű ũ�� f��; ��w�� : �� ǿ� SSL �� ĳ�ð� ��ȿȭ�Ǿ� ��= �� Ŭ��̾�Ʈ�� ϸ� ��ü SSL �ڵ��ũ�� ߻��մϴ�.


��	Stronger Ciphers ��; ��ϸ� PathCheck fn=ssl-check�� ߰�� ü�� ˻�Ǵ� Service fn=key-toosmall ��ù�� f�ŵ˴ϴ�.

Server Manager�� ׼��ϰ� ��Ӵٿ� ��Ͽ�� ν��Ͻ�� մϴ�.

Virtual Server Class ��; ��ϴ�.

��Ӵٿ� ��Ͽ�� Ŭ�� ; ��ϰ� Manage�� ϴ�.

Class Manager �� ǥ�õ˴ϴ�.

Content Mgmt ��; ��մϴ�.

Stronger Ciphers�� մϴ�.

��= �� ɼ� �� մϴ�.

��Ӵٿ� ��

Browse ��

Wildcard ��

�� Ű ũ�� f��; ��մϴ�.

168 bit or larger

128 bit or larger

56 bit or larger

No restrictions

�׼�� ź�� ޽�� 'ġ�� Է��մϴ�.

OK�� ϴ�.

Apply�� ϴ�.

Hard Start/Restart�� ϰų� ��8�� մϴ�.

�߰� ��

�� ȣ�� ص��Ϸt� �õ� �ܿ�� ٸ� �� '�� ֽ4ϴ�. ��Ʈ��ũ�� d�� ׼��Ϸt� �پ�� ; ��ϴ� �ܺ� �� Ŀ�� '�迡 �� ֽ4ϴ�.

�� ȣȭ�� ϴ� �� ̿ܿ� �߰�� vġ�� ؾ� �մϴ�. �� ǻ�͸� �� 'ġ��Ű�ų� �ŷڵ�� : �� wα׷�; �ø�� ϵ�� ؾ� �մϴ�.

��f �׼�� f��

�� ׼�� f��

�� й�ȣ ��

��й�ȣ �Ǵ� PIN ��

�� Ÿ �?� �wα׷� f��

Ŭ��̾�Ʈ�� SSL ��; ĳ�� ϵ��

��Ʈ f��

�� Ѱ� �ľ�

�� ȣ�� '�� ߰� ��

��f �׼�� f��

�� ~~ �� ֽ4ϴ�. �� ǻ�͸� �� ġ�� ִ� �� 'ġ�� ִ� ��  �� ֵ�� մϴ�. �̷�� ϸ� �� ǻ�� ü�� ŷ�� մϴ�.

�� ׼�� f��

�� ; ��ϴ� �� ڿ� ��ǻ�Ϳ�� ϵ�� ׼�� f� ��d�ؾ� �մϴ�. Administrator Server�� LDAP ��ڿ�� LDAP �� 丮 d�� ׼�� ο��ϵ�� ϴ� ��, SSL; ��ϴ� Administration Server�� ; �ϰ� ��ڰ� ��Ÿ Administration Server�� ׼�� ֵ�� Administration Server�� /�� Ŭ�� ; ��Ͻʽÿ�.

�� Administration Server�� ȣȭ�� ؾ� �մϴ�. �� SSL ��; �� ʴ� ��쿡�� ȵ�� : ��Ʈ��ũ�� Ͽ� �� v��ؾ� �մϴ�. �� й�ȣ�� ä�� 籸�� ֽ4ϴ�.

�� й�ȣ ��

�� й�ȣ, �� Ű ��й�ȣ, ��ͺ��̽� ��й�ȣ �� й�ȣ�� մϴ�. �� й�ȣ�� ǻ�Ϳ� �ִ� �� 8�Ƿ� �� ߿�� й�ȣ�Դϴ�. �� Ű ��й�ȣ�� =8�� ߿�� й�ȣ�Դϴ�. �� Ű�� Ű ��й�ȣ�� 8�� 8�� ̴� ��¥ �� ų� �� 0� �� ; ��ä�� ֽ4ϴ�.

��: ��й�ȣ�� ڽ�: �� ٸ� ��: �� й�ȣ�Դϴ�. �� Mci12!mo�� "My Child is 12 months old!"�� ; ��Դϴ�. �� й�ȣ�� ڳ�� ̸��̳� ��Դϴ�.

�ص��ϱ� �� й�ȣ

�ϳ�� й�ȣ�� =�� Ģ; �� ؾ� �ϴ� ��: �ƴ�� : ��Ģ; �� й�ȣ�� ˾Ƴ�� Դϴ�.

��й�ȣ�� ̴� 6-14��ڿ�� մϴ�. Mac ��й�ȣ�� ̴� 8�� ̻�� 4ϴ�.

*, " �Ǵ� �� "��" ��ڸ� ��ϸ� �ȵ˴ϴ�.

�� ܾ ��ϸ� �� ˴ϴ�(�� ).

E�� 38��, L; 1�� ϴ� �� Ϲ�� ü�� ʽÿ�.

��= ~�� ڸ� �� Խ�ŵ�ϴ�.

�빮��

�ҹ��

��

��ȣ

��й�ȣ �Ǵ� PIN ��

�ֱ��8�� ŷ� ��ͺ��̽�/Ű�� й�ȣ �Ǵ� PIN; ��ϴ� �� }4ϴ�. Administration Server�� SSL; ��ϴ� �� й�ȣ�� ʿ��մϴ�. �ֱ��8�� й�ȣ�� ϸ� �� ȣ�� ܰ� �� ֽ4ϴ�.

�� й�ȣ�� ǻ�Ϳ�� ؾ� �մϴ�. ��й�ȣ�� ϴ� �� ؾ� �� ħ: �ص��ϱ� �� й�ȣ�� v�Ͻʽÿ�.

��й�ȣ ��

Administration Server �Ǵ� �� ν��Ͻ�� ŷ� ��ͺ��̽�/Ű�� й�ȣ�� Ϸx� ��=�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��մϴ�.

Server Manager�� ݵ�� Ӵٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Change Password ��ũ�� մϴ�.

��Ӵٿ� ��Ͽ�� й�ȣ�� Ϸt� �� ū; ��մϴ�.

�⺻8�� ̴� �� Ű ��ͺ��̽�� "��" ��й�ȣ�Դϴ�. PKCS#11 �� ġ�� ū �� ǥ�õ˴ϴ�. Change Password ��ũ�� ϴ�.

�� й�ȣ�� Է��մϴ�.

�� й�ȣ�� ٽ� �Է��մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� = Restart�� ǵ�� մϴ�.

Ű�� ȣ�Ǵ�� Ȯ��Ͻʽÿ�. Administration Server�� Ű �� ; server_root/alias ��丮�� մϴ�. �� ǻ�Ϳ� ��ġ�� Sun ONE �� ش� ��ϰ� ��丮�� ; �� ֵ�� ϴ� ��츦 �� ֽ4ϴ�.

�� Ǿ� �ִ�� Ǵ� ��Ÿ �ٸ� �� ç ��ɼ�� ִ�� Ȯ��ϴ� �� ߿��մϴ�. �� ; �� Ϻ��ϰ� ��ȣ�ؾ� �մϴ�.

�� Ÿ �?� �wα׷� f��

�� ǻ�Ϳ�� Ǵ� �� ?� �wα׷�; ��ϰ� ��ؾ� �մϴ�. �� Ǵ� �ٸ� �wα׷�� a; Ȱ��Ͽ� �� ; ��ȸ�ϴ� �� մϴ�. �ʿ�� : �� wα׷�� 񽺸� ~��մϴ�. �� UNIX sendmail ��: ��ϰ� ��ϴ� �� ǻ�Ϳ�� طο� �wα׷�; ��ϵ�� wα׷�� ֽ4ϴ�.

UNIX �� Linux

inittab �� rc ��ũ��Ʈ�� ϴ� �wμ�� ϰ� ��մϴ�. �� ǻ�Ϳ�� telnet �Ǵ� rlogin; ��ϸ� �� ˴ϴ�. �� ǻ�Ϳ� rdist�� 8�� ˴ϴ�. �̴� ��; �� 8�� ǻ�� ; ��Ʈ�ϵ�� ֽ4ϴ�.

Windows

�ٸ� ��ǻ�Ϳ� ��/�� ̺� �� 丮�� մϴ�. �� d�̳� Guest ��; �ο�� ڸ� ��մϴ�.

��  �wα׷�� ٸ� �� ġ�� wα׷�; �� ؾ� �մϴ�. �ٸ� �� wα׷�� a�� ; �� ֽ4ϴ�. �� Ư�� ; �ջ��Ű�� ε� �� wα׷�; ��ε�� ֽ4ϴ�. �� wα׷�; ��ϱ� �� ϰ� �wα׷�; ��ؾ� �մϴ�.

Ŭ��̾�Ʈ�� SSL ��; ĳ�� ϵ��

HTML�� ִ� �� <HEAD> �κп� ��= ��; �߰��Ͽ� Ŭ��̾�Ʈ�� ̸� ��ȣȭ�� ; ĳ�� ֽ4ϴ�.

��Ʈ f��

��ǻ�Ϳ�� ʴ� ��Ʈ�� Ȱ��ȭ�մϴ�. �� Ǵ� ��ȭ�� ; ��Ͽ� ��8�� ּ� ��Ʈ ��Ʈ �̿�� 8�� ϴ� ��߰� ��; ��մϴ�. �̷�� ϸ� ��f�� ̹� f�ѵ� �� 'ġ�� ǻ�͸� �� ǻ�Ϳ�� ; �� ְ� �˴ϴ�.

�� Ѱ� �ľ�

�� Ŭ��̾�Ʈ ��̿� �� ; f��մϴ�. Ŭ��̾�Ʈ�� ϴ� d�� /�ϸ� d�� ; f�� 8�� ǻ�� ü�� ش� ��丮 �� Ͽ� �� ׼�� f�� 4ϴ�.

�̷�� f��; �˰� ��8�� ؾ� �� Ȳ; ��ϴ� �� ˴ϴ�. �� SSL ��; ��Ͽ� �ſ� ī�� ȣ�� 8�� ȣ�� ǻ�� Ͽ� ��Ǿ� ��;��? SSL �� ~�� ȣ�� �� ɱ��? Ŭ��̾�Ʈ�� SSL; ��Ͽ� �۽��ϴ� �� d�� å�� ֽ4ϴ�.

�� ȣ�� '�� ߰� ��

��ȣ�� ȣ�� : �� Ϸx� ��ȣ�� : �� ȣ�� ٸ� ��ǻ�Ϳ�� ؾ� �մϴ�. �ڿ�� Ѱ�� Ͽ� ��ȣ�� : �� ȣ�� ǻ�Ϳ�� ؾ� �ϴ� ��쿡�� =�� մϴ�.

�� Ʈ ��ȣ�� d�մϴ�. ��ȣ�� ȣ�� : �� ݵ�� ٸ� ��Ʈ ��ȣ�� d�ǵ�� ؾ� �մϴ�. ��ϵ� �⺻ ��Ʈ ��ȣ�� =�� 4ϴ�.

443 - ��ȵ� ��

80 - ��ȵ�� : ��

UNIX �Ǵ� Linux�� Ʈ ��丮�� chroot ��; ��մϴ�. ��ȣ�� : �� chroot�� Ͽ� ��d�� Ʈ�� v�ϰ� �˴ϴ�.

chroot�� ϸ� �� Ưd ��丮�� f��ϴ� f 2�� Ʈ ��丮�� ֽ4ϴ�. �� : ��ȣ�� : �� ġ�� ֽ4ϴ�. �� Ʈ ��丮�� /dl/ms�� ֽ4ϴ�. �׷� ��, % �� Ʈ ��丮�� ׼��ϸ� ��f�� dl/ms�� ׼��ϰ� �˴ϴ�. �� /dev�� ׼��Ϸp� �õ��ϸ� /dl/ms/dev�� ׼��ϰ� �˴ϴ�. �̷�� ϸ� ��f ��Ʈ ��丮�� Ͽ� �� ׼�� ʰ� UNIX/Linux �ý��ۿ�� % �� ֽ4ϴ�.

�׷�� chroot�� ϴ� ��, �Ʒ�� ׸�� ̴� �Ͱ� �� ü ��Ʈ ��丮�� Sun ONE Web Server�� 䱸�ϴ� ��ü ��丮 ��v�� մϴ�.

�� Ŭ�� chroot ��d

Server Manager�� ׼��ϰ� ��Ӵٿ� ��Ͽ�� ν��Ͻ�� մϴ�.

Virtual Server Class ��; ��մϴ�.

Edit Classes ��ũ�� ϴ�.

chroot�� d�Ϸt� Ŭ�� Option�� Edit�� d�Ǿ�� Ȯ��մϴ�.

�ش� Ŭ�� Advanced ��ư; ��ϴ�.

Virtual Servers CGI Settings �� ǥ�õ˴ϴ�.

Chroot �ʵ忡 ��ü ��θ� �Է��մϴ�.

OK�� ϴ�.

Apply�� ϴ�.

Load Configuration Files�� Ͽ� ��8�� մϴ�.

�� chroot ��d

Server Manager�� ׼��ϰ� ��Ӵٿ� ��Ͽ�� ν��Ͻ�� մϴ�.

Virtual Server Class ��; ��մϴ�.

Server�� Tree View�� chroot�� 丮�� d�Ϸt� �� ũ�� ϴ�.

Settings ��; ��մϴ�.

Settings �� ǥ�õ˴ϴ�.

Chroot Directory �� Set to �ʵ忡 ��ü ��θ� �Է��մϴ�.

OK�� ϴ�.

Apply�� ϴ�.

Load Configuration Files�� Ͽ� ��8�� մϴ�.

�� Class Manager Virtual Servers �ǰ� CGI Settings ��ũ�� Ͽ� �� chroot ��丮�� d�� ֽ4ϴ�.

�� 8�� chroot ��丮�� d�ϴ� �� ڼ�� : Sun ONE Web Server 6.1 Programmer's Guide�� v�Ͻʽÿ�.

6�� ���� �� Ű ���

���� ��� ����

����� ���� ���

���� ����

Ŭ���̾�Ʈ ����

���� ���� ����

�ŷ� �����ͺ��̽� ��

�ŷ� �����ͺ��̽� ��

password.conf ���

SSL ��� ���� �ڵ� ����

VeriSign ���� ��û �� ��ġ

VeriSign ���� ��û

VeriSign ���� ��ġ

��Ÿ ���� ���� ��û �� ��ġ

�ʼ� CA d��

��Ÿ ���� ���� ��û

��Ÿ ���� ���� ��ġ

���� ��ġ

��׷��̵�� ���� ���̱׷��̼�

���� ��Ʈ ���� ��� ���

���� ��

CRL �� KRL ��ġ/��

CRL �Ǵ� CKL ��ġ

CRL �� CKL ��

���� �⺻ ��d

SSL �� TLS �w�����

LDAP���� ��ſ� SSL ���

û�� ���Ͽ� ���� ��� ��d

���� ��� ���

û�� ����; ���� �� ���� ��� ��� ��d

û�� ����; ������ �� ���� ��� ��� ��d

û�� ���Ͽ� ���� ���� ����

��ȣ ����

���� ���� ����

SSLSessionTimeout

����

SSLCacheEntries

SSL3SessionTimeout

����

�ܺ� ��ȣȭ ��� ���

PKCS#11 ��� ��ġ

modutil; ����Ͽ� PKCS#11 ��� ��ġ

pk12util ���

pk12util; ����Ͽ� ��������

pk12util; ����Ͽ� ��n�1�

û�� ���Ͽ� ���� �̸� ����

FIPS-140 ǥ��

Ŭ���̾�Ʈ ���� �䱸 ���� ��d

Ŭ���̾�Ʈ ���� �ʼ�ȭ

Ŭ���̾�Ʈ ���� �䱸

Ŭ���̾�Ʈ ����� LDAP�� ����

certmap.conf ���� ���

����� d�� ��� d�� ��

���� ��f

��f 1

��f 2

��f 3

��� ���� ��d

�߰� ���� ��� ����

��f �׼��� f��

�� �׼��� f��

������ ��й�ȣ ����

�ص��ϱ� ��� ��й�ȣ

��й�ȣ �Ǵ� PIN ����

��й�ȣ ����

����� ��Ÿ �?� �wα׷� f��

UNIX �� Linux

Windows

Ŭ���̾�Ʈ�� SSL ����; ĳ������ ���ϵ��� ����

��Ʈ f��

������ �Ѱ� �ľ�

���� ��ȣ�� '�� �߰� ���� ���

���� ���� Ŭ������ chroot ��d

���� ����� chroot ��d

6��
�� Ű ��

��

��

��

Ŭ��̾�Ʈ ��

��

�ŷ� ��ͺ��̽� ��

�ŷ� ��ͺ��̽� ��

password.conf ��

SSL �� ڵ� ��

VeriSign �� û �� ġ

VeriSign �� û

VeriSign �� ġ

��Ÿ �� û �� ġ

��Ÿ �� û

��Ÿ �� ġ

�� ġ

��׷��̵�� ̱׷��̼�

�� Ʈ ��

��

�� ⺻ ��d

SSL �� TLS �w��

LDAP�� ſ� SSL ��

û�� Ͽ� �� d

��

û�� ; �� d

û�� ; �� d

û�� Ͽ� ��

��ȣ ��

��

��

��

�ܺ� ��ȣȭ ��

PKCS#11 �� ġ

modutil; ��Ͽ� PKCS#11 �� ġ

pk12util ��

pk12util; ��Ͽ� ��

pk12util; ��Ͽ� ��n�1�

û�� Ͽ� �� ̸� ��

Ŭ��̾�Ʈ �� 䱸 �� d

Ŭ��̾�Ʈ �� ʼ�ȭ

Ŭ��̾�Ʈ �� 䱸

Ŭ��̾�Ʈ �� LDAP��

certmap.conf ��

�� d�� d��

�� f

�� d

�߰� ��

��f �׼�� f��

�� ׼�� f��

�� й�ȣ ��

�ص��ϱ� �� й�ȣ

��й�ȣ �Ǵ� PIN ��

��й�ȣ ��

�� Ÿ �?� �wα׷� f��

Ŭ��̾�Ʈ�� SSL ��; ĳ�� ϵ��

�� Ѱ� �ľ�

�� ȣ�� '�� ߰� ��

�� Ŭ�� chroot ��d

�� chroot ��d