5 �� Ű ��

�� 忡�� Ű ��; ��Ͽ� secure Sun Java System Web Proxy Server�� ; ��ϴ� �� մϴ�. Proxy Server�� Sun Java System �� Ű��ó�� ϸ�, �ִ�� ȣ ��뼺�� ϰ�; '�� ǥ�� w��; ��8�� Ǿ�4ϴ�.

�� 忡�� ڰ� ��ȣȭ �� ȣȭ, �� Ű, �� , ��ȣȭ �w�� : �� Ű ��ȣȭ�� ⺻ ��; �˰� �ִٰ� ��d�մϴ�. �ڼ�� : SSL ���� v�Ͻʽÿ�.

��

��: �ź�; Ȯ��ϴ� ��d�Դϴ�. ��Ʈ��ũ ��ȣ�ۿ��̶�� ƶ�� : �� ٸ� �� ź�; ��Ȯ�� Ȯ��ϴ� ��Դϴ�. �� ; ��ϴ� �� Դϴ�.

�� , ȸ�� Ǵ� ��Ÿ ��ü�� ̸�; ��ϴ� �� ͷ� ��Ǹ� �� Ե� �� Ű�� ش� ��ü�� /�� ˻��մϴ�.

Ŭ��̾�Ʈ�� ֽ4ϴ�. �� ̶� Ŭ��̾�Ʈ�� ź�; Ȯ��ϴ� ��; ��մϴ�. ��, Ưd ��Ʈ��ũ �ּҿ�� å�� ִ� ��ü�� ź�; Ȯ��ϴ� ��Դϴ�. Ŭ��̾�Ʈ ��̶� �� Ŭ��̾�Ʈ�� ź�; Ȯ��ϴ� ��8��, ��, Ŭ��̾�Ʈ ��Ʈ�� ��ϴ� �� ź�; Ȯ��ϴ� ��Դϴ�. �� ź��; �� ִ� ��ó�� Ŭ��̾�Ʈ�� ; �� ֽ4ϴ�.

�� (�Ǵ� CA)�� ϰ� ��з� ��˴ϴ�. CA�� Ǹ��ϴ� ȸ��̰ų�, ȸ�� Ʈ�� Ǵ� �ͽ�Ʈ��ݿ�8�� ϴ� �μ�� ֽ4ϴ�. �ٸ� �� ź�; Ȯ��ϴ� �� ŷ�� ִ� CA�� մϴ�.

�� Ͽ� Ȯ�εǴ� �� Ű�� ü�� ̸�� Ͽ� �� , �� CA�� ̸� �� CA�� Ե˴ϴ�.


��	�� ݵ�� ȣȭ ��; ��ϱ� �� ġ�Ǿ�� մϴ�.

�ŷ� ��ͺ��̽� ��

�� û�ϱ� �� ݵ�� ŷ�� ִ� ��ͺ��̽�� մϴ�. Proxy Server�� Administration Server�� ν��Ͻ�� ü�� ŷ� ��ͺ��̽�� ο�� ֽ4ϴ�. �ŷ� ��ͺ��̽�� ǻ�Ϳ�� ֽ4ϴ�.

�ŷ� ��ͺ��̽�� Ű �� Ͽ�8�� ȣ�� d�մϴ�. �� ȣȭ�� ; ��Ͽ� �� ȣ�� ʿ��մϴ�. ��ȣ�� ϴ� �� ؾ� �� ħ: �� ȣ ��; ��v�Ͻʽÿ�.

�ŷ� ��ͺ��̽�� Ű�� ֽ4ϴ�. �̴� Ű �� ̶�� մϴ�. Ű �� : SSL ��ȣȭ�� ˴ϴ�. Ű �� : �� û�ϰ� ��ġ�� մϴ�. �� ġ�Ǹ� �ŷ� ��ͺ��̽�� ˴ϴ�.

Administration Server�� ϳ�� ŷ� ��ͺ��̽�� ֽ4ϴ�. �� ν��Ͻ�� ü�� ŷ� ��ͺ��̽�� ο�� ֽ4ϴ�.

�ŷ� ��ͺ��̽�� x� ��=�� մϴ�.

password.conf ��

�⺻��8�� ϱ� �� ڿ�� Ű ��ͺ��̽� �� ȣ�� Է��϶�� w��Ʈ�� Proxy Server�� ǥ�õ˴ϴ�. �� ۾�8�� Proxy Server�� Ϸx� �� ȣ�� password.conf��Ͽ� �� ƾ� �մϴ�. �ý�� ȣ�Ǿ� �� ϰ� Ű ��ͺ��̽�� v�۵�� ; ��쿡�� ; ��Ͻʽÿ�.

�� UNIX SSL; ��ϴ� �� ϱ� �� ȣ�� ʿ��ϹǷ� /etc/rc.local �Ǵ� /etc/inittab ��; �� 4ϴ�. �� ȣ�� Ϲ� �ؽ�Ʈ ��Ͽ� ��Ͽ� SSL; ��ϴ� �� ڵ�8�� 8��, �̴� �� ʽ4ϴ�. �� password.conf ��: ��Ʈ �Ǵ� �� ġ�� /�� ϸ�, �� /�ڸ� �� ; �а� �� ־�� մϴ�.

UNIX�� SSL; ��ϴ� �� ȣ�� password.conf ��Ͽ� ��ܵθ� ��Ȼ�� '�� Ŀ��ϴ�. ��Ͽ� �׼�� ִ� ��ڴ� �� SSL; ��ϴ� �� ȣ�� ֽ4ϴ�. SSL; ��ϴ� �� ȣ�� password.conf ��Ͽ� ��ϱ� �� '�迡 �� ؾ� �մϴ�.

Windows�� NTSF �� ý��; ��ϴ� ��, password.conf ��; �� ʴ� �� ִ� ��丮�� ׼�� f��Ͽ� ��ȣ�ؾ� �մϴ�. ��丮�� Administration Server �� Proxy Server ��ڿ� �б� �� ־�� մϴ�. ��丮�� ȣ�ϸ� �ٸ� �� ߸�� password.conf ��; �� մϴ�. FAT �� ý�� ׼�� f��ϴ� ��쿡�� 丮�� ȣ�� 4ϴ�.

SSL; ��ϴ� �� ڵ� ��

SSL; ��ϴ� �� ڵ� ��Ϸx� ��=�� մϴ�.

SSL; ��ϵ�� d�Ǿ�� Ȯ��մϴ�.

Proxy Server �ν��Ͻ�� config ��' ��丮�� password.conf ��; �� ϴ�.

Proxy Server�� Բ� f��Ǵ� �� PKCS#11 ��Ʈ�� ȣȭ ��; ��ϴ� ��쿡�� = d�� Է��մϴ�.
internal:your_ password

�ٸ� PKCS #11 ��(�ϵ�� ȣȭ �Ǵ� �ϵ�� ӱ��); ��ϴ� ��쿡�� ش� PKCS #11 �� ̸� ��=�� ȣ�� d�մϴ�. ��:
nFast:your_ password

password.conf ��; �� Ķ� Proxy Server�� ׻� �� ȣ�� Է��϶�� w��Ʈ�� ǥ�õ˴ϴ�.

VeriSign �� û �� ġ

VeriSign: Proxy Server �� (CA)�Դϴ�. �� ȸ�� : �� û �wμ�� ȭ�մϴ�. VeriSign�� b ȸ�� ִٴ� ��a�� ֽ4ϴ�.

�� ŷ� ��ͺ��̽�� û�ϰ� �̸� ��(CA)�� f�� ֽ4ϴ�. ȸ�翡 �� CA�� ִ� ��쿡�� ش� �μ�� û�մϴ�. �� CA�κ�� ȹ�� 쿡�� CA�� ϰ� �ʿ�� d�� ִ�� մϴ�.

Administration Server�� ϳ�� ο�� ֽ4ϴ�. �� ν��Ͻ�� ü�� ο�� ֽ4ϴ�.

VeriSign �� û

VeriSign �� û�Ϸx� ��=�� մϴ�.

VeriSign �� ġ

VeriSign �� ġ�Ϸx� ��=�� մϴ�.

��Ÿ �� û �� ġ

VeriSign �ܿ�� ٸ� �� û�Ͽ� ��ġ�� ֽ4ϴ�. ȸ�糪 v�� ü�� f�� ֽ4ϴ�. ��⿡�� ٸ� ~�� û�ϰ� ��ġ�ϴ� �� մϴ�.

�ʼ� CA d��

��û �wμ�� ϱ� �� CA�� 䱸�ϴ� d�� ˾ƾ� �մϴ�. ��û�Ǵ� d�� : CA�� ٸ�� =�� : d�� Է��ϵ�� û�մϴ�. �� d�� κ�: �� 쿡�� ʿ�� ʽ4ϴ�.

Requestor name.�� ̸��Դϴ�.

Telephone number.��û�� ȭ��ȣ�Դϴ�.

Common name.DNS vȸ�� Ǵ� /ȿ�� ȣ��Ʈ �̸��Դϴ�(��: www.example.com).

Email address.��ü�� CA �� ſ�8�� ּ��Դϴ�.

Organization.ȸ��, ��0��, ��ü �� , �� ̸��Դϴ�. ��κ�� CA�� d�� (�� )�� Ȯ�� ; �䱸�մϴ�.

Organizational unit.ȸ�� v�� '�� Դϴ�.

Locality.v�� , �� Ǵ� �� Դϴ�.

State or Province.ȸ�簡 'ġ�� Ǵ� ��Դϴ�.

Country.�� ̸�� ڸ� ��Դϴ�(ISO ��). �̱�� ڵ�� US�̸�, �ѱ�: KR�Դϴ�.

�� d�� DN(Distinguished Name)�̶�� ϴ� �Ϸ�� Ӽ� �� 8�� v�յǾ� �� ü�� /�ϰ� ��մϴ�.

�� CA�� ϴ� ��쿡�� ݵ�� CA�� Ͽ� �� ϱ� '�Ͽ� �ʿ�� ߰� d�� ִ�� Ȯ��ؾ� �մϴ�. ��κ�� CA�� źп� �� ; �䱸�մϴ�. �� , ȸ�� ̸�� Ȯ��, ȸ�簡 �� ϵ�� d�� ; Ȯ��ϸ� ��ڰ� f��ϴ� d�� ִ�� Ȯ�� Դϴ�.

�Ϻ� �� CA�� Ϻ�� ź�; f��ϴ� v��̳� ��ο�� ڼ��ϰ� dȮ�� f��մϴ�. �� ڰ� www.example.com ��ǻ�Ϳ� �� ڿ�� ִ�� Ȯ�� ʾ�8��, 3�Ⱓ �濵�ؿ� ȸ�� /�� ? �Ҽ�� ٴ� ��; ǥ��ϴ� �� ֽ4ϴ�.

��Ÿ �� û

��Ÿ �� û�Ϸx� ��=�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Request Certificate ��ũ�� ϴ�.

�ű� �� Ǵ� �� d�մϴ�. �� κ� 6��̳� 1�� , ��d �ð�� ϸ� ��ȿȭ�˴ϴ�. CA�� ڵ�8�� ; �۽��ϴ� ��쵵 �ֽ4ϴ�.

�� û; f�� ; ��d�մϴ�.

�� Ϸ� ��û; f��Ϸx� CA Email Address�� ϰ� �� û�� ش��ϴ� �� ּҸ� �Է��մϴ�.

CA�� % ��Ʈ�� û; f��Ϸx� CA URL; ��ϰ� �� û�� ش��ϴ� URL; �Է��մϴ�.

Cryptographic Module ��Ӵٿ� ��Ͽ��, �� û�� Ű �� Ͽ� �� ȣȭ ��; ��մϴ�.

Ű �� Ͽ� �� ȣ�� Է��մϴ�. �� ƴ� �ٸ� ��ȣȭ ��; �� : ��, �� ȣ�� ŷ� ��͸� �� d�� ȣ�Դϴ�. �� ȣ�� Ͽ� �� Ű�� ϰ� CA�� ۵Ǵ� �޽�� ȣȭ�մϴ�. �׷� ��, �� Ű�� ȣȭ�� ޽�� CA�� մϴ�. CA�� Ű�� Ͽ� �޽�� ص��մϴ�.

�̸��̳� ��ȭ��ȣ ��: �ź� d�� Է��մϴ�. �� d�� : CA�� ٸ��ϴ�. �� d�� κ�: �� 쿡�� ʿ�� ʽ4ϴ�.

�Է�� dȮ�� ٽ� �� Ȯ��ϰ� OK�� ϴ�. d�� dȮ�Ҽ�� ε� �� ֽ4ϴ�. ��û�� ; '�� 쿡�� û; f��ϱ� �� d�� Ȯ��϶�� w��Ʈ�� ǥ�õ˴ϴ�.

�� d�� ϴ� �� û; ��մϴ�. ��û�� Ű�� Ͽ� �� Ե˴ϴ�. CA�� ; ��Ͽ� ��û�� ǻ�Ϳ�� CA�� õǴ� �� v�۵�� ʾҴ�� ˻��մϴ�. �幰�� û�� v�۵� ��쿡�� CA�� ȭ�� Ͽ� ��ڿ�� մϴ�.

��û; �� Ϸ� �� û�� Ե� �� ޽�� ۼ�� CA�� մϴ�. �� Ϸ� ��޵˴ϴ�. �� URL; ��d�ϴ� ��쿡�� URL; ��Ͽ� ��û; �� f��մϴ�. CA�� Ǵ� �ٸ� ��; �� 4�; ��; �� ֽ4ϴ�.

CA�� ࿡ ��ϴ� �� ش� ��; ��մϴ�. ��κ�� CA�� Ϸ� �� մϴ�. ȸ�翡�� ϴ� �� ; ��Ͽ� �� ˻�� ֽ4ϴ�.

�� 8�� ġ�մϴ�. �� ȿ�� SSL �� Proxy Server�� ֽ4ϴ�.

��Ÿ �� ġ

CA�� ϸ� �� Ű�� ȣȭ�ǹǷ� �� ͻ縸 �̸� �ص�� ֽ4ϴ�. �� dȮ�� ŷ� ��ͺ��̽�� ȣ�� Է��ؾ߸� �� ص��ϰ� ��ġ�� ֽ4ϴ�.

�� ü��̶� �� Ϸ�� մϴ�. CA �� (CA); Ȯ��ϰ� �ش� �� ϴ� �� ˴ϴ�. �� CA �� ٽ� ��' CA�� CA �� Ͽ� ��Ǵ� ��d; ��Ǯ��Ͽ� ��Ʈ CA�� ̾��ϴ�.

CA�� ϸ� �� Ű�� ȣȭ�ǹǷ� �� ͻ縸 �̸� �ص�� ֽ4ϴ�. �� ġ�� Proxy Server�� ڰ� ��d�� Ű �� ȣ�� Ͽ� �̸� �ص��մϴ�. �� ; �� ׼�� ִ� �ٸ� 'ġ�� ϰų� �� ؽ�Ʈ�� Install Certificate �� ش� 'ġ�� ٿ� ��; �� ֵ�� մϴ�.

�ٸ� �� ġ�Ϸx� ��=�� մϴ�.


��	�� CA�� û�ϴ� �� Ǵ� ��: �ƴմϴ�. ��: CA�� ϱ� �� ź� ��; �䱸�մϴ�. �� ο�� Ϸ翡�� ֱ�� ɸ� �� ֽ4ϴ�. ��ڴ� CA�� ʿ�� d�� ż�� f�� å�� ֽ4ϴ�.


��	CA�� ڵ�8�� ڽŵ�� : ��쿡�� û�ؾ� �մϴ�. ��: CA�� ͻ�� ִ� �� Ͽ� ��ü�� ϸ�, �� ÿ� ��ġ�մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Install Certificate ��ũ�� ϴ�.

Certificate For �� ġ�� /��; ��մϴ�.

This Server

Server Certificate Chain

Certification Authority

Ưd ��d�� ڼ�� : �¶�� ; ��v�Ͻʽÿ�.

��Ӵٿ� ��Ͽ�� ȣȭ ��; ��մϴ�.

Ű �� ȣ�� Է��մϴ�.

3�ܰ迡�� Server Certificate Chain�̳� Certification Authority�� 쿡�� ̸�; �Է��մϴ�.

��= �� ϳ�� Ͽ� �� d�� Է��մϴ�.

Message Is In This; �� CA �� ϴ� �� ü �� ̸�; �Է��մϴ�.

Message Text(with headers)�� = CA �� ; ��Ͽ� �ٿ� �ֽ4ϴ�. �� ~�� ; ��Ͽ� Begin Certificate �� End Certificate �� ϵ�� մϴ�.

OK�� ϴ�.

��= �� մϴ�.

Add Certificate. �ű� �� ġ�ϴ� ��

Replace Certificate. �� ; ��ġ�ϴ� ��

�� ̱׷��̼�

Sun ONE Web Proxy Server 3.6(iPlanet Web Proxy Server��? ��)�� Sun Java System Web Proxy Server 4�� ̱׷��̼�� , �ŷ� �� ͺ��̽�� ڵ� ��Ʈ�˴ϴ�.

Proxy Server 4 Administration Server�� x 3.x ��ͺ��̽� ��Ͽ� �� б� �� ־�� մϴ�. �� ̸�: alias-cert.db �� alias-key.db�̸�, 3.x_server_root/alias ��丮�� ֽ4ϴ�.

Ű �� ; ��ϴ� ��쿡�� ̱׷��̼ǵ˴ϴ�. �� Administration Server �� Server Manager�� Security �ǿ� �ִ� Migrate 3.x Certificates �ɼ�; ��Ͽ� ��ü��8�� Ű�� ̱׷��̼�� ֽ4ϴ�. Ưd ��d�� ڼ�� : �¶�� ; ��v�Ͻʽÿ�.

�� Ű �� : �� ν��Ͻ�� ִ� ��Ī�� Ͽ� ��v�Ǿ�4ϴ�. Administration Server�� Ī�� ش� �� ߽4ϴ�. Sun Java System Web Proxy Server 4�� Administration Server�� ν��Ͻ�� ü�� Ű �� 8��, �̴� ��Ī�� ƴ� �ŷ� �� մϴ�.

�ŷ� ��ͺ��̽� �� ش� �� Administration Server ��ü��, �׸�� ν��Ͻ�� Server Manager�� մϴ�. ��f �� Ű �� ͺ��̽� ��: �̸� ��ϴ� �� ν��Ͻ�� ̸�; �� ̸�� d�˴ϴ�. �� ν��Ͻ�� Ī; ��/�� , ��̱׷��̼ǵ� �� Ű �� ̸�: ��ο� �� ν��Ͻ��8�� ˴ϴ�.

�� ν��Ͻ�� ŷ� ��ͺ��̽� ��ü�� ̱׷��̼ǵ˴ϴ�. �� ͺ��̽�� CA�� Proxy Server 4 ��ͺ��̽�� ̱׷��̼ǵ˴ϴ�. CA�� ߺ��Ǵ� �� /ȿ �Ⱓ �� CA�� մϴ�. �ߺ��Ǵ� CA�� f�ϸ� �� ˴ϴ�.

Proxy Server 3.x �� Ǵ� NSS(Network Security Services) ��8�� ̱׷��̼ǵ˴ϴ�. �� ̸�: �׼�� Proxy Server �� d�˴ϴ�. ��, Administration Server�� Security �ǿ�� ׼��Ǿ��, Server Manager�� Security �ǿ�� ׼��Ǿ�� ޶��ϴ�.

�� ̱׷��̼��Ϸx� ��=�� մϴ�.

�� Ʈ ��

��8�� ε�� ִ� ��Ʈ �� Proxy Server�� ԵǾ� ��8��, ��⿡�� VeriSign; ��Ͽ� ��: CA�� Ʈ �� ֽ4ϴ�. ��Ʈ �� ; ��ϸ� �� ξ� �� Ʈ �� ű� ��8�� ׷��̵�� ֽ4ϴ�. �� 7�� Ʈ �� ϳ�� f�ϰ� �� ϳ�� ġ�ؾ� �߽4ϴ�. ��f �� ˷�� CA �� ġ�ϴ� ��, �� Proxy Server�� ű� ��̳� Service Pack�� ǥ�� ; �ű� ��8�� Ʈ�ϸ� �˴ϴ�.

��Ʈ �� PKCS #11 ��ȣȭ �� ǹǷ� ��⿡ ��Ե� ��Ʈ �� f�� 8��, �ش� �� ϴ� �� f �ɼ�: �� ˴ϴ�. �� ν��Ͻ�� Ʈ �� f��Ϸx� �� Ī ��Ͽ�� =; ��f�Ͽ� ��Ʈ �� ; �� ʵ�� d�ؾ� �մϴ�.

�� Ʈ �� ; ��Ϸx� server_root/bin/proxy/lib(UNIX) �Ǵ� server_root\bin\proxy\bin(Windows)�� Ȯ��ڸ� ��Ī ��' ��丮�� մϴ�.

��Ʈ �� ŷ� d�� d�� ֽ4ϴ�. �ŷ� d�� Ʈ �� ü�� ƴ϶� ��ϴ� �� ν��Ͻ�� ͺ��̽�� ϵǾ� �ֽ4ϴ�.

��

�� ġ�� پ�� ŷ� ��d; Ȯ��, ��f �Ǵ� �� ֽ4ϴ�. ��⿡�� ͻ� ��ü�� CA�� Ե˴ϴ�.

�� Ϸx� ��=�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Manage Certificates ��ũ�� ϴ�.

�� ȣȭ ��; ��ϴ� �⺻ �� ϴ� ��쿡�� ġ�� ش� /�� /ȿ �Ⱓ�� Բ� ǥ�õ˴ϴ�. �� server_root/alias ��丮�� ˴ϴ�.

�ϵ�� ӱ� �� ܺ� ��ȣȭ ��; ��ϴ� ��쿡�� 켱 �ش� �� ȣ�� Է��ϰ� OK�� մϴ�. �� ش� ��⿡ �ִ� �� Ͽ� ��Ʈ�˴ϴ�.

�� ̸�; ��ϴ�. �ش� �� /�� ɼ�; ǥ��ϴ� �� Ÿ��ϴ�. �� CA �� 쿡�� Ŭ��̾�Ʈ �ŷڸ� ��d �Ǵ� ��f�� ֽ4ϴ�. �ܺ� ��ȣȭ ��⿡ �� f�� 쵵 �ֽ4ϴ�.

�ʿ�� ۾�; ��d�մϴ�. �� ִ� �ɼ�: ��=�� 4ϴ�.

Delete Certificate �Ǵ� Quit(�� )

Set client trust, Unset server trust �Ǵ� Quit(CA ��)

�� d�� /�ڿ� ��ڰ� ǥ�õ˴ϴ�. �ŷ� ��d; �̿��Ͽ� Ŭ��̾�Ʈ �ŷڸ� ��d�ϰų� �� ŷڸ� ��f�� ֽ4ϴ�. LDAP �� ݵ�� ŷڵǾ�� մϴ�.

CRL �� KRL ��ġ ��

�� öȸ ��(CRL)�� v�� Ű ��(CKL): Ŭ��̾�Ʈ�� ڰ� �� ̻� �ŷ��ϸ� �� Ǵ� �� ǥ��մϴ�. �� /ȿ �Ⱓ�� ڰ� �繫��; ��ϰų� ��ϴ� �� Ͱ� ��Ǹ� �� ҵǸ� CRL�� ش� ��Ͱ� ǥ�õ˴ϴ�. Ű�� v�� Ǵ� ��Ǵ� �� ش� Ű�� Ͱ� CKL�� ǥ�õ˴ϴ�. CRL�� CKL: �� CA�� Ͽ� �� ֱ��8�� Ʈ�˴ϴ�. �� : �ش��ϴ� Ưd CA�� Ͻʽÿ�.

CRL �Ǵ� CKL ��ġ

CRL �Ǵ� CKL; ��ġ�Ϸx� ��=�� մϴ�.

CA�κ�� CRL�̳� CKL; �޾� �� 丮�� ٿ�ε��մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Install CRL/CKL ��ũ�� ϴ�.

��= �� մϴ�.

Certificate Revocation List

Compromised Key List

�ش� �� ü �� ̸�; �Է��ϰ� OK�� ϴ�. CRL �Ǵ� CKL d�� Ÿ�� Add Certificate Revocation List�� Add Compromised Key List �� ǥ�õ˴ϴ�. ��ͺ��̽�� ̹� CRL �Ǵ� CKL�� ִ� ��쿡�� Replace Certificate Revocation List �Ǵ� Replace Compromised Key List �� ǥ�õ˴ϴ�.

CRL�̳� CKL; �߰� �Ǵ� ��ü�մϴ�.

CRL �� CKL ��

CRL �� CKL; ��Ϸx� ��=�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Manage CRL/CKL ��ũ�� ϴ�. ��ġ�� CRL�� CKL �� /ȿ �Ⱓ�� ; ǥ��ϴ� Manage Certificate Revocation List/Compromised Key List �� Ÿ��ϴ�.

Server CRLs �Ǵ� Server CKLs ��Ͽ�� մϴ�.

CRL �Ǵ� CKL; ��f�Ϸx� Delete CRL �Ǵ� Delete CKL;, �� ư��x� Quit�� մϴ�.

�� ⺻ ��d

�� 8�� ۾�; �� ֽ4ϴ�. Sun Java System Web Proxy Server�� ϴ� �� Ҹ� f��մϴ�.

��ȣȭ�� d�� ȯ�Ͽ� �ǵ�� ܿ� �ƹ�� ˾ƺ� �� ϴ� �wμ��Դϴ�. ��ȣȭ�� ȣȭ�� d�� ȯ�Ͽ� �ٽ� �˾ƺ� �� ֵ�� ϴ� �wμ��Դϴ�. Proxy Server�� SSL(Secure Sockets Layer)�� TLS(Transport Layer Security) ��ȣȭ �w��; ��մϴ�.

��ȣ�� ȣȭ �˰?��(�� Լ�)8�� ȣȭ �Ǵ� ��ȣȭ�� ˴ϴ�. SSL �� TLS �w��ݿ�� پ�� ȣ fǰ�� Ե˴ϴ�. �� ȣ�� ٸ��ϴ�. �Ϲ��8�� ȣ�� ϴ� ��Ʈ�� ;�� ͸� �ص��ϴ� �� ƽ4ϴ�.

�� ȣȭ �wμ�� ʿ�� ݵ�� ȣ�� ־�� մϴ�. �پ�� ȣ�� 8�Ƿ� �� 8�� Ǵ� ��ȣ��8�� d�ؾ� �մϴ�.

�� ῡ�� Ŭ��̾�Ʈ�� ſ� �� ִ� �� ȣȭ�� ϵ�� մϴ�. ��ȣ�� SSL 2.0, SSL 3.0 �� TLS �w�� ֽ4ϴ�.

��ȣȭ �wμ�� ü�δ� �� d�� ϴ� �� ʽ4ϴ�. ��f�� ȣȭ �� ų� �� ȣȭ�� d�� ص��Ϸx� ��ȣȭ ��ȣ�� Բ� Ű�� Ǿ�� մϴ�. �̸� '�� ȣȭ �wμ�� Ű�� Ű ��, �� Ű�� մϴ�. �� Ű�� ȣȭ�� d�� Ű�θ� �ص�� ֽ4ϴ�. �� Ű�� Ϻη� �Խõ˴ϴ�. �� Ű�� ȣ�� ֽ4ϴ�.

�� ִ� ��ȣ�� d�Ϸx� Proxy Server �� ̽�� Ͽ�� ش� ��ȣ�� մϴ�. �� ȣȭ�� ȣ�� ϵ�� d�ϰ�� 8��, Ưd ��ȣ�� ƾ� �ϴ� d�� /�� ȣ�� մϴ�.

SSL �� TLS �w��

Proxy Server�� ȣȭ�� ſ�8�� SSL �� TLS �w��; ��մϴ�. SSL�� TLS�� ?� �wα׷� ~�� : �� w��ݷ�, SSL �� TLS�� ϰ� ��̾�� ֽ4ϴ�.

SSL�� TLS �w��: �� Ŭ��̾�Ʈ�� θ� ��ϰ�, �� ϸ� �� Ű�� d�ϴ� �� ۾� ��Ǵ� �پ�� ȣ�� մϴ�. Ŭ��̾�Ʈ�� ϴ� �w��, ��ȣȭ d�� ȸ�� då, ��ȣȭ�� Ʈ�� ⿡ �� d�� f ��, �پ�� ο� �� ϴ� ��ȣ fǰ�� ޶��ϴ�. �� SSL�� TLS �ڵ��ũ �w��ݿ� �� Ŭ��̾�Ʈ�� ſ� �� ȣ fǰ��; ��ϴ� �� d�˴ϴ�.

SSL; ��Ͽ� LDAP��

Administration Server�� SSL; ��Ͽ� LDAP�� ϵ�� ؾ� �մϴ�.

Administration Server�� SSL; ��ϵ�� d�Ϸx� ��=�� մϴ�.


��	SSL 2.0; ��ϸ� ��Ȱ� �� ˴ϴ�. SSL 3.0; �� ִ� Ŭ��̾�Ʈ�� SSL 2.0; �� ʽÿ�. SSL 2.0 ��ȣ�� Ŭ��̾�Ʈ �� f�� ۵��Ѵٰ� �� 4ϴ�.


��	Enable No Encryption, Only MD5 Authentication; �� ʽÿ�. Ŭ��̾�Ʈ �� ٸ� ��ȣ�� d; �⺻��8�� ǵ�� ȣȭ�� ʽ4ϴ�.

Administration Server�� ׼��ϰ� Global Settings ��; ��ϴ�.

Configure Directory Service ��ũ�� ϴ�.

��Ÿ�� ǥ�� ش� ��丮 ��񽺿� �� ũ�� ϴ�. Configure Directory Service �� ǥ�õ˴ϴ�. LDAP �� 丮 ��񽺸� �� ʾ�8�� Create New Service of Type ��Ӵٿ� ��Ͽ�� LDAP Server�� ϰ� New�� 丮 ��񽺸� ��մϴ�. LDAP �� 丮 ��񽺿� �� ǥ�õǴ� Ưd �ʵ忡 �� ڼ�� : �¶�� ; ��v�Ͻʽÿ�.

��ῡ SSL; ��ϵ�� Yes�� = Save Changes�� ϴ�.

Proxy Server�� SSL �ͳθ�

Proxy Server(�wϽ�)�� 8�� ̰� Ŭ��̾�Ʈ�� wϽø� �� SSL ��; ��û�ϸ�, �wϽô� �� = �� Ʈ��; �� ʰ� �ܼ�� ͸� ��8�� մϴ�. �� wμ�� SSL �ͳθ��̶�� ϸ� ��= �׸�� մϴ�.

HTTPS URL�� ͳθ�� SSL; ��Ϸx� Ŭ��̾�Ʈ�� SSL�� HTTPS�� ؾ� �մϴ�. HTTPS�� Ϲ� HTTP�� SSL�� ˴ϴ�. HTTPS�� Ŭ��̾�Ʈ�� Proxy Server�� HTTPS �wϽ� ��; �� HTTPS �� ׼�� ֽ4ϴ�.

SSL �ͳθ�: �?� �wα׷� ��(HTTPS)�� ; ��ġ�� ʴ� �� : �� ۵��Դϴ�. SSL �ͳθ�: �wϽð� �� SSL�� Ȱ�� մϴ�. �wϽð� �־ �� ջ�ǰų� SSL �� پ�� ʽ4ϴ�.

SSL�� 8�� Ʈ�� ȣȭ�ǹǷ� �wϽð� ��f Ʈ��ǿ� �׼�� 4ϴ�. �̿� �� ׼�� αװ� �� κ�� ڵ峪 �� ̸� �� ˴ϴ�. �� ̸� �� wϽó� ��Ÿ f3�ڰ� Ʈ��; �� ; �� ֽ4ϴ�.

�wϽð� ��͸� �� 8�Ƿ� Ŭ��̾�Ʈ�� ۵��ϴ� �w�� SSL�� Ȯ�� 4ϴ�. �� wϽõ� �ٸ� �w�� Ǵ� ��; �� 4ϴ�. IANA(Internet Assigned Numbers Authority)�� Ҵ�� HTTPS�� Ʈ 443�̳� SNEWS�� Ʈ 563�� ˷�� SSL ��Ʈ�� SSL ��; ��d�ؾ� �մϴ�. �ٸ� ��Ʈ�� ϴ� ��Ʈ�� ; �� 8�� ܸ� ��d�Ͽ� �ش� ȣ��Ʈ�� ٸ� ��Ʈ�� ; �� ֽ4ϴ�. connect://.* ��ҽ�� Ͽ� ��d�� ֽ4ϴ�.

SSL �ͳθ� ��: ��ǻ� �Ϲ�� SOCKS�� /�� w�� ̹Ƿ� �ٸ� ��񽺿� �� ֽ4ϴ�. Proxy Server�� HTTPS�� SNEWS �w��ݻ� �ƴ϶� SSL; ��ϴ� �� ?� �wα׷�� SSL �ͳθ�; ó�� ֽ4ϴ�.

SSL �ͳθ� ��

��= �� Proxy Server�� SSL; �ͳθ��ϵ�� ϴ� ��; ��մϴ�.

SSL �ͳθ�; ��Ϸx� ��=�� մϴ�.

�� ν��Ͻ�� Server Manager�� ׼��ϰ� Routing ��; ��ϴ�.

Enable/Disable Proxying ��ũ�� ϴ�.

��Ӵٿ� ��Ͽ�� connect://.*.443 ��ҽ�� մϴ�. connect:// �޼ҵ�� wϽ�� ǥ�� ̸� �wϽ� �ܺο� x�� ʽ4ϴ�. connect�� ڼ�� : SSL �ͳθ� �� ; ��v�Ͻʽÿ�. �ٸ� ��Ʈ�� ; ��ϱ� '�� ø�� /�� URL ��; �� ֽ4ϴ�. ��ø�� ڼ�� : ��ø� �� ҽ� ��.�� v�Ͻʽÿ�.

Enable Proxying Of This Resource�� ϰ� OK�� ϴ�.



��	�wϽð� �߸� ��Ǹ� telnet ȣ�ο� SSL �wϽø� �ǿ�� ֽ4ϴ�. �� ش� �wϽø� ��Ͽ� telnet �� f ��ϴ� ȣ��Ʈ�� ƴ� �wϽ� ȣ��Ʈ�� ó�� Ÿ�� ֽ4ϴ�. �� ʿ�� : ��Ʈ�� ؼ�� ȵǸ� �wϽÿ�� Ŭ��̾�Ʈ ȣ��Ʈ�� f��ϴ� �׼�� f� ��ؾ� �մϴ�.

SSL �ͳθ� ��

��8�� SSL �ͳθ�: �� ȣ��Ʈ �̸�� Ʈ ��ȣ�� ִ� CONNECT �޼ҵ�� ̿� �� ; �Ű� �� մϴ�.

HTTP/1.0 200 Connection established
Proxy-agent: Sun-Java-System-Web-Proxy-Server/4.0

�׷�� Ŭ��̾�Ʈ�� d�ǰ� �� ; ~�� ͸� ��8�� ֽ4ϴ�.

��8�� URL ��Ͽ� �� Ϲ�� Ŀ��; Ȱ��Ϸx� ��=�� ȣ��Ʈ �̸� �� Ʈ ��ȣ(energy.example.com:443)�� URL�� ڵ� ��ؾ� �մϴ�.

connect://�� Proxy Server�� ; ��ϰ� �ϰ� �ٸ� URL ��ϰ� ��ġ�ϵ�� ϱ� '�� ϴ� �� ̼ǿ� �Ұ��մϴ�. Proxy Server �ܺο�� connect URL�� 8�Ƿ� Proxy Server�� Ʈ��ũ�� ̷� URL; ��ϸ� �̸� �߸�Ǿ�ٰ� �Ǵ��ϰ� �� û�� 񽺸� ��մϴ�.

û�� Ͽ� �� d

��

û�� Ͽ�8�� ٸ� �� d; ��ϱ� �� ݵ�� ; ��ϵ�� d�ؾ� �մϴ�. ��: �� û�� ; ��ų� ��x û�� ; �� d�� ֽ4ϴ�.

û�� ; �� ; ��Ϸx� ��=�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Add Listen Socket ��ũ�� ϴ�.

�ʿ�� d�� Է��մϴ�. ��; ��Ϸx� Security ��Ӵٿ� ��Ͽ�� Enabled�� ϰ� OK�� ϴ�. �� ġ�Ǿ� �� 8�� Disabled�� ֽ4ϴ�. Ưd ��d�� ڼ�� : �¶�� ; ��v�Ͻʽÿ�.



��	û�� ; �� Edit Listen Sockets ��ũ�� Ͽ� �� d; ��մϴ�.

û�� ; �� ; ��Ϸx� ��=�� մϴ�.

û�� Ͽ� ��

Administration Server�� Server Manager�� û�� ; ��Ͽ� ��û �� ġ�� ֽ4ϴ�.

û�� Ͽ� �� Ϸx� ��=�� մϴ�.


��	�ּ�� ϳ�� ġ�ؾ� �մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

��Ϸt� �� d�� ҽ�� ش��ϴ� ��ũ�� ϴ�.

��; ��Ϸx� Security ��Ӵٿ� ��Ͽ�� Enabled�� ϰ� OK�� ϴ�. �� ġ�Ǿ� �� 8�� Disabled�� ֽ4ϴ�.

Enabled�� ϰ� OK�� , û�� Ͽ� �� Server Certificate Name ��Ӵٿ� ��Ͽ�� OK�� ϴ�.

��ȣ ��

Proxy Servers�� ; /��Ϸx� SSL; ��ϵ�� d�ؾ� �մϴ�. SSL 2.0, SSL 3.0 �� TLS ��ȣȭ �w��; �� 8�� پ�� ȣ fǰ��; �� ֽ4ϴ�. SSL �� TLS�� Administration Server�� û�� Ͽ�� ϵ�� d�� ֽ4ϴ�. Server Manager�� û�� Ͽ�� SSL �� TLS�� ϵ�� d�ϸ� Ưd �� ν��Ͻ�� ⺻ ��d�� ˴ϴ�. �ּ�� ϳ�� ġ�ؾ� �մϴ�.


��	û�� Ͽ�� SSL; ��ϵ�� d�ϴ� ��: �� wϽ� �ó��?�� ˴ϴ�. �� Proxy Server�� wϽø� ��ϵ�� Ǿ�; �� մϴ�.

�⺻ ��d�� Ǵ� ��ȣ�� մϴ�. Ưd ��ȣ�� ϸ� �� Ǵ� �� /�� ʴ� ��, �� ؾ� �մϴ�. Ưd ��ȣ�� ڼ�� : SSL ���� v�Ͻʽÿ�.

TLS Rollback�� ⺻ �� d: Enabled�Դϴ�. �̷�� ϸ� �� ߰��(man-in-the-middle) �� ѹ� �� õ�� ֽ4ϴ�. TLS ǥ��; �߸� �� Ϻ� Ŭ��̾�Ʈ�� ȣ ��뼺; '�Ͽ� �� d; Disabled�� ؾ� �ϴ� ��쵵 �ֽ4ϴ�.

TLS �ѹ�; �� 8�� ѹ� ��ݿ� �� ·� ��´ٴ� a; /��Ͻʽÿ�. �� ѹ� ��: f3�ڰ� Ŭ��̾�Ʈ�� Ͽ�� SSL 2.0 �� w��; ��ϵ�� ϴ� ��Դϴ�. SSL 2.0�� ˷�� 8�Ƿ� �� ѹ� ��; �� ϴ� �� f 3�ڰ� ��ȣȭ�� ; ��ä�� ص�� ֽ4ϴ�.

SSL �� TLS�� ϵ�� d�Ϸx� ��=�� Ͻʽÿ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Edit Listen Sockets ��ũ�� = �� û�� Ͽ� �� ũ�� ϴ�. �� û�� Ͽ�� ȣ ��d�� ǥ�õ˴ϴ�.



��	û�� Ͽ�� ; �� ʴ� �� SSL �� TLS d�� 4ϴ�. ��ȣ�� Ϸx� �� û�� Ͽ�� ǵ�� d�ؾ� �մϴ�. �ڼ�� : û�� Ͽ� �� d; ��v�Ͻʽÿ�.

�ʿ�� ȣȭ ��d�� ش��ϴ� Ȯ�ζ�; ��ϰ� OK�� ϴ�.



��	Netscape Navigator 6.0�� TLS �� SSL 3.0; �� մϴ�. TLS Rollback�� TLS�� ϰ� SSL 3.0�� SSL 2.0; �� ʵ�� d�մϴ�.

�� SSL; �� d�ϸ� URL: http�� ƴ� https�� մϴ�. SSL; ��ϴ� �� Ű�� URL�� : ��=�� 4ϴ�.

�⺻ �� HTTP ��Ʈ(443)�� ϴ� �� URL�� Ʈ ��ȣ�� Է�� ʾƵ� �˴ϴ�.

��

SSL; ��ϴ� �� ġ�ϸ� magnus.conf ��(�� ⺻ �� )�� Ű� �� ù� �׸�� ϴ�.

SSL �� ù�� ; ��d�Ϸx� ��=�� մϴ�.

SSL �� ù�� : ��=�� 4ϴ�. magnus.conf�� ڼ�� : Proxy Server Configuration File Reference�� v�Ͻʽÿ�.

SSLSessionTimeout

��

seconds�� ĳ�õ� SSL �� /ȿ �ð�; �� '�� Ÿ�4ϴ�. �⺻��: 100�Դϴ�. SSLSessionTimeout ��ù�� d�Ǹ� �� ' ��: �ڵ�8�� 5�� 100�� ̷� f�ѵ˴ϴ�.

SSLCacheEntries

SSL3SessionTimeout

SSL3SessionTimeout ��ù�: SSL 3.0 �� TLS �� ĳ�ø� f��մϴ�.

��

seconds�� ĳ�õ� SSL 3.0 �� /ȿ �ð�; �� '�� Ÿ�4ϴ�. �⺻��: 86400(24�ð�)�Դϴ�. SSL3SessionTimeout ��ù�� d�Ǹ� �� ' ��: �ڵ�8�� 5�� 86400�� ̷� f�ѵ˴ϴ�.

�ܺ� ��ȣȭ ��

Proxy Server�� =�� Ʈ ī�峪 ��ū �� ܺ� ��ȣȭ ��; ��ϴ� ��; ��մϴ�.

FIPS 140 ��ȣȭ ǥ��; ��ϱ� �� PKCS #11 ��; �߰��ؾ� �մϴ�.

PKCS #11 �� ġ

Proxy Server�� PKCS(Public Key Cryptography Standard) #11; ��մϴ�. �̴� SSL��, PKCS #11 �� ſ�8�� Ǵ� ��̽�� d��մϴ�. PKCS #11 ��: SSL �ϵ�� ӱ⿡ �� ǥ�� 8�� ˴ϴ�. �ܺ� �ϵ�� ӱ��8�� n�� Ű�� secmod.db�� Ǹ�, �� : PKCS#11�� ġ�� ˴ϴ�. �� : server_root/alias ��丮�� ֽ4ϴ�.

modutil; ��Ͽ� PKCS #11 �� ġs

modutil �� Ͽ� PKCS#11 ��; .jar �� Ǵ� ��ü �� 8�� ġ�� ֽ4ϴ�.

modutil; ��Ͽ� PKCS #11 ��; ��ġ�Ϸx� ��=�� մϴ�.

Administration Server�� մϴ�.

��ͺ��̽�� ִ� server_root/alias ��丮�� ̵��մϴ�.

server_root/bin/proxy/admin/bin; PATH�� ߰��մϴ�.

server_root/bin/proxy/admin/bin�� modutil; ã�4ϴ�.

ȯ��; ��d�մϴ�. ��:

UNIX: setenv

LD_LIBRARY_PATH server_root/bin/proxy/lib:${LD_LIBRARY_PATH}

Windows�� ̸� PATH�� ߰��մϴ�.

LD_LIBRARY_PATH server_root/bin/proxy/bin

��=�� ǻ�Ϳ� �� PATH�� ã; �� ֽ4ϴ�. server_root/proxy-admserv/start.

��= ��; �Է��մϴ�. modutil �ɼ�� ˴ϴ�.

�ʿ�� vġ�� մϴ�.

�� UNIX�� PKCS #11 ��; �߰��Ϸx� ��=; �Է��մϴ�.

modutil -add (name of PKCS#11 file) -libfile (your libfile for PKCS #11) -nocertdb -dbdir (��ϴ� db ��丮

pk12util ��

pk12util; ��ϸ� �� ͺ��̽�� Ű�� ̸� �� Ǵ� �ܺ� PKCS #11 �� n�� ֽ4ϴ�. ��f�� Ű�� ͺ��̽�� 8��, �ܺ� ��ū�� κ� �� Ű�� 4ϴ�. �⺻��8�� pk12util: cert8.db�� key3.db�� ̸�� Ű ��ͺ��̽�� մϴ�.

pk12util; ��Ͽ� ��

�� ͺ��̽�� Ű�� x� ��=�� մϴ�.

��ͺ��̽�� ִ� server_root/alias ��丮�� ̵��մϴ�.

server_root/bin/proxy/admin/bin; PATH�� ߰��մϴ�.

server_root/bin/proxy/admin/bin�� pk12util; ã�4ϴ�.

ȯ��; ��d�մϴ�. ��:

UNIX: setenv

LD_LIBRARY_PATH/server_root/bin/proxy/lib:${LD_LIBRARY_PATH}

Windows�� ̸� PATH�� ߰��մϴ�.

LD_LIBRARY_PATH server_root/bin/proxy/bin

��=�� ǻ�Ϳ� �� PATH�� ã; �� ֽ4ϴ�. server_root/proxy-admserv/start

��= ��; �Է��մϴ�. pk12util �ɼ�� ˴ϴ�.

�ʿ�� vġ�� մϴ�.

�� UNIX�� =; �Է��մϴ�.

pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host]

��ͺ��̽� ��ȣ�� Է��մϴ�.

pkcs12 �� ȣ�� Է��մϴ�.

pk12util; ��Ͽ� ��n�1�

�� Ǵ� �ܺ� PKCS #11 �� Ű�� n�7x� ��=�� մϴ�.

��ͺ��̽�� ִ� server_root/alias ��丮�� ̵��մϴ�.

server_root/bin/proxy/admin/bin; PATH�� ߰��մϴ�.

server_root/bin/proxy/admin/bin�� pk12util; ã�4ϴ�.

ȯ��; ��d�մϴ�. ��:

UNIX: setenv

LD_LIBRARY_PATH/server_root/bin/proxy/lib:${LD_LIBRARY_PATH}

Windows�� ̸� PATH�� ߰��մϴ�.

LD_LIBRARY_PATH server_root/bin/proxy/bin

��=�� ǻ�Ϳ� �� PATH�� ã; �� ֽ4ϴ�. server_root/proxy-admserv/start.

��= ��; �Է��մϴ�. pk12util �ɼ�� ˴ϴ�.

�ʿ�� vġ�� մϴ�.

�� UNIX�� =; �Է��մϴ�.

pk12util -i pk12_sunspot [-d certdir][-h "nCipher"][-P https-jones.redplanet.com-jones-]

-P�� ݵ�� -h �ڿ� �ְ� �� μ�� մϴ�.

�빮�ڿ� �ο� ��ȣ �� ; ��Ͽ� ��ū �̸�; dȮ�� Է��մϴ�.

��ͺ��̽� ��ȣ�� Է��մϴ�.

pkcs12 �� ȣ�� Է��մϴ�.

�ܺ� �� Ͽ� ��

�� ܺ� PKCS #11��(�ϵ�� ӱ� ��)�� ġ�� , server.xml ��; ��ϰų� �Ʒ�� Ͱ� �� ̸�; ��d�� 8�� Ͽ� �� 4ϴ�.

�� ׻� �̸�� Server-Cert�� Ͽ� ��Ϸp� �մϴ�. �׷�� ܺ� PKCS #11 �� ū �̸� �� ϳ�� ش� �ĺ��ڿ� ��մϴ�. �� ܺ� ��Ʈī�� ǵ��⿡ ��ġ�� smartcard0�� , �̸�: smartcard0:Server-Cert�� ˴ϴ�.

�ܺ� ��⿡ ��ġ�� Ͽ� �� Ϸx� �� Ǵ� û�� Ͽ� �� ̸�; ��d�ؾ� �մϴ�.

û�� Ͽ� �� ̸� ��

û�� Ͽ� �� ̸�; ��Ϸx� ��=�� մϴ�.

û�� Ͽ�� ʴ� ��쿡�� d�� ǥ�õ�� ʽ4ϴ�. û�� Ͽ� �� ̸�; ��Ϸx� �ݵ�� 켱 û�� Ͽ�� ; ��ϵ�� d�ؾ� �մϴ�. �ڼ�� : û�� Ͽ� �� d; ��v�Ͻʽÿ�.

�� server.xml ��; ��b ��Ͽ� �� ش� �� Ͽ� ��ϵ�� ֽ4ϴ�. SSLPARAMS�� servercertnickname; ��=8�� մϴ�.

$TOKENNAME��8�� ; ã8�x� �� Security ��8�� ̵��Ͽ� Manage Certificate ��ũ�� մϴ�. Server-Cert�� ܺ� �� α��ϸ� �ش� �� $TOKENNAME:$NICKNAME �� Ͽ� ǥ�õ˴ϴ�.



��	�ŷ� ��ͺ��̽�� : ��쿡�� ܺ� PKCS #11 ��⿡�� û�ϰų� ��ġ�ϸ� �ڵ�8�� ϴ�. �� ⺻ ��ͺ��̽�� ȣ�� 8�� ׼�� 4ϴ�. �ܺ� ��: �۵�� û�ϰų� ��ġ�� 4ϴ�. �⺻ ��ͺ��̽�� ȣ �� Create Database �� Security �ǿ�� ȣ�� d�մϴ�.

FIPS 140 ǥ��

PKCS #11 API�� ϸ� ��ȣȭ �۾�; ��ϴ� ��Ʈ�� Ǵ� �ϵ�� ֽ4ϴ�. PKCS #11; Proxy Server�� ġ�� Ŀ�� FIPS-140(Federal Information Processing Standards)�� ȣȯ�ǵ�� ֽ4ϴ�. �� ̺귯�� SSL 3.0�� ԵǾ� �ֽ4ϴ�.

FIPS-140; ��ϵ�� d�Ϸx� ��=�� մϴ�.

FIPS 140�� ; �� ÷��; ��ġ�մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Edit Listen Sockets ��ũ�� ϴ�. �� û�� Ͽ� �� Edit Listen Sockets �� d�� ǥ�õ˴ϴ�.



��	FIPS 140; ��Ϸx� �� û�� Ͽ�� ǵ�� d�ؾ� �մϴ�. �ڼ�� : û�� Ͽ� �� d; ��v�Ͻʽÿ�.

SSL Version 3 ��Ӵٿ� ��Ͽ�� Enabled�� ʾ�8�� ̸� ��մϴ�.

�� FIPS-140 ��ȣ fǰ��; ��ϰ� OK�� ϴ�.

168��Ʈ ��ȣȭ�� SHA �� Ե� Triple DES(FIPS) ��

56��Ʈ ��ȣȭ�� SHA �� Ե� DES(FIPS) ��

Ŭ��̾�Ʈ �� 䱸 �� d

�� ܰ踦 �� Ŭ��̾�Ʈ�� ߰� �� 䱸 ��; ��d�� ֽ4ϴ�.

SSL ��ῡ Ŭ��̾�Ʈ �� ʿ�� : �ƴϳ� ��ȣȭ�� d�� Ȯ�� dȮ�� 󿡰� ��޵ǵ�� ϴ� �� v�� ֽ4ϴ�. �� wϽÿ�� Ŭ��̾�Ʈ ��; ��Ͽ� ��Ʈ �� wϽó� Ŭ��̾�Ʈ�� Ȯ�� d�� /�� ʵ�� ֽ4ϴ�.

Ŭ��̾�Ʈ �� ʼ�ȭ

Administration Server�� û�� ; ��ϵ�� d�ϰ� �� ν��Ͻ�� Ŭ��̾�Ʈ ��; ��û�ϵ�� ֽ4ϴ�. Ŭ��̾�Ʈ ��; ��ϸ� �� 4�; �� Ŭ��̾�Ʈ�� 䱸�մϴ�.

Proxy Server�� Ŭ��̾�Ʈ �� ִ� CA�� Ŭ��̾�Ʈ �� 8�� ŷڵ� CA�� Ͽ� Ŭ��̾�Ʈ �� մϴ�. Ŭ��̾�Ʈ �� 8�� ŷڵ� CA�� : Manage Certificates �� Security �ǿ�� Ȯ�� ֽ4ϴ�.

Proxy Server�� ŷڵ� CA�� /�� : Ŭ��̾�Ʈ�� ź��ϵ�� ֽ4ϴ�. CA�� Ǵ� �ź��Ϸx� �ݵ�� ش� CA�� Ŭ��̾�Ʈ �ŷڸ� ��d�ؾ� �մϴ�. �ڼ�� : �� v�Ͻʽÿ�.

Proxy Server�� /ȿ �Ⱓ�� 7� ��ϰ� �� ź��ϸ� Ŭ��̾�Ʈ�� ޽�� ݼ��մϴ�. �� Manage Certificates �� Ȯ�� ֽ4ϴ�.

�� Ŭ��̾�Ʈ�� d�� Ͽ� �̸� LDAP ��丮�� ִ� �� ׸�� ϵ�� ֽ4ϴ�. �̷�� ϸ� Ŭ��̾�Ʈ�� /ȿ�ϸ� LDAP ��丮�� ׸�� ǵ�� մϴ�. �� Ŭ��̾�Ʈ �� LDAP ��丮�� ׸� �� ϳ�� ġ�ǵ�� մϴ�. �̿� �� : Ŭ��̾�Ʈ �� LDAP ��; ��v�Ͻʽÿ�.

Ŭ��̾�Ʈ �� ׼�� f�� v�� 8�Ƿ� �ŷڵ� CA�� 䱸 �� ̿ܿ� �� ڴ� �ݵ�� ׼�� f�� Ģ(ACL)�� ġ�Ǿ�� մϴ�. �ڼ�� : �׼�� f�� ; ��v�Ͻʽÿ�.

Ŭ��̾�Ʈ ��; �䱸�Ϸx� ��=�� մϴ�.

�� wϽÿ�� Ŭ��̾�Ʈ ��

�� wϽÿ�� = �ó�� ϳ�� Ŭ��̾�Ʈ ��; �� ֽ4ϴ�.

Proxy-Authenticates-Client �� ó��?�� ִ� �� Ŭ��̾�Ʈ�� ׼�� ϰų�, �� ְ� Proxy Server�� ACL�� νĵ� �� Ŭ��̾�Ʈ�� ؼ�� ׼�� ֽ4ϴ�.

Content-Server-Authenticates-Proxy �� ó��?�� Ʈ �� f�� Proxy Server�� ̸� �ٸ� ��ʹ� ��ϰ� �� =; Ȯ�� ֽ4ϴ�.

Proxy-Authenticates-Client and Content-Server-Authenticates-Proxy �� ó��4� �� wϽÿ�� ְ�� Ȱ� �� ; f��մϴ�.

�� wϽÿ�� Ŭ��̾�Ʈ �� d

�� wϽÿ�� Ŭ��̾�Ʈ ��; ��ϸ� �� ; �� ȭ�� ֽ4ϴ�. ��= ��ħ: �� ó��?� �� Ŭ��̾�Ʈ ��; ��ϴ� ��; ��մϴ�.

Proxy-Authenticates-Client

Proxy-Authenticates-Client �ó��8� ��Ϸx� ��=�� մϴ�.


��	�� ó��?�� Ŭ��̾�Ʈ�� wϽ� �� wϽÿ�� Ʈ �� ; �� Ѵٰ� ��d�մϴ�.

�� wϽ� �� "�� wϽ� ��d"�� f��ϴ� Ŭ��̾�Ʈ�� wϽ� �� ħ �� wϽÿ�� Ʈ �� ó��?� ��ϴ�.

�� ν��Ͻ�� Server Manager�� ׼��ϰ� Preferences ��; ��ϴ�.

Edit Listen Sockets ��ũ�� = ��Ÿ�� ǥ�� ϴ� û�� Ͽ� �� ũ�� ϴ�. Add Listen Socket ��ũ�� Ͽ� û�� ; �� ߰��մϴ�.

Ŭ��̾�Ʈ �� 䱸 ��; ��d�մϴ�.

/ȿ�� ִ� �� ڿ�� ׼�� Ϸx� ��=�� մϴ�.

Security �κ�� Client Authentication ��d; ��Ͽ� �� û�� Ͽ� Ŭ��̾�Ʈ ��; �䱸�ϵ�� d�մϴ�. �� ġ�Ǿ� �� 8�� d�� Ÿ�� ʽ4ϴ�.

/ȿ�� ְ� ACL�� ε� ��ڿ� ��ؼ�� ׼�� Ϸx� ��=�� մϴ�.

Security �κп�� Client Authentication ��d; off�� /��մϴ�. �� ġ�Ǿ� �� 8�� d�� Ÿ�� ʽ4ϴ�.

�� ν��Ͻ�� Server Manager �ǿ�� Administer Access Control ��ũ�� ϴ�.

ACL; �� Edit ��ư; ��ϴ�. Access Control Rules For �� ǥ�õ˴ϴ�(��û�� ʿ�).

�׼�� f� ��մϴ�(Access control Is On Ȯ�ζ�; �� ʾ�8�� ).

Proxy Server�� wϽ÷� ��ϵ�� d�մϴ�. �ڼ�� : �� wϽ� ��d; ��v�Ͻʽÿ�.

��ϴ� �׼�� f�� Ģ�� Rights ��ũ�� , �Ʒ�� â�� ׼�� ; ��d�� = Update�� ׸�; ��Ʈ�մϴ�.

Users/Groups ��ũ�� ϴ�. �Ʒ�� â�� ڿ� �׷�; ��d�ϰ�, �� 8�� SSL; �� Update�� Է�; ��Ʈ�մϴ�.

'�� â�� Submit; �� Է�; ��մϴ�.

�׼�� f� �� ڼ�� : �� ׼�� f�� v�Ͻʽÿ�.

Content Server-Authenticates-Proxy

Content Server-Authenticates-Proxy �ó��8� ��Ϸx� ��=�� մϴ�.

�� wϽ� ��d�� Ŭ��̾�Ʈ�� wϽ� �� wϽÿ�� Ʈ �� ó�� ; '�� ħ�� ϴ�.

��Ʈ �� Ŭ��̾�Ʈ ��; ��մϴ�.



��	�񺸾� Ŭ��̾�Ʈ�� Proxy Server �� Ʈ �� ; ��ϰ� ��Ʈ �� Proxy Server�� ϵ�� ó��8� ��d�� ֽ4ϴ�. �̸� '�� = �� ? �� ȣȭ�� ϰ� �wϽð� �� ʱ�ȭ�ϵ�� մϴ�.

Proxy-Authenticates-Client and Content Server-Authenticates-Proxy

Proxy-Authenticates-Client and Content Server-Authenticates-Proxy �ó��8� ��Ϸx� ��=�� մϴ�.

Ŭ��̾�Ʈ �� LDAP ��

�� κп�� Proxy Server�� Ŭ��̾�Ʈ �� LDAP ��丮�� ׸�� ϴ� �� ϴ� �wμ�� մϴ�.

�� Ŭ��̾�Ʈ�� û; ��ϸ� �̸� ó��ϱ� �� Ŭ��̾�Ʈ�� 䱸�մϴ�. Ŭ��̾�Ʈ�� û�� Բ� Ŭ��̾�Ʈ�� ϴ� ��쵵 �ֽ4ϴ�.

�� CA�� Administration Server�� ִ� �ŷ� CA�� ϰ� ��v�մϴ�. ��ġ �׸�� 8�� Proxy Server�� ; ~��մϴ�. ��ġ �׸�� 8�� û ó�� մϴ�.


��	Ŭ��̾�Ʈ �� LDAP�� ϱ� �� ʼ� ACL; ��ؾ� �մϴ�. �ڼ�� : �� ׼�� f�� v�Ͻʽÿ�.

�� certmap.conf�� ; ��Ͽ� LDAP �˻� �� ; ��d�մϴ�. �� Ͽ� �� Ŭ��̾�Ʈ �� n�� (��~ �� ̸�, �� ּ� ��); ��d�մϴ�. �� ̵� ��; ��Ͽ� LDAP ��丮�� ׸�; �˻��, �켱 �� LDAP ��丮�� ˻�; �� 'ġ�� d�ؾ� �մϴ�. �� Ͽ�� 'ġ�� ֽ4ϴ�.

�� ˻�; �� 'ġ�� ˻�� ׸�; ��d�ϸ�('�� 1��a) LDAP ��丮�� ˻�; ��մϴ�(2��a). ��ġ �׸�� ų� ��ġ �׸�� Ȯ��8�� d�� �ʰ� �˻�: ��մϴ�.

��Ǵ� �˻� �� : ��= ǥ�� 4ϴ�. ��Ǵ� �ൿ; ACL�� d�� ֽ4ϴ�. �� ġ�� ϸ� Proxy Server�� ش� ��ڸ�; ��ϵ�� d�� ֽ4ϴ�. ACL �⺻ ��d �� ڼ�� : �׼�� f�� ; ��v�Ͻʽÿ�.

ǥ 5-1
LDAP �˻� ��
LDAP �˻� ��	�� ON	�� OFF
�˻�� ׸� ��=	��	��
dȮ�� ׸� ��ġ	��	��
�� ׸� ��ġ	��	��

�� LDAP ��丮�� ġ �׸�� ã8�� ش� d�� Ͽ� Ʈ��; ó�� ֽ4ϴ�. ��  �� LDAP ��; ��Ͽ� �� ׼�� d�մϴ�.

certmap.conf ��

�� ο� �� LDAP ��丮�� ׸�; ã�� d�˴ϴ�. certmap.conf�� Ͽ� �̸�8�� õ� �� LDAP �׸�� ġ��Ű�� ; �� ֽ4ϴ�. �� ; ��ϰ� �׸�; �߰��Ͽ� LDAP ��丮�� v��; �˻��ϰ� ��ڿ�� ο�� ; ǥ�� ֽ4ϴ�. ��ڴ� �� ID, �� Ǵ� subjectDN�� Ǵ� �ٸ� ��; ��8�� ֽ4ϴ�. Ư��, �� Ͽ�� =�� d�� d�ǵ˴ϴ�.

��Ͽ�� ϳ� �̻�� ̸� �� 8��, �� : �� ٸ� CA�� ˴ϴ�. �� : ��=�� 4ϴ�.

ù ��° ��: �׸�� ̸�� CA �� ִ� ��/ �̸�; ��ϴ� �Ӽ�; ��d�մϴ�. name: ��̸� ��ڰ� ��ϴ� ��8�� d�� ֽ4ϴ�. �׷�� issuerDN: �ݵ�� Ŭ��̾�Ʈ �� CA�� DN�� dȮ�� ġ�ؾ� �մϴ�. �� Ʒ�� DN �� ̴� �� Ӽ�; ��ϴ� �� ׸�; �� ٸ� ��8�� ó��մϴ�.

certmap sun1 ou=Sun Certificate Authority,o=Sun,c=US
certmap sun2 ou=Sun Certificate Authority, o=Sun, c=US


��	Sun Java System Directory Server�� Ͽ� �� DN; ��v�ϴ� �� f�� ߻�� , Directory Server �7� �α׿� /�� d�� ִ�� Ȯ��Ͻʽÿ�.

�̸� �� ° �� : �� d�� մϴ�. certmap.conf ��Ͽ�� API�� Ͽ� �� d�� ִ� 6�� d�� ֽ4ϴ�.

DNComps�� ǥ�� и�� Ӽ� ��8��, LDAP ��丮�� d��(��, Ŭ��̾�Ʈ �� /��)�� ġ�ϴ� �׸� �˻�; �� 'ġ�� d�ϴ� �� մϴ�. �� Ŭ��̾�Ʈ �� ̵� �Ӽ� ��; ��ϰ� ��; ��Ͽ� LDAP DN; ��մϴ�. �� LDAP ��丮�� ˻�; �� 'ġ�� d�մϴ�. �� , DNComps�� DN�� o�� c �Ӽ�; ��ϵ�� d�� , �� LDAP ��丮�� o=org, c= country �׸�8�κ�� ˻�; ��մϴ�. ��⼭ org �� country�� DN ��8�� ü�� ֽ4ϴ�.

��= ��Ȳ�� /��Ͻʽÿ�.

��ο� DNComps �׸�� 쿡�� CmapLdapAttr ��d; ��ϰų� Ŭ��̾�Ʈ �� ִ� ��ü �� DN(��, ��~ �� d��); ��մϴ�.

DNComps �׸�: ��8�� , �� ü LDAP Ʈ�� Ϳ� ��ġ�ϴ� �׸�; �˻��մϴ�.

�� FilterComps�� ϰ� �� ̵� �Ӽ�; ��ϵ�� d�� (FilterComps=e, uid), �� 丮�� ϰ� �� ID �� Ŭ��̾�Ʈ �� d�� ġ�ϴ� �׸�; �˻��մϴ�. �� ּҿ� �� ID�� Ϲ��8�� 丮 �� /�ϹǷ� ��: ��Ͱ� �� ֽ4ϴ�. LDAP ��ͺ��̽�� ϳ�� ׸� �˻��Ϸx� ��Ͱ� ��ü��̾�� մϴ�.

��Ϳ� �Ӽ� �̸�: LDAP ��丮�� ƴ� �� Ӽ� �̸��̾�� մϴ�. �� Ϻ� �� ּҿ� �� Ӽ�8�� e�� ִ� �ݸ� LDAP�� Ӽ�� ̸�: mail�Դϴ�.

��= ǥ�� x509v3 �� Ӽ�; ��մϴ�.

ǥ 5-2
x509v3 �� Ӽ�
�Ӽ�	��
c	��
o	v��
cn	�� ̸�
l	'ġ
st	��
ou	v�� '
uid	UNIX/Linux �� ID
email	�� ּ�

�� verifycert�� d�� Ŭ��̾�Ʈ�� LDAP ��丮�� ˻�� θ� ��d�մϴ�. on �� off ��, �� ; ��4ϴ�. �� d�� LDAP ��丮�� ִ� ��쿡�� Ͻʽÿ�. �� : ��~ �� /ȿ�ϸ� ��ҵ�� ʾҴ�� Ȯ��ϴ� �� /��մϴ�.

CmapLdapAttr: LDAP ��丮�� ִ� �Ӽ� �̸�8�� ڿ�� DN; ��մϴ�. �� d�� ⺻��: certSubjectDN�Դϴ�. �� d�� ǥ�� LDAP �Ӽ�� ƴϹǷ� �� d�� Ϸx� �ݵ�� LDAP ��Ű�� Ȯ��ؾ� �մϴ�. �ڼ�� : SSL ���� v�Ͻʽÿ�.

certmap.conf�� d�� 8�� ü LDAP ��丮�� Ӽ�� ü DN(�� n�� DN)�� ġ�ϴ� �׸�; �˻��մϴ�. ��ġ�ϴ� �׸�� 8�� DNComps �� FilterComps ��; ��Ͽ� �˻�; �ٽ� �õ��մϴ�.

�� LDAP �׸�� ġ��Ű�� ̷�� b��: DNComps�� FilterComps�� Ͽ� �׸�; ��ġ��Ű�� /��մϴ�.

�� d�� d��

Ŭ��̾�Ʈ �� API�� Ͽ� ��/�� d�� ֽ4ϴ�. �� d�� ִ� �� =�� ش� ��; ��v�մϴ�.

certmap default1 o=Sun Microsystems, c=US
default1:library /usr/sun/userdb/plugin.so
default1:InitFn plugin_init_fn
default1:DNComps ou o c
default1:FilterComps l
default1:verifycert on

�� f

certmap.conf ��Ͽ�� ּ�� ̻�� ׸�� ־�� մϴ�. ��= ��f�� certmap.conf�� ϴ� �پ�� ; ��մϴ�..

��f 1

certmap default default
default:DNComps ou, o, c
default:FilterComps e, uid
default:verifycert on

�� f�� ϸ� �� ou=orgunit, o=org, c=country �׸�; ��ϴ� LDAP �б�a�� ˻�; ��ϸ�, ��⿡�� Ÿ�ü�� ǥ�õ� �ؽ�Ʈ�� Ŭ��̾�Ʈ �� ִ� �� DN�� 8�� ü�˴ϴ�.

�� ִ� �� ּҿ� �� ID ��; ��Ͽ� LDAP ��丮�� ġ�ϴ� �׸�� ִ�� ˻��մϴ�. �׸�� ˻�Ǹ� �� Ŭ��̾�Ʈ�� 丮�� ִ� �� Ͽ� �� մϴ�.

��f 2

��= ��f ��Ͽ�� ֽ4ϴ�. �⺻ ��ΰ� �̱� �� 񽺿� �� Դϴ�.

certmap usps ou=United States Postal Service, o=usps, c=US
usps:DNComps ou,o,c
usps:FilterComps e
usps:verifycert on

�� ̱� �� 񽺰� �ƴ� �ٸ� �� : ��, LDAP Ʈ�� ֻ�ܿ�� ˻�; ��ϰ� Ŭ��̾�Ʈ�� ϰ� �� ID�� ġ�ϴ� �׸�; �˻��ϴ� �⺻ ��; ��մϴ�. �̱� �� , �� v�� '�� ϴ� LDAP �б�a�� ˻�; ��ϰ� ��ġ�ϴ� �� ּҸ� �˻��մϴ�. �� ̱� �� մϴ�. �ٸ� �� ʽ4ϴ�.

��f 3


��	�� DN(��, CA d��): �ݵ�� ù ��° �� Ͽ� �ִ� �� DN�� ؾ� �մϴ�. �� f�� o=United States Postal Service,c=US�� DN�� o�� c �Ӽ� ��̿� �� 8�Ƿ� ��ġ�� ʽ4ϴ�.

��= ��f�� CmapLdapAttr �� d�� Ͽ� LDAP ��ͺ��̽�� certSubjectDN�̶�� ϴ� �Ӽ�; �˻��մϴ�. �� Ӽ�� : Ŭ��̾�Ʈ �� n�� DN ��ü�� dȮ�� ġ�մϴ�.

certmap myco ou=My Company Inc, o=myco, c=US
myco:CmapLdapAttr certSubjectDN
myco:DNComps o, c
myco:FilterComps mail, uid
myco:verifycert on

��ġ�ϴ� �׸�� ϳ� �̻�� 쿡�� ׸�; ��մϴ�. �˻�� ׸�� DNComps�� FilterComps�� Ͽ� ��ġ�ϴ� �׸�; �˻��մϴ�. �� f�� o=LeavesOfGrass Inc, c=US �Ʒ�� ׸񿡼� uid=Walt Whitman; �˻��մϴ�.


��	�� f�� LDAP ��丮�� certSubjectDN �Ӽ�� ִ� �׸�� Ե� ��8�� d�մϴ�.

�� d

Server Manager Preferences �� Set Cipher Size �ɼǿ�� ׼�� Ű ũ�⸦ 168, 128 �Ǵ� 56��Ʈ �߿�� ϰų� f��; ��d�� ; �� ֽ4ϴ�. f�ѿ� �� ʴ� �� 񽺵� ��; ��d�� ֽ4ϴ�. ��; ��d�� 8�� Proxy Server�� Forbidden ��¸� ��ȯ�մϴ�.

�� ׼�� Ű ũ�Ⱑ Security Preferences�� ȣ ��d�� ʴ� �� Proxy Server�� ū �� Ű�� ȣ�� ؾ� �Ѵٴ� �� ȭ ��ڰ� ǥ�õ˴ϴ�.

Ű ũ�� f��: Service fn=key-toosmall�� ƴ� NSAPI PathCheck ��ù�; ��8�� ˴ϴ�. ��ù�: ��=�� 4ϴ�.

��⿡�� nbits�� Ű�� ʿ�� ּ� ��Ʈ ��̸� filename: f�ѿ� �� ; �� ̸�(URL �ƴ�)�Դϴ�.

SSL; �� ʰų� secret-keysize �Ű� �� d�� : �� PathCheck�� REQ_NOACTION; ��ȯ�մϴ�. �� Ű ũ�Ⱑ ��d�� secret-keysize�� : ��, bong-file�� d�� 8�� Լ�� REQ_ABORTED�� PROTOCOL_FORBIDDEN ��¿� �Բ� ��ȯ�մϴ�. �׷�� : �� REQ_PROCEED�� ȯ�ϸ� path �� bong-file filename8�� d�˴ϴ�. �� Ű ũ�� f��; ��w�� : �� ǿ� SSL �� ĳ�ð� ��ȿȭ�Ǿ� ��= �� Ŭ��̾�Ʈ�� ϸ� ��ü SSL �ڵ��ũ�� ߻��մϴ�.

�� ȣ�� d�Ϸx� ��=�� մϴ�.


��	Set Cipher Size ��: PathCheck fn=ssl-check�� ߰�� ü�� Service fn=key-toosmall ��ù�; f��մϴ�.

�� ν��Ͻ�� Server Manager�� ׼��ϰ� Preferences ��; ��ϴ�.

Set Cipher Size ��ũ�� ϴ�.

��Ӵٿ� ��Ͽ�� ȣ�� ҽ�� = Select�� ϴ�. d�� ǥ��; ��d�� ֽ4ϴ�. �ڼ�� : ��ø� �� ҽ� �� v�Ͻʽÿ�.

�� Ű ũ�� f��; ��մϴ�.

168 bit or larger

128 bit or larger

56 bit or larger

No restrictions

�׼�� ź�� ޽�� 'ġ�� d�ϰ� OK�� ϴ�.

��Ÿ ��

�� ȣ�� ص��Ϸt� �õ� �ܿ�� ٸ� �� '�� ֽ4ϴ�. ��Ʈ��ũ�� d�� ׼��Ϸt� �پ�� ; ��ϴ� �ܺ� �� Ŀ�� '�迡 �� ֽ4ϴ�. �� ȣȭ �� ܿ�� ߰�� vġ�� ʿ��մϴ�. �� ǻ�͸� �� ġ�ϰų� �ŷ�� wα׷�; ��ε�� ϵ�� ؾ� �մϴ�. ��= �� ϰ� ��ȣ�ϱ� '�� ֿ� ��; ��մϴ�.

��f �׼�� f��

�� ; ��ϴ� ��찡 ��4ϴ�. �� ǻ�͸� �� ҿ� ��ġ�Ͽ� �� ִ� �� ֵ�� մϴ�. �̷�� ϸ� �� ǻ�� ü�� ŷ; �� ֽ4ϴ�. �� (��Ʈ) �� ȣ�� ִٸ� �� ȣ�� ȣ�Ͻʽÿ�.

�� ׼�� f��

�� ; ��ϴ� �� ڿ� ��ǻ�Ϳ�� ϵ�� ׼�� f� ��d�ؾ� �մϴ�. Administrator Server�� LDAP ��ڿ�� LDAP �� 丮 d�� ׼�� ο��ϵ�� ϴ� ��, SSL; ��ϴ� Administration Server�� ; �ϰ� ��ڰ� ��Ÿ Administration Server�� ׼�� ֵ�� Administration Server�� /�� Ŭ�� ; ��Ͻʽÿ�. Ŭ��Ϳ� �� ڼ�� : �� Ŭ�� v�Ͻʽÿ�.

�� Administration Server�� ̿� �ش��ϴ� ��ȣȭ�� ؾ� �մϴ�. �� SSL ��; �� ʴ� ��쿡�� 񺸾� ��Ʈ��ũ�� Ͽ� �� ǰ� �ʿ��մϴ�. �� ȣ�� ä�� 籸�� ֽ4ϴ�.

�� ȣ ��

�� ȣ, �� Ű �� ȣ, ��ͺ��̽� �� ȣ �� ȣ�� մϴ�. �� ȣ�� ǻ�Ϳ� �ִ� �� 8�Ƿ� �� ߿�� ȣ�Դϴ�. ��=8�δ� �� Ű �� ȣ�� ߿��մϴ�. �� Ű�� Ű �� ȣ�� 8�� 8�� ̴� ��¥ �� ų� �� 0� �� ; ��ä�� ֽ4ϴ�.

�ڽ�: �� ٸ� ��: �� ȣ�� : �� ȣ�Դϴ�. �� MCi12!mo�� "My Child is 12 months old!"�� ֽ4ϴ�. �� : ��ȣ�� δ� �ڳ�� ̸��̳� �� ֽ4ϴ�.

�˾Ƴ�� ȣ

�� ȣ�� Ǵ� �� ħ�� ֽ4ϴ�. ��=�� Ģ; �� ʿ�� : ��Ģ; �� ȣ�ϼ�� ˾Ƴ��Ⱑ �� Դϴ�. �� ȣ�� '�� : ��=�� 4ϴ�.

�� ȣ �Ǵ� PIN ��

�ֱ��8�� ŷ� ��ͺ��̽�/Ű �� ȣ �Ǵ� PIN; ��ϴ� �� }4ϴ�. Administration Server�� SSL; ��ϴ� �� ȣ�� ʿ��մϴ�. �ֱ��8�� ȣ�� ϸ� �� ȣ�� ܰ� �� ֽ4ϴ�.

�� ȣ�� ǻ�Ϳ�� ؾ� �մϴ�. �� ȣ�� ϴ� �� ؾ� �� ħ ��: �˾Ƴ�� ȣ�� v�Ͻʽÿ�.

�ŷ� ��ͺ��̽�/Ű �� ȣ�� Ϸx� ��=�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security ��; ��ϴ�.

Change Key Pair File Password ��ũ�� ϴ�.

Cryptographic Module ��Ӵٿ� ��Ͽ�� ȣ�� ū; ��մϴ�. �⺻��8�� ̰�: �� Ű ��ͺ��̽�� ȣ�Դϴ�. PKCS #11 �� ġ�� ū �� Ÿ��ϴ�.

�� ȣ�� Է��մϴ�.

�ٽ� �Է��ϰ� OK�� ϴ�.

Ű �� ȣ�Ǵ�� Ȯ��մϴ�. Administration Server�� Ű �� ; server_root/alias ��丮�� մϴ�.

�� Ǿ� �ִ�� Ǵ� ��Ÿ �ٸ� �� ç ��ɼ�� ִ�� Ȯ��ϴ� �� ߿��մϴ�. �� ; �� Ϻ��ϰ� ��ȣ�ؾ� �մϴ�.

�� Ÿ �?� �wα׷� f��

�� ǻ�Ϳ�� Ǵ� �� ?� �wα׷�; ��ϰ� ��ؾ� �մϴ�. �� Ǵ� �ٸ� �wα׷�� a; �ǿ��Ͽ� �� ; ��ȸ�ϴ� �� մϴ�. �ʿ�� : �� wα׷�� 񽺸� ~��մϴ�. �� UNIX sendmail ��: ��ϰ� ��ϴ� �� ǻ�Ϳ�� طο� �wα׷�; ��ϵ�� wα׷��ֵ� �� ֽ4ϴ�.

UNIX �� Linux

inittab �� rc ��ũ��Ʈ�� ϴ� �wμ�� ϰ� ��մϴ�. �� ǻ�Ϳ�� telnet �Ǵ� rlogin; �� ʽÿ�. �� ǻ�Ϳ� rdist�� ʽÿ�. ��; �� ǻ�� ; ��Ʈ�ϴ� �� ֽ4ϴ�.

Windows

�ٸ� ��ǻ�Ϳ� ��/�� ̺� �� 丮�� մϴ�. �� d�̳� Guest ��; �ο�� ڸ� ��մϴ�. �� ġ�� wα׷��̳� �ٸ� ��ڰ� ��ġ�� ֵ�� wα׷�; ��d�ϴ� �� ǰ� �ʿ��մϴ�. �ٸ� �� wα׷�� a�� ; �� ֽ4ϴ�. �� Ư�� ; �ջ��Ű�� wα׷�; ��ε�� ֽ4ϴ�. �� wα׷�; ��ϱ� �� ϰ� �wα׷�; ��ؾ� �մϴ�.

Ŭ��̾�Ʈ�� SSL ��; ĳ�� ϵ��

HTML �� <HEAD> �κп� ��= ��; �߰��Ͽ� Ŭ��̾�Ʈ�� ̸� ��ȣȭ�� ; ĳ�� ֽ4ϴ�.

��Ʈ f��

��ǻ�Ϳ�� ʴ� ��Ʈ�� Ȱ��ȭ�մϴ�. �� Ǵ� ��ȭ�� ; ��Ͽ� d�� ʿ�� ּ� ��Ʈ �̿�� Ʈ�� 4� ��; ��մϴ�. �̷�� ϸ� ��f�� ̹� f�ѵ� �� 'ġ�� ǻ�͸� �� ǻ�Ϳ�� ; �� ְ� �˴ϴ�.

�� Ѱ� �ľ�

�� Ŭ��̾�Ʈ ��̿� �� ; f��մϴ�. Ŭ��̾�Ʈ�� ϴ� d�� /�ϸ� d�� ; f�� 8�� ǻ�� ü�� ش� ��丮 �� Ͽ� �� ׼�� f�� 4ϴ�.

�̷�� f��; �˰� ��8�� ؾ� �� Ȳ; ��ϴ� �� ˴ϴ�. �� SSL ��; ��Ͽ� �ſ� ī�� ȣ�� 8�� ȣ�� ǻ�� Ͽ� ��Ǿ� �ִ��, SSL �� ~�� ȣ�� �� ֽ4ϴ�. Ŭ��̾�Ʈ�� SSL; �� ڿ�� ϴ� �� d�� ȿ� /��ϵ�� մϴ�.

5 �� ���� �� Ű ���

���� ��� ����

�ŷ� �����ͺ��̽� �����

�ŷ� �����ͺ��̽��� ����x� ��=�� ���� �մϴ�.

password.conf ���

SSL; ����ϴ� ���� �ڵ� ����

SSL; ����ϴ� ���� �ڵ� �����Ϸx� ��=�� ���� �մϴ�.

VeriSign ���� ��û �� ��ġ

VeriSign ���� ��û

VeriSign ����� ��û�Ϸx� ��=�� ���� �մϴ�.

VeriSign ���� ��ġ

VeriSign ����� ��ġ�Ϸx� ��=�� ���� �մϴ�.

��Ÿ ���� ���� ��û �� ��ġ

�ʼ� CA d��

��Ÿ ���� ���� ��û

��Ÿ ���� ����� ��û�Ϸx� ��=�� ���� �մϴ�.

��Ÿ ���� ���� ��ġ

�ٸ� ���� ����� ��ġ�Ϸx� ��=�� ���� �մϴ�.

���� ���̱׷��̼�

����� ���̱׷��̼��Ϸx� ��=�� ���� �մϴ�.

���� ��Ʈ ���� ��� ���

���� ��

����� ���Ϸx� ��=�� ���� �մϴ�.

CRL �� KRL ��ġ �� ��

CRL �Ǵ� CKL ��ġ

CRL �Ǵ� CKL; ��ġ�Ϸx� ��=�� ���� �մϴ�.

CRL �� CKL ��

CRL �� CKL; ���Ϸx� ��=�� ���� �մϴ�.

���� �⺻ ��d

SSL �� TLS �w�����

SSL; ����Ͽ� LDAP�� ���

Administration Server���� SSL; ����ϵ��� ��d�Ϸx� ��=�� ���� �մϴ�.

Proxy Server�� ���� SSL �ͳθ�

SSL �ͳθ� ����

SSL �ͳθ�; �����Ϸx� ��=�� ���� �մϴ�.

SSL �ͳθ� ��� ���� ����

û�� ���Ͽ� ���� ��� ��d

���� ��� ���

û�� ����; ���� �� ����; �����Ϸx� ��=�� ���� �մϴ�.

û�� ����; ������ �� ����; �����Ϸx� ��=�� ���� �մϴ�.

û�� ���Ͽ� ���� ���� ����

û�� ���Ͽ� ���� ����� �����Ϸx� ��=�� ���� �մϴ�.

��ȣ ����

SSL �� TLS�� ����ϵ��� ��d�Ϸx� ��=�� ���� �Ͻʽÿ�.

���� ���� ����

SSL ���� ���� ��ù��� ���� ��; ��d�Ϸx� ��=�� ���� �մϴ�.

SSLSessionTimeout

����

SSLCacheEntries

SSL3SessionTimeout

����

�ܺ� ��ȣȭ ��� ���

PKCS #11 ��� ��ġ

modutil; ����Ͽ� PKCS #11 ��� ��ġs

modutil; ����Ͽ� PKCS #11 ���; ��ġ�Ϸx� ��=�� ���� �մϴ�.

pk12util ���

pk12util; ����Ͽ� ��������

���� �����ͺ��̽����� ����� Ű�� �������x� ��=�� ���� �մϴ�.

pk12util; ����Ͽ� ��n�1�

���� �Ǵ� �ܺ� PKCS #11 ���� ����� Ű�� ��n�7x� ��=�� ���� �մϴ�.

�ܺ� ����� ����Ͽ� ���� ����

û�� ���Ͽ� ���� �̸� ����

û�� ���Ͽ� ���� �̸�; �����Ϸx� ��=�� ���� �մϴ�.

FIPS 140 ǥ��

FIPS-140; ����ϵ��� ��d�Ϸx� ��=�� ���� �մϴ�.

Ŭ���̾�Ʈ ���� �䱸 ���� ��d

Ŭ���̾�Ʈ ���� �ʼ�ȭ

Ŭ���̾�Ʈ ����; �䱸�Ϸx� ��=�� ���� �մϴ�.

������ �wϽÿ����� Ŭ���̾�Ʈ ����

������ �wϽÿ����� Ŭ���̾�Ʈ ���� ��d

Proxy-Authenticates-Client

Proxy-Authenticates-Client �ó����8� �����Ϸx� ��=�� ���� �մϴ�.

Content Server-Authenticates-Proxy

Content Server-Authenticates-Proxy �ó����8� �����Ϸx� ��=�� ���� �մϴ�.

Proxy-Authenticates-Client and Content Server-Authenticates-Proxy

Proxy-Authenticates-Client and Content Server-Authenticates-Proxy �ó����8� �����Ϸx� ��=�� ���� �մϴ�.

Ŭ���̾�Ʈ ����� LDAP ����

certmap.conf ���� ���

����� d�� ��� d�� ��

���� ��f

5 ��
�� Ű ��

��

�ŷ� ��ͺ��̽� ��

�ŷ� ��ͺ��̽�� x� ��=�� մϴ�.

password.conf ��

SSL; ��ϴ� �� ڵ� ��

SSL; ��ϴ� �� ڵ� ��Ϸx� ��=�� մϴ�.

VeriSign �� û �� ġ

VeriSign �� û

VeriSign �� û�Ϸx� ��=�� մϴ�.

VeriSign �� ġ

VeriSign �� ġ�Ϸx� ��=�� մϴ�.

��Ÿ �� û �� ġ

��Ÿ �� û

��Ÿ �� û�Ϸx� ��=�� մϴ�.

��Ÿ �� ġ

�ٸ� �� ġ�Ϸx� ��=�� մϴ�.

�� ̱׷��̼�

�� ̱׷��̼��Ϸx� ��=�� մϴ�.

�� Ʈ ��

��

�� Ϸx� ��=�� մϴ�.

CRL �� KRL ��ġ ��

CRL �Ǵ� CKL; ��ġ�Ϸx� ��=�� մϴ�.

CRL �� CKL; ��Ϸx� ��=�� մϴ�.

�� ⺻ ��d

SSL �� TLS �w��

SSL; ��Ͽ� LDAP��

Administration Server�� SSL; ��ϵ�� d�Ϸx� ��=�� մϴ�.

Proxy Server�� SSL �ͳθ�

SSL �ͳθ� ��

SSL �ͳθ�; ��Ϸx� ��=�� մϴ�.

SSL �ͳθ� ��

û�� Ͽ� �� d

��

û�� ; �� ; ��Ϸx� ��=�� մϴ�.

û�� ; �� ; ��Ϸx� ��=�� մϴ�.

û�� Ͽ� ��

û�� Ͽ� �� Ϸx� ��=�� մϴ�.

��ȣ ��

SSL �� TLS�� ϵ�� d�Ϸx� ��=�� Ͻʽÿ�.

��

SSL �� ù�� ; ��d�Ϸx� ��=�� մϴ�.

��

��

�ܺ� ��ȣȭ ��

PKCS #11 �� ġ

modutil; ��Ͽ� PKCS #11 �� ġs

modutil; ��Ͽ� PKCS #11 ��; ��ġ�Ϸx� ��=�� մϴ�.

pk12util ��

pk12util; ��Ͽ� ��

�� ͺ��̽�� Ű�� x� ��=�� մϴ�.

pk12util; ��Ͽ� ��n�1�

�� Ǵ� �ܺ� PKCS #11 �� Ű�� n�7x� ��=�� մϴ�.

�ܺ� �� Ͽ� ��

û�� Ͽ� �� ̸� ��

û�� Ͽ� �� ̸�; ��Ϸx� ��=�� մϴ�.

FIPS-140; ��ϵ�� d�Ϸx� ��=�� մϴ�.

Ŭ��̾�Ʈ �� 䱸 �� d

Ŭ��̾�Ʈ �� ʼ�ȭ

Ŭ��̾�Ʈ ��; �䱸�Ϸx� ��=�� մϴ�.

�� wϽÿ�� Ŭ��̾�Ʈ ��

�� wϽÿ�� Ŭ��̾�Ʈ �� d

Proxy-Authenticates-Client �ó��8� ��Ϸx� ��=�� մϴ�.

Content Server-Authenticates-Proxy �ó��8� ��Ϸx� ��=�� մϴ�.

Proxy-Authenticates-Client and Content Server-Authenticates-Proxy �ó��8� ��Ϸx� ��=�� մϴ�.

Ŭ��̾�Ʈ �� LDAP ��

certmap.conf ��

�� d�� d��

�� f

�� d

�� ȣ�� d�Ϸx� ��=�� մϴ�.

��Ÿ ��

��f �׼�� f��

�� ׼�� f��

�� ȣ ��

�˾Ƴ�� ȣ

�� ȣ �Ǵ� PIN ��

�ŷ� ��ͺ��̽�/Ű �� ȣ�� Ϸx� ��=�� մϴ�.

�� Ÿ �?� �wα׷� f��