|
| |
| Sun Java System Portal Server 6 2005Q4 �z��n | |
�� 4 ��
�]�w Portal Server �H�ϥΦw�����~�� LDAP �ؿ��A���b�w�]�w�ˤ��ASun Java™ System Portal Server�BSun Java™ System Access Manager �M Sun Java™ System Directory Server �n�鳣�O�b�P�@�D��W���C�p�G�z�ݭn�b�W�ߪ��~���D��W��� Directory Server �åB�n�� Portal Server �z�L�ϥ� Secure Sockets Layer (SSL) ���w���s�u�s��ؿ�H�����z���į�B�w���ʩM��X�ؼСA�h�i�H�o�˰��C
�Ƶ�
�Y�n�z�L�w���s�u�s�� Directory Server�ASun Java™ System Web Server �� Sun Java™ System Application Server �����t�m���H��ñ�p�ؿ���Ҫ��{�Ҿ�c�C
�Y�n�]�w Portal Server �H�ϥΥ~�� LDAP �ؿ�A�ݭn���U�C�{�ǡG
�Y�n�t�m Directory Server �H�b SSL �U���
- ���� Directory Server (ns-slapd �{��) �P�z��A�� (ns-httpd �{��) �O�_�w�ҰʻP���C
- �H�W�ŨϥΪ̪�����A�b�ݾ��Ұʥؿ��A���D���x�A��k�O��J�G
/var/opt/mps/serverroot/startconsole
- �b��ܪ��n�J���A��J admin �@�� Directory Server ���ϥΪ̦W�ٻP�q��K�y�C
- �b�D���x�������椤�A�i�}�ؿ��b [��A���s��] �U�ݨ� Directory Server ��ҡC
- ��� Directory Server ��Ҩë�@�U [�}��]�C
- ��� [�@�~] ������ [�z����]�C
�Ĥ@����榹���@�~�ɡA�t�η|�n�D�z��J�K�X�H�إ߾��Ҹ�Ʈw�C�аO�U���K�X�A�y��z�i�H�Υ��ӱҰ� Directory Server�C
- ��@�U [�ШD]�C
�|�X�{ [���ҽШD���F]�C��Ӻ��F����ܨç����o�ǨB�J�H���;��ҽШD�C�ШD�|�ǰe��u���Һz��A�� (CMS)�v�H��o�\�i�CCMS �|�Ǧ^�u�������ҡC�x�s���ҽШD�ƥ��A��k�O�N�ШD��ƽƻs���ɮסC
- �b���ҽШD�ǰe�� CMS ����ACMS �z��|�{�i�ШD�ñN�w�{�i�����ҶǦ^�C
- ��o�w���ͪ� DS ���һP CMS ���ҡC
�]�� CMS �|�� DS ���;��ҡA�]���٥����H�� CMS�A��k�O�N CMS ���ҧ@���� CA �פJ�C
- ��� [�z����]�B[��A������]�A�M���@�U [�w��]�C
�|�X�{ [���Ҧw�˽ШD���F]�C
- �N�w�\�i�����Ҹ�Ʊq�B�J 8 �ƻs�öK�W�ܤ�r�ϰ�ÿ�u���F��ܪ��B�J�H�w�˾��ҡC
���\�w�˾��Ҥ���A���ҷ|�H�Ӷ�������ܩ� [��A������] ���ҤW�C
- �}�� [�z����] ��A��� [CA ����] ���ҡC
�p�G�z�b�B�J 9 ���q����o���Ҫ� CA �i�H�b CA ���ҲM�椤���A�z�N���ݭn�b�ӲM�椤�w�˾��ҡC
�p�G���Ҩå��b�M�椤�A�z�ݭn�z�L�z���{�Ҿ�c��o�� CA ���Ҩå[�H�w�ˡC
- ��@�U [��] �H�� [�z����] ��C
- ��� [�պA�]�w] ���ҡC
- ��@�U [�[�K] ���ҡA�֨� [�ҥΦ���A���� SSL] �H�� [�ϥαK�X�t�C�GRSA] �֨���A�M���@�U [�x�s]�C
- �b [���] ���Ҥ�����άO�b [�[�K�s����] ��줤��w���Ī��s����s���A�ë�@�U [�x�s]�C
�w�]�s���� 636�C
- ���s�Ұ� Directory Server �ô��Ѧb�B�J 6 ����J�����Ҹ�Ʈw�K�X�C
�z���ؿ�{�b����ť�� SSL �s���� 636 �s���� (�w�])�C
�Y�n�إ߫H���Ʈw
�إ߫H���Ʈw�ɡA�z�n��w�N�Ω�K�_���ɮת��K�X�C�z�]�ݭn���K�X�Ұʦ�A���A��k�O�ϥΥ[�K���q�T�C
�b���Ҹ�Ʈw���A�z�|�إP�x�s���}�P�p�K���_�A�٬����_���ɮסC�K�_���ɮ|�Ω� SSL �[�K�C��ШD�P�w�˦�A�����Үɷ|�ϥαK�_���ɮסC�b�w�˫���ҷ|�x�s�b���Ҹ�Ʈw���C
�إ߾��Ҹ�Ʈw���{�Ƿ|�ھڨϥΪ� Web �e�������өw�C�U�C�O�b Sun Java System Application Server �W�إ߾��Ҹ�Ʈw����ܡC�z�]�i�H�b http://docs.sun.com �W���uSun Java System Application Server Administration Guide to Security�v�������C
����b Sun Java System Web Server �إ߾��Ҹ�Ʈw������A�i�H�b http://docs.sun.com �W���uSun Java system Web Server, Enterprise Edition Administration Guide�v���C
�Y�n�b Sun Java System Application Server �W�إ߾��Ҹ�Ʈw�A�Цb�z���������U�C�B�J�G
�ϥ� password.conf �ɮ�
�p�G�z�Ʊ� SSL/TLS �ҥΪ� Sun Java System Application Server �b�w�� SSL �t�m�ɯ��۰ʭ��s�ҰʡA�z�i�H�N�H���Ʈw�K�X�x�s�b password.conf �ɮפ��C
password.conf �ɮת��i�@�B��T�i�H�b�uSun Java System Application Server Administrator’s Configuration File Reference�v�����uUsing the password.conf File�v�����C
�@��Ө��A�z����ϥ� /etc/rc.local �� /etc/inittab �ɮױҰʤw�ҥ� UNIX® SSL ����A���A�]����A���b�Ұʤ��e�ݭn��J�K�X�C�p�G�N�K�X�O�s�b�@���r�ɮפ��A�N�i�H�۰ʱҰʤw�ҥ� SSL ����A���A���ij�z���n�o�˰��C��A���� password.conf �ɮ�3���ݩ�W�ŨϥΪ̩Φw�˦�A�����ϥΪ̡A�åB�u���Ҧ��̤~��i��Ū��P�g�J�s��C�b UNIX �W�A�N�ҥΤF SSL ����A�����K�X�d�b password.conf �ɮפ��|�a�ӫܤj���w�����I�C�i�H�s���ɮת����H���㦳�i�s��w�ҥ� SSL ��A�����K�X�C�N�ҥΤF SSL ����A�����K�X�O�d�b password.conf �ɮפ����e�A�ЦҼ{�w�����I�C
�w�ˮڻ{�Ҿ�c (CA) ����
�w�ˮ� CA ���Ҫ��{�Ƿ|�ھڨϥΪ� Web �e�������өw�C
�U�C�{�ǻ���p��b Sun Java System Application Server �W�w�ˮ� CA�C�z�]�i�H�b http://docs.sun.com �W���uSun Java System Application Server Administration Guide to Security�v���������C
����b Sun Java System Web Server �w�ˮ� CA ������A�i�H�b http://docs.sun.com �����uSun Java System Web Server, Enterprise Edition Administration Guide�v���C
���Ѿ��Ҫ��ӷ��P�z��o�� CA ���Ҫ��ӷ��ۦP�C
�Y�n�q CA �w�˾��ҡA�Цb�z���������U�C�B�J�G
- �b�����椤�s�� App Server ��Ҩÿ���A����ҡC
- �s��w���ʡC
- ��� [�z����]�C
- ��@�U [�w��] �s���C
�N�|��� [�w�˦�A������]�C
- �� CA �����ҿ�ܥi�H��{�Ҿ�c (CA)�A�ӱz�|����{�Ҿ�c�@���Τ�ݻ{�Ҫ���H�� CA�C
- �бq�U�Ԧ��M�椤���[�K�ҲաC
- ��J�K�_���ɮת��K�X�C
- �p�G���ҬO����A����ҨϥΪ��ߤ@���ҡA�бN�������W�٫O�d�ťաA���D�G
- ���&�A���N�ϥΦh�Ӿ��ҡC�p�G�O�o�ر��p�A�п�J�b��A����Ҥ��ߤ@�����ҦW�١C
- �ϥΤF�P�������P���[�K�ҲաC�p�G�O�o�ر��p�A�п�J�b��@�[�K�Ҳժ��Ҧ���A����Ҥ��ߤ@�����ҦW�١C
�p�G�w�g��J�W�١A�ӦW�ٱN�|��ܦb [�z����] �M�椤�A�ӥB��y�z�ʡC�Ҧp�AUnited States Postal Service CA �O CA ���W�١F�� VeriSign Class 2 Primary CA �h�P�ɴy�z CA �M���������C
- ���@�ӡG
- ��@�U [�T�w]�C
- ��� [�s�W����] �H�w�˷s�����ҡC
- �b�����椤�s�� App Server ��һP��A����ҡA�M���@�U [�M���ܧ�]�C
- ����í��s�Ұʦ�A���ϤW�z�ܧ�ͮġC���ҷ|�x�s�b��A�������Ҹ�Ʈw���C�ɮצW�ٱN�|�O cert8.db�C
�Y�n�ϥ� SSL �P Directory Server �i��q�T
�Y�n�� Directory Server �ҥ� Access Manager �H�ϥ� SSL�A�Ч����U�C�B�J�G
- �s�� /etc/opt/SUNWam/config/AMConfig.properties �ɮסC���B�J�P�e���L��A�ӥB Sun Java System Web Server �P Sun Java System Application Server ��������榹�B�J�C
- �N AMConfig.properties �ɮת��U�C�]�w�q�G
com.iplanet.am.directory.ssl.enabled=false
com.iplanet.am.directory.host=server12.example.com (if it needs to be changed)
com.iplanet.am.directory.port=389
�ܧG
com.iplanet.am.directory.ssl.enabled=true
com.iplanet.am.directory.host=server1.example.com
com.iplanet.am.directory.port=636 (port on which DS uses encryption)
- �b AccessManager-base/SUNWam/config/ums/serverconfig.xml �ɮפ��ܧ�s�u�s����P�s�u�����ȡA�N���}�Ҧ��ܧ� SSL�C
- �s�� serverconfig.XML �ɮרñN�U�C�U��q�G
�ܧG
- �b���� serverconfig.xml �ɮת��ܧ�A�Э��s�Ұ� Web �e���C