²Ä 7 ³¹
ÃÒ®Ñ

¥»³¹·|¤¶²ÐÃҮѺ޲z¨Ã¸ÑÄÀ¦p¦ó¦w¸Ë¦ÛñªºÃҮѻP¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃҮѡC

¥»³¹²[»\¤U¦C¥DÃD¡G

SSL ÃҮѷ§­z
ÃÒ®ÑÀÉ®×
ÃҮѫH¥ôÄÝ©Ê
CA «H¥ôÄÝ©Ê
certadmin µ{§ÇÀÉ
²£¥Í¦ÛñÃÒ®Ñ
¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºcªº SSL ÃÒ®Ñ
·s¼W®Ú CA ÃÒ®Ñ
­×§ïÃҮѪº«H¥ôÄÝ©Ê
¦C¥Ü®Ú CA ÃÒ®Ñ
¦C¥Ü©Ò¦³ÃÒ®Ñ
§R°£ÃÒ®Ñ
¦C¦LÃÒ®Ñ

---

SSL ÃҮѷ§­z

Sun™ ONE Portal Server, Secure Remote Access ³nÅé´£¨Ñ¥HÃҮѬ°°ò¦ªº»·ºÝ¨Ï¥ÎªÌ»{ÃÒ¡CSecure Remote Access ¨Ï¥Î¦w¥þ®M±µ¼h (SSL) ¥i¹ê²{¦w¥þ³q°T¡C¦¹ SSL ³q°T¨ó©w¥i¹ê²{¨â³¡¾÷¾¹¤§¶¡ªº¦w¥þ³q°T¡C

SSL ÃҮѨϥΤ½¶}ª÷Æ_»P¨p¤Hª÷Æ_¹ï´£¨Ñ¥[±K»P¸Ñ±K¥\¯à¡C

¦³¨âºØÃþ«¬ªºÃҮѡG

¦ÛñÃÒ®Ñ (¥çºÙ¬°®Ú CA ÃÒ®Ñ)
¥Ñ»{ÃÒ¾÷ºc (CA) ®ÖµoªºÃÒ®Ñ

¨Ì¹w³]¡A·í±z¦w¸Ë¡u¹h¹D¡v®É¡A¨t²Î·|²£¥Í¨Ã¦w¸Ë¦ÛñÃҮѡC

¦w¸Ë¤§«á¡A±z¥i¥HÀH®É²£¥Í¡BÀò±o©Î¨ú¥NÃҮѡC

Secure Remote Access ¦P®É¤ä´©¨Ï¥Î­Ó¤H¼Æ¦ìÃÒ®Ñ (PDC) ªº¥Î¤áºÝ»{ÃÒ¡CPDC ¬O¤@ºØ¾÷¨î¡A¥i³z¹L SSL ¥Î¤áºÝ»{ÃÒ¶i¦æ¨Ï¥ÎªÌ»{ÃÒ¡C¦³¤F SSL ¥Î¤áºÝ»{ÃÒ¡ASSL °T¸¹¥æ´«¼Ò¦¡«K·|©ó¡u¹h¹D¡vµ²§ô¡C¹h¹D·|Â^¨ú¨Ï¥ÎªÌªº PDC ¨Ã±N¥¦¶Ç°e¨ì»{ÃÒ¦øªA¾¹¡C¦Ó¦¹¦øªA¾¹·|¨Ï¥Î PDC »{ÃҨϥΪ̡C­Y­n°t¸m PDC »P»{ÃÒÃì±µ¡A½Ð°Ñ¾\¡u¨Ï¥Î»{ÃÒÃì±µ¡v¡C

Secure Remote Access ´£¨Ñ¦W¬° certadmin ªº¤u¨ã¡A¥iÅý±z¥Î¨ÓºÞ²z SSL ÃҮѡC½Ð°Ñ¾\¡ucertadmin µ{§ÇÀÉ¡v¡C

---

ÃÒ®ÑÀÉ®×

»PÃҮѬÛÃöªºÀɮצì©ó /etc/opt/SUNWps/cert/default/gateway-profile-name¡C¦¹¥Ø¿ý¨Ì¹w³]¥]§t 5 ­ÓÀɮסC

ªí 7-1 ¦C¥X³o¨ÇÀɮפΨ仡©ú¡C²Ä¤@Äæ¦C¥XÃÒ®ÑÀɮצWºÙ¡B²Ä¤GÄæ«ü©wÀÉ®×Ãþ«¬¡A¦Ó²Ä¤TÄæ«h¬°ÀÉ®×»¡©ú¡C

ªí 7-1 ÃÒ®ÑÀÉ®×

ÀɮצWºÙ	Ãþ«¬	»¡©ú
cert8.db¡Bkey3.db¡Bsecmod.db	¤G¶i¦ì	¥]§tÃҮѡB±KÆ_©M±K½X½sĶ¼Ò²Õªº¸ê®Æ¡C ¥i¥H¨Ï¥Î certadmin µ{§ÇÀɶi¦æ¾Þ±±¡C »P Sun™ ONE Web Server ¨Ï¥Îªº¸ê®Æ®wÀɮר㦳¬Û¦Pªº®æ¦¡¡A¨ä¤¤Àɮצì©ó portal-server-install-root/SUNWwbsvr/alias¡C ¦p¦³¥²­n¡A³o¨ÇÀÉ®×¥i¥H¦b Portal Server ¥D¾÷©M¹h¹D¤¸¥ó©Î¹h¹D¥N²z¦øªA¾¹¤§¶¡¦@¨É¨Ï¥Î¡C
.jsspass	ÁôÂäå¦rÀÉ	¥]§t¥Î©ó SRA ±KÆ_¸ê®Æ®wªº¥[±K±K½X¡C
.nickname	ÁôÂäå¦rÀÉ	¥H token-name:certificate-name ®æ¦¡Àx¦s¹h¹D»Ý­n¨Ï¥Îªº°O¸¹»PÃҮѪº¦WºÙ¡C ­Y±z¥¿¦b¨Ï¥Î¹w³]°O¸¹ (¹w³]¤º³¡³nÅé¥[±K¼Ò²Õªº°O¸¹)¡A½Ð¬Ù²¤°O¸¹¦WºÙ¡C¦b¤j³¡¤Àªº±¡§Î¤U¡A.nickname Àɮ׶ȷ|Àx¦sÃҮѦWºÙ¡C ¨­¬°ºÞ²z­û¡A±z¥i¥H­×§ï¦¹Àɮפ¤ªºÃҮѦWºÙ¡C¹h¹D²{¦b±N·|¨Ï¥Î±z©Ò«ü©wªºÃҮѡC

---

ÃҮѫH¥ôÄÝ©Ê

ÃҮѪº«H¥ôÄݩʪí¥Ü¡G

ÃÒ®Ñ (´N¥Î¤áºÝ©Î¦øªA¾¹ÃҮѦӨ¥) ¬O§_¥Ñ«H¥ôªº CA ©Ò®Öµo¡C
¬O§_¥i¥H«H¥ôÃÒ®Ñ (´N®ÚÃҮѦӨ¥) §@¬°¦øªA¾¹»P¥Î¤áºÝÃҮѪº®ÖµoªÌ¡C

¨CºØÃҮѦ³¤TºØ¥i¯àªº«H¥ôºØÃþ¡Aªí¹F¶¶§Ç¬°¡G¡uSSL¡B¹q¤l¶l¥ó©Mª«¥óñ¸p¡v¡C¹ï©ó¹h¹D¤¸¥ó¦Ó¨¥¡A¶È²Ä¤@­ÓºØÃþ¦³¥Î¡C¦b¨C­ÓºØÃþ¦ì¸m¡A¥i¥H¨Ï¥Î¹s©Î¨ä¥L«H¥ôÄÝ©Ê¥N½X¡C

ºØÃþªºÄÝ©Ê¥N½X¥Ñ³r¸¹¹j¶}¡A¦Ó¾ã­ÓÄݩʶ°«h¬O¥Ñ¤Þ¸¹Àô¶¡C¨Ò¦p¡A¹h¹D¦w¸Ë´Á¶¡²£¥Í¨Ã¦w¸Ëªº¦ÛñÃҮѼаO¬° "u,u,u"¡Aªí¥Ü¦¹¬O¦øªA¾¹ÃÒ®Ñ (¨Ï¥ÎªÌ»{ÃÒ) ¦Ó¤£¬O®Ú CA ÃҮѡC

ªí 7-2 ¦C¥X¥i¯àªºÄÝ©Ê­È»P¨C­Ó­Èªº·N¸q¡C²Ä¤@Äæ¦C¥XÄÝ©Ê¡A²Ä¤GÄæ«h»¡©úÄÝ©Ê¡C

ªí 7-2 ÃҮѫH¥ôÄÝ©Ê 

ÄÝ©Ê	»¡©ú
p	¦³®ÄÂI
P	¥i«H¥ôÂI (·t§t p)
c	¦³®Ä CA
T	¥i«H¥ôªº CA ®Öµo¥Î¤áºÝÃÒ®Ñ (·t§t c)
C	¥i«H¥ôªº CA ®Öµo¦øªA¾¹ÃÒ®Ñ (¶È­­ SSL) (·t§t c)
u	ÃҮѥi¥H¥Î©ó»{ÃÒ©Îñ¸p
w	¶Ç°eĵ§i (¦b¸ÓÀô¹Ò¤¤¨Ï¥ÎÃҮѮɡA»P¨ä¥LÄݩʤ@°_¨Ï¥Î¥H«K¥]§t¤@­Óĵ§i)

---

CA «H¥ôÄÝ©Ê

ÃҮѸê®Æ®w¤¤¥]§t²³©Ò¬Òª¾ªº¤½¶} CA¡C¦³Ãö­×§ï¤½¶} CA «H¥ôÄݩʪº¸ê°T¡A½Ð°Ñ¾\¡u­×§ïÃҮѪº«H¥ôÄÝ©Ê¡v¡C

ªí 7-3 ¦C¥X²³¦h¦@¥Îªº»{ÃÒ¾÷ºc¤Î¨ä«H¥ôÄÝ©Ê¡C²Ä¤@Äæ¦C¥X»{ÃÒ¾÷ºc¡A¦Ó²Ä¤GÄæ«h¦C¥X¸Ó CA ªº«H¥ôÄÝ©Ê¡C

ªí 7-3 ¤½¶}»{ÃÒ¾÷ºc

»{ÃÒ¾÷ºc¦WºÙ	«H¥ôÄÝ©Ê
Verisign/RSA Secure Server CA	CPp,CPp,CPp
VeriSign Class 4 Primary CA	CPp,CPp,CPp
GTE CyberTrust Root CA	CPp,CPp,CPp
GTE CyberTrust Global Root	CPp,CPp,CPp
GTE CyberTrust Root 5	CPp,CPp,CPp
GTE CyberTrust Japan Root CA	CPp,CPp,CPp
GTE CyberTrust Japan Secure Server CA	CPp,CPp,CPp
Thawte Personal Basic CA	CPp,CPp,CPp
Thawte Personal Premium CA	CPp,CPp,CPp
Thawte Personal Freemail CA	CPp,CPp,CPp
Thawte Server CA	CPp,CPp,CPp
Thawte Premium Server CA	CPp,CPp,CPp
American Express CA	CPp,CPp,CPp
American Express Global CA	CPp,CPp,CPp
Equifax Premium CA	CPp,CPp,CPp
Equifax Secure CA	CPp,CPp,CPp
BelSign Object Publishing CA	CPp,CPp,CPp
BelSign Secure Server CA	CPp,CPp,CPp
TC TrustCenter, Germany, Class 0 CA	CPp,CPp,CPp
TC TrustCenter, Germany, Class 1 CA	CPp,CPp,CPp
TC TrustCenter, Germany, Class 2 CA	CPp,CPp,CPp
TC TrustCenter, Germany, Class 3 CA	CPp,CPp,CPp
TC TrustCenter, Germany, Class 4 CA	CPp,CPp,CPp
ABAecom (sub., Am. Bankers Assn.)Root CA	CPp,CPp,CPp
Digital Signature Trust Co. Global CA 1	CPp,CPp,CPp
Digital Signature Trust Co. Global CA 3	CPp,CPp,CPp
Digital Signature Trust Co. Global CA 2	CPp,CPp,CPp
Digital Signature Trust Co. Global CA 4	CPp,CPp,CPp
Deutsche Telekom AG Root CA	CPp,CPp,CPp
Verisign Class 1 Public Primary Certification Authority	CPp,CPp,CPp
Verisign Class 2 Public Primary Certification Authority	CPp,CPp,CPp
Verisign Class 3 Public Primary Certification Authority	CPp,CPp,CPp
Verisign Class 1 Public Primary Certification Authority - G2	CPp,CPp,CPp
Verisign Class 2 Public Primary Certification Authority - G2	CPp,CPp,CPp
Verisign Class 3 Public Primary Certification Authority - G2	CPp,CPp,CPp
Verisign Class 4 Public Primary Certification Authority - G2	CPp,CPp,CPp
GlobalSign Root CA	CPp,CPp,CPp
GlobalSign Partners CA	CPp,CPp,CPp
GlobalSign Primary Class 1 CA	CPp,CPp,CPp
GlobalSign Primary Class 2 CA	CPp,CPp,CPp
GlobalSign Primary Class 3 CA	CPp,CPp,CPp
ValiCert Class 1 VA	CPp,CPp,CPp
ValiCert Class 2 VA	CPp,CPp,CPp
ValiCert Class 3 VA	CPp,CPp,CPp
Thawte Universal CA Root	CPp,CPp,CPp
Verisign Class 1 Public Primary Certification Authority - G3	CPp,CPp,CPp
Verisign Class 2 Public Primary Certification Authority - G3	CPp,CPp,CPp
Verisign Class 3 Public Primary Certification Authority - G3	CPp,CPp,CPp
Verisign Class 4 Public Primary Certification Authority - G3	CPp,CPp,CPp
Entrust.net Secure Server CA	CPp,CPp,CPp
Entrust.net Secure Personal CA	CPp,CPp,CPp
Entrust.net Premium 2048 Secure Server CA	CPp,CPp,CPp
ValiCert OCSP Responder	CPp,CPp,CPp
Baltimore CyberTrust Code Signing Root	CPp,CPp,CPp
Baltimore CyberTrust Root	CPp,CPp,CPp
Baltimore CyberTrust Mobile Commerce Root	CPp,CPp,CPp
Equifax Secure Global eBusiness CA	CPp,CPp,CPp
Equifax Secure eBusiness CA 1	CPp,CPp,CPp
Equifax Secure eBusiness CA 2	CPp,CPp,CPp
Visa International Global Root 1	CPp,CPp,CPp
Visa International Global Root 2	CPp,CPp,CPp
Visa International Global Root 3	CPp,CPp,CPp
Visa International Global Root 4	CPp,CPp,CPp
Visa International Global Root 5	CPp,CPp,CPp
beTRUSTed Root CA	CPp,CPp,CPp
Xcert Root CA	CPp,CPp,CPp
Xcert Root CA 1024	CPp,CPp,CPp
Xcert Root CA v1	CPp,CPp,CPp
Xcert Root CA v1 1024	CPp,CPp,CPp
Xcert EZ	CPp,CPp,CPp
CertEngine CA	CPp,CPp,CPp
BankEngine CA	CPp,CPp,CPp
FortEngine CA	CPp,CPp,CPp
MailEngine CA	CPp,CPp,CPp
TraderEngine CA	CPp,CPp,CPp
USPS Root	CPp,CPp,CPp
USPS Production 1	CPp,CPp,CPp
AddTrust Non-Validated Services Root	CPp,CPp,CPp
AddTrust External Root	CPp,CPp,CPp
AddTrust Public Services Root	CPp,CPp,CPp
AddTrust Qualified Certificates Root	CPp,CPp,CPp
Verisign Class 1 Public Primary OCSP Responder	CPp,CPp,CPp
Verisign Class 2 Public Primary OCSP Responder	CPp,CPp,CPp
Verisign Class 3 Public Primary OCSP Responder	CPp,CPp,CPp
Verisign Secure Server OCSP Responder	CPp,CPp,CPp
Verisign Time Stamping Authority CA	CPp,CPp,CPp
Thawte Time Stamping CA	CPp,CPp,CPp
E-Certify CA	CPp,CPp,CPp
E-Certify RA	CPp,CPp,CPp
Entrust.net Global Secure Server CA	CPp,CPp,CPp
Entrust.net Global Secure Personal CA	CPp,CPp,CPp

---

certadmin µ{§ÇÀÉ

±z¥i¥H¨Ï¥Î certadmin µ{§ÇÀÉ°õ¦æ¤U¦CÃҮѺ޲z¤u§@¡G

²£¥Í¦ÛñÃÒ®Ñ
²£¥ÍÃÒ®Ññ¸p­n¨D (CSR)
·s¼W®Ú CA ÃÒ®Ñ
¦w¸Ë¨Ó¦Û CA ªºÃÒ®Ñ
§R°£ÃÒ®Ñ
­×§ïÃҮѪº«H¥ôÄÝ©Ê
¦C¥Ü®Ú CA ÃÒ®Ñ
¦C¥Ü©Ò¦³ÃÒ®Ñ
¦C¦LÃÒ®Ñ

---

²£¥Í¦ÛñÃÒ®Ñ

±z»Ý­n¬°¨C­Ó¦øªA¾¹©M¹h¹D¤¸¥ó¤§¶¡ªº SSL ³q°T²£¥ÍÃҮѡC

   ¦w¸Ë¤§«á­Y­n²£¥Í¦ÛñÃÒ®Ñ

¥H root ¨­¥÷¡A¦b±z·Q­n²£¥ÍÃҮѪº¹h¹D¾÷¾¹¤W°õ¦æ certadmin µ{§ÇÀÉ¡G

portal-server-install-root/SUNWps/bin/certadmin -n gateway-profile-name

¨t²Î«K·|Åã¥ÜÃҮѺ޲z¥\¯àªí¡C

1) ²£¥Í¦ÛñÃÒ®Ñ 2) ²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) 3) ¥[¤J Root CA ÃÒ®Ñ 4) ¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃÒ®Ñ 5) §R°£ÃÒ®Ñ 6) ­×§ïÃҮѪº«H¥ôÄÝ©Ê (¨Ò¦p PDC ªº«H¥ôÄÝ©Ê) 7) ¦C¥Ü Root CA ÃÒ®Ñ 8) ¦C¥Ü©Ò¦³ÃÒ®Ñ 9) ¦C¦LÃҮѤº®e 10) °h¥X ¿ï¾Ü¡G [10] 1

¦bÃҮѺ޲z¥\¯àªí¤W¿ï¾Ü¿ï¶µ 1¡C

ÃҮѺ޲zµ{§ÇÀÉ·|¸ß°Ý±z¬O§_·Q­n«O¯d²{¦³ªº¸ê®Æ®wÀɮסC

½Ð¿é¤J²Õ´¯S©wªº¸ê°T¡B°O¸¹¦WºÙ©MÃҮѦWºÙ¡C

³Æµù	Ãö©ó¸U¥Î¦r¤¸ÃҮѡA½Ð¦b¥D¾÷ªº§¹¥þ¦X®æªº DNS ¦WºÙ¤¤«ü©w¤@­Ó * ¸¹¡C¨Ò¦p¡A¦pªG¥D¾÷ªº§¹¥þ¦X®æ DNS ¦WºÙ¬° abc.sesta.com¡A½Ð«ü©w¬° *.sesta.com¡C²£¥ÍªºÃҮѲ{¦b¹ï©ó sesta.com ºô°ì¤¤ªº©Ò¦³¥D¾÷¦WºÙ¦Ó¨¥¡A³£¦³®Ä¡C

¦¹¥D¾÷ªº§¹¾ã­­©w DNS ¦WºÙ¬O¤°»ò¡H[host_name.domain_name] ±zªºªÀ¹Î²Õ´¦WºÙ¡]¦p¡G¤½¥q¡^¬O¤°»ò¡H[] ±zªº²Õ´³æ¦ì¦WºÙ¡]¦p¡G³¡ªù¡^¬O¤°»ò¡H[] ±z©Ò¦bªº«°¥«©Î¦a°Ïªº¦WºÙ¬O¤°»ò¡H [] ±z©Ò¦bªº¦{©Î¬Ù¥÷¦WºÙ¡]½Ð¤Å¨Ï¥ÎÁY¼g¡^¬O¤°»ò¡H [] ¦¹³æ¦ìªºÂù¦r¥À°ê½X¬O¤°»ò¡H [] ¶È·í±z¤£¨Ï¥Î¹w³]ªº¤º³¡¡]³nÅé¡^¥[±K¼Ò²Õ®É¤~»Ý­n¨Ï¥Î°O¸¹¦WºÙ¡A¨Ò¦p¡A¦pªG±z·Q­n¨Ï¥Î ±K½X¥d®É (°O¸¹¦WºÙ¥i¥H¨Ï¥Î modutil -dbdir /etc/opt/SUNWps/cert/gateway-profile-name –list ¦C¥Ü)¡F§_«h¡A½Ð«ö¤@¤U¤U ¦Cªº¡u¶Ç¦^¡vÁä¡C ½Ð¿é¤J°O¸¹¦WºÙ¡C [] ¬°¦¹ÃҮѿé¤J·Q¨Ï¥Îªº¦WºÙ¡H ½Ð¿é¤JÃҮѪº¦³®Ä´Á¶¡ (¥H¤ë­p) [6] A self-signed certificate is generated and the prompt returns. (¦Ûñ ÃҮѱN·|²£¥Í¨Ã¶Ç¦^´£¥Ü¡C)

°O¸¹¦WºÙ (¹w³]ªÅ¥Õ) ©MÃҮѦWºÙÀx¦s©ó .nickname Àɮפ¤¡A¸ô®|¬O /etc/opt/SUNWps/certgateway-profile-name¡C

­«·s±Ò°ÊÃҮѹh¹D¤~·|¥Í®Ä¡G

gateway-install-root/SUNWps/bin/gateway -n new gateway-profile-name start

---

²£¥ÍÃÒ®Ññ¸p­n¨D (CSR)

¥i¥H±q CA ­q¨îÃҮѤ§«e¡A±z»Ý­n²£¥Í¥]§t CA ©Ò»Ý­n¸ê°TªºÃÒ®Ññ¸p­n¨D¡C

   ­Y­n²£¥Í CSR

¥H¶W¯Å¨Ï¥ÎªÌ¨­¥÷°õ¦æ certadmin µ{§ÇÀÉ¡G

portal-server-install-root/SUNWps/bin/certadmin -n gateway-profile-name

¨t²Î«K·|Åã¥ÜÃҮѺ޲z¥\¯àªí¡C

1) ²£¥Í¦ÛñÃÒ®Ñ 2) ²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) 3) ¥[¤J Root CA ÃÒ®Ñ 4) ¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃÒ®Ñ 5) §R°£ÃÒ®Ñ 6) ­×§ïÃҮѪº«H¥ôÄÝ©Ê (¨Ò¦p PDC ªº«H¥ôÄÝ©Ê) 7) ¦C¥Ü Root CA ÃÒ®Ñ 8) ¦C¥Ü©Ò¦³ÃÒ®Ñ 9) ¦C¦LÃҮѤº®e 10) °h¥X ¿ï¾Ü¡G [10] 2

¦bÃҮѺ޲z¥\¯àªí¤W¿ï¾Ü¿ï¶µ 2¡C

µ{§ÇÀÉ´£¥Ü±z¿é¤J²Õ´¯S©wªº¸ê°T¡B°O¸¹¦WºÙ©Mºô¸ôºÞ²z­û¹q¤l¶l¥ó¤Î¹q¸Ü¸¹½X¡C

½Ð«ü©w¥D¾÷ªº§¹¾ã¦X®æ DNS ¦WºÙ¡C

¦¹¥D¾÷ªº§¹¾ã­­©w DNS ¦WºÙ¬O¤°»ò¡H[snape.sesta.com] ±zªºªÀ¹Î²Õ´¦WºÙ¡]¦p¡G¤½¥q¡^¬O¤°»ò¡H[] ±zªº²Õ´³æ¦ì¦WºÙ¡]¦p¡G³¡ªù¡^¬O¤°»ò¡H[] ±z©Ò¦bªº«°¥«©Î¦a°Ïªº¦WºÙ¬O¤°»ò¡H [] ±z©Ò¦bªº¦{©Î¬Ù¥÷¦WºÙ¡]½Ð¤Å¨Ï¥ÎÁY¼g¡^¬O¤°»ò¡H [] ¦¹³æ¦ìªºÂù¦r¥À°ê½X¬O¤°»ò¡H [] ¶È·í±z¤£¨Ï¥Î¹w³]ªº¤º³¡¡]³nÅé¡^¥[±K¼Ò²Õ®É¤~»Ý­n¨Ï¥Î°O¸¹¦WºÙ¡A¨Ò¦p¡A¦pªG±z·Q­n¨Ï¥Î±K ½X¥d®É (°O¸¹¦WºÙ¥i¥H¨Ï¥Î modutil -dbdir /etc/opt/SUNWps/cert -list ¦C¥Ü)¡F §_«h¡A½Ð«ö¤@¤U¤U¦Cªº¡u¶Ç¦^¡vÁä¡C ½Ð¿é¤J°O¸¹¦WºÙ [] ²{¦b½Ð¿é¤J¥»¾÷¾¹¡]±N¬°¨äÃҮѪº¾÷¾¹¡^ºô¯¸ºÞ²z­ûªº³¡¥÷Ápµ¸¸ê°T¡C ¦¹¦øªA¾¹ºÞ²z­û/ºô¯¸ºÞ²z­ûªº¹q¤l¶l¥ó¦ì§}¬O¤°»ò¡H[] ¦¹¦øªA¾¹ºÞ²z­û/ºô¯¸ºÞ²z­ûªº¹q¸Ü¸¹½X¬O¤°»ò¡H []

¿é¤J©Ò¦³»Ý­nªº¸ê°T¡C

³Æµù	½Ð°È¥²¶ñ¼gºô¸ôºÞ²z­û¹q¤l¶l¥ó©M¹q¸Ü¸¹½X¡C¬°¤FÀò±o¦³®Äªº CSR¡A¥²¶·¶ñ¼g³o¨â¶µ¸ê°T¡C

CSR ·|²£¥Í¨ÃÀx¦s©ó portal-server-install-root/SUNWps/bin/csr.hostname.datetimestamp Àɮפ¤¡CCSR ¦P®É·|¦C¦L©ó¿Ã¹õ¤W¡C·í±z±q CA ­q¨îÃҮѮɡA¥i¥Hª½±µ½Æ»s¨Ã¶K¤W CSR

---

·s¼W®Ú CA ÃÒ®Ñ

­Y¥Î¤áºÝ¯¸¥x´£¥æªºªºÃҮѥѹh¹DÃҮѸê®Æ®w¤¤¤£¥]§tªº CA ©Òñ¸p¡A«h SSL °T¸¹¥æ´«¼Ò¦¡±N·|¥¢±Ñ¡C

­Y­nÁקK³oºØ±¡ªp¡A±z»Ý­n·s¼W®Ú CA ÃҮѨìÃҮѸê®Æ®w¡C³o¶µ°Ê§@¥i¥H½T«O CA Åܦ¨¹h¹D©Òª¾ªº CA¡C

ÂsÄý¦Ü CA ªººô¯¸¨ÃÀò±o¦¹ CA ªº®ÚÃҮѡC·í±z¨Ï¥Î certadmin µ{§ÇÀɮɡA½Ð«ü©w®Ú CA ÃҮѪºÀɮצWºÙ©M¸ô®|¡C

   ­Y­n·s¼W®Ú CA ÃÒ®Ñ

¥H¶W¯Å¨Ï¥ÎªÌ¨­¥÷°õ¦æ certadmin µ{§ÇÀÉ¡C

portal-server-install-root/SUNWps/bin/certadmin -n gateway-profile-name

¨t²Î«K·|Åã¥ÜÃҮѺ޲z¥\¯àªí¡C

1) ²£¥Í¦ÛñÃÒ®Ñ 2) ²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) 3) ¥[¤J Root CA ÃÒ®Ñ 4) ¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃÒ®Ñ 5) §R°£ÃÒ®Ñ 6) ­×§ïÃҮѪº«H¥ôÄÝ©Ê (¨Ò¦p PDC ªº«H¥ôÄÝ©Ê) 7) ¦C¥Ü Root CA ÃÒ®Ñ 8) ¦C¥Ü©Ò¦³ÃÒ®Ñ 9) ¦C¦LÃҮѤº®e 10) °h¥X ¿ï¾Ü¡G [10] 3

¦bÃҮѺ޲z¥\¯àªí¤W¿ï¾Ü¿ï¶µ 3¡C
¿é¤J¥]§t®ÚÃҮѪºÀɮצWºÙ¨Ã¿é¤JÃҮѦWºÙ¡C

®Ú CA ÃҮѱN·|·s¼W¦ÜÃҮѸê®Æ®w¡C

---

¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºcªº SSL ÃÒ®Ñ

Secure Remote Access ¹h¹D¤¸¥ó¦w¸Ë´Á¶¡¡A¨Ì¹w³]¨t²Î·|«Ø¥ß¦ÛñÃҮѨæw¸Ë¡C¦b¦w¸Ë¤§«áªº¥ô¦ó®É¶¡¡A±z³£¥i¥H¦w¸Ë¥Ñ¨ÑÀ³°Ó©Î¥Ñ±z¤½¥qªº CA ´£¨Ññ¸pªº SSL ÃҮѡA¨ä¤¤³o¨Ç¨ÑÀ³°Ó·|´£¨Ñ¥¿¦¡ªº»{ÃÒ¾÷ºc (CA) ªA°È¡C

³o¶µ¤u§@¥]§tªº¤T­Ó¨BÆJ¬°¡G

²£¥ÍÃÒ®Ññ¸p­n¨D (CSR)
±q CA ­q¨îÃÒ®Ñ
¦w¸Ë¨Ó¦Û CA ªºÃÒ®Ñ

±q CA ­q¨îÃÒ®Ñ

²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) ¤§«á¡A±z»Ý­n¨Ï¥Î CSR ±q CA ­q¨îÃҮѡC

   ­Y­n±q CA ­q¨îÃÒ®Ñ

½Ð¦Ü»{ÃÒ¾÷ºcªººô¯¸¨Ã­q¨î±zªºÃҮѡC
´£¨Ñ CA ©Ò­n¨Dªº CSR¡C­Y CA ­n¨D½Ð´£¨Ñ¨ä¥L¸ê°T¡C

±z±N·|¦¬¨ì CA ñ¸pªºÃҮѡC½Ð±N¥¦Àx¦s¦bÀɮפ¤¡CÀɮפ¤ÃҮѤº®e«e«á½Ð¥]§t "BEGIN CERTIFICATE" ©M "END CERTIFICATE" ¨â¦æ¡C

¤U­±ªº½d¨Ò¬Ù²¤¤F¹ê»ÚªºÃҮѸê®Æ¡C

-----BEGIN CERTIFICATE----- The certificate contents (ÃҮѤº®e)... ----END CERTIFICATE-----

¦w¸Ë¨Ó¦Û CA ªºÃÒ®Ñ

¨Ï¥Î certadmin µ{§ÇÀÉ¡A±N±z±q CA Àò±oªºÃҮѦw¸Ë¦b¥»¾÷¸ê®Æ®wÀɮפ¤¡A¸ô®|¬O /etc/opt/SUNWps/certgateway-profile-name¡C

   ­Y­n¦w¸Ë¨Ó¦Û CA ªºÃÒ®Ñ

¥H¶W¯Å¨Ï¥ÎªÌ¨­¥÷°õ¦æ certadmin µ{§ÇÀÉ¡C

portal-server-install-root/SUNWps/bin/certadmin -n gateway-profile-name

¨t²Î«K·|Åã¥ÜÃҮѺ޲z¥\¯àªí¡C

1) ²£¥Í¦ÛñÃÒ®Ñ 2) ²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) 3) ¥[¤J Root CA ÃÒ®Ñ 4) ¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃÒ®Ñ 5) §R°£ÃÒ®Ñ 6) ­×§ïÃҮѪº«H¥ôÄÝ©Ê (¨Ò¦p PDC ªº«H¥ôÄÝ©Ê) 7) ¦C¥Ü Root CA ÃÒ®Ñ 8) ¦C¥Ü©Ò¦³ÃÒ®Ñ 9) ¦C¦LÃҮѤº®e 10) °h¥X ¿ï¾Ü¡G [10] 4

¦bÃҮѺ޲z¥\¯àªí¤W¿ï¾Ü¿ï¶µ 4¡C

µ{§ÇÀÉ·|Åý±z¿é¤JÃÒ®ÑÀɮצWºÙ¡BÃҮѦWºÙ©M°O¸¹¦WºÙ¡C

§t¦³¦¹ÃҮѪºÀɮצWºÙ¡]¥]¬A¸ô®|¡^¬O¤°»ò¡H ½Ð¿é¤J¬°¦¹ÃÒ®Ñ«Ø¥ß CSR ®É©Ò¥Îªº°O¸¹¦WºÙ¡C []

´£¨Ñ©Ò¦³»Ý­nªº¸ê°T¡C

ÃҮѱN¦w¸Ë©ó /etc/opt/SUNWps/certgateway-profile-name¡A¦Ó¥B¨t²Î·|¶Ç¦^¿Ã¹õ´£¥Ü¡C

­«·s±Ò°ÊÃҮѹh¹D¤~·|¥Í®Ä¡G

gateway-install-root/SUNWps/bin/gateway -n gateway-profile-name start

---

§R°£ÃÒ®Ñ

±z¥i¥H¨Ï¥ÎÃҮѺ޲zµ{§ÇÀɧR°£ÃҮѡC

   ­Y­n§R°£ÃÒ®Ñ

¥H¶W¯Å¨Ï¥ÎªÌ¨­¥÷°õ¦æ certadmin µ{§ÇÀÉ¡C

portal-server-install-root/SUNWps/bin/certadmin -n gateway-profile-name

¨ä¤¤ gateway-profile-name ¬O¹h¹D¹ê¨Òªº¦WºÙ¡C

¨t²Î«K·|Åã¥ÜÃҮѺ޲z¥\¯àªí¡C

1) ²£¥Í¦ÛñÃÒ®Ñ 2) ²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) 3) ¥[¤J Root CA ÃÒ®Ñ 4) ¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃÒ®Ñ 5) §R°£ÃÒ®Ñ 6) ­×§ïÃҮѪº«H¥ôÄÝ©Ê (¨Ò¦p PDC ªº«H¥ôÄÝ©Ê) 7) ¦C¥Ü Root CA ÃÒ®Ñ 8) ¦C¥Ü©Ò¦³ÃÒ®Ñ 9) ¦C¦LÃҮѤº®e 10) °h¥X ¿ï¾Ü¡G [10] 5

¦bÃҮѺ޲z¥\¯àªí¤W¿ï¾Ü¿ï¶µ 5¡C
¿é¤J­n§R°£ªºÃҮѦWºÙ¡C

---

­×§ïÃҮѪº«H¥ôÄÝ©Ê

­Y¥Î¤áºÝ»{ÃÒ»P¹h¹D¤@°_¨Ï¥Î¡AÃҮѫH¥ôÄÝ©Ê«h»Ý­n­×§ï¡C¨ä¤¤¤@­Ó¥Î¤áºÝ»{ÃÒ½d¨Ò¬° PDC (­Ó¤H¼Æ¦ìÃÒ®Ñ)¡C®Öµo PDC ªº CA ¥²¶·¨ü¹h¹D©Ò«H¥ô¡A¨ä¤¤ CA ÃҮѪº SSL ¼Ð°O¥²¶·¬° "T"¡C

­Y¹h¹D¤¸¥ó³]¬°»P HTTPS ¯¸¥x³q°T¡AHTTPS ¯¸¥x¦øªA¾¹ÃҮѪº CA ¥²¶·¨ü¹h¹D©Ò«H¥ô¡A¦Ó¥B CA ÃҮѪº SSL ¼Ð°O ¥²¶·¬° "C"¡C

   ­Y­n­×§ïÃҮѪº«H¥ôÄÝ©Ê

¥H¶W¯Å¨Ï¥ÎªÌ¨­¥÷°õ¦æ certadmin µ{§ÇÀÉ¡C

gateway-install-root/SUNWps/bin/certadmin -n gateway-profile-name

¨ä¤¤ gateway-profile-name ¬O¹h¹D¹ê¨Òªº¦WºÙ¡C

¨t²Î«K·|Åã¥ÜÃҮѺ޲z¥\¯àªí¡C

1) ²£¥Í¦ÛñÃÒ®Ñ 2) ²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) 3) ¥[¤J Root CA ÃÒ®Ñ 4) ¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃÒ®Ñ 5) §R°£ÃÒ®Ñ 6) ­×§ïÃҮѪº«H¥ôÄÝ©Ê (¨Ò¦p PDC ªº«H¥ôÄÝ©Ê) 7) ¦C¥Ü Root CA ÃÒ®Ñ 8) ¦C¥Ü©Ò¦³ÃÒ®Ñ 9) ¦C¦LÃҮѤº®e 10) °h¥X ¿ï¾Ü¡G [10] 6

¦bÃҮѺ޲z¥\¯àªí¤W¿ï¾Ü¿ï¶µ 6¡C
¿é¤JÃҮѪº¦WºÙ¡C¨Ò¦p¡GThawte Personal Freemail C¡C

½Ð¿é¤JÃҮѪº¦WºÙ¡H Thawte Personal Freemail CA

¿é¤JÃҮѪº«H¥ôÄÝ©Ê¡C

½Ð¿é¤J±ý¨ÏÃҮѨã³Æªº«H¥ôÄÝ©Ê [CT,CT,CT]

¨t²Î±N·|ÅܧóÃҮѫH¥ôÄÝ©Ê¡C

---

¦C¥Ü®Ú CA ÃÒ®Ñ

±z¥i¥H¨Ï¥ÎÃҮѺ޲zµ{§ÇÀÉÀ˵ø©Ò¦³®Ú CA ÃҮѡC

   ­Y­nÀ˵ø®Ú CA ²M³æ

¥H¶W¯Å¨Ï¥ÎªÌ¨­¥÷°õ¦æ certadmin µ{§ÇÀÉ¡C

portal-server-install-root/SUNWps/bin/certadmin -n gateway-profile-name

¨ä¤¤ gateway-profile-name ¬O¹h¹D¹ê¨Òªº¦WºÙ¡C

¨t²Î«K·|Åã¥ÜÃҮѺ޲z¥\¯àªí¡C

1) ²£¥Í¦ÛñÃÒ®Ñ 2) ²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) 3) ¥[¤J Root CA ÃÒ®Ñ 4) ¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃÒ®Ñ 5) §R°£ÃÒ®Ñ 6) ­×§ïÃҮѪº«H¥ôÄÝ©Ê (¨Ò¦p PDC ªº«H¥ôÄÝ©Ê) 7) ¦C¥Ü Root CA ÃÒ®Ñ 8) ¦C¥Ü©Ò¦³ÃÒ®Ñ 9) ¦C¦LÃҮѤº®e 10) °h¥X ¿ï¾Ü¡G [10] 7

¦bÃҮѺ޲z¥\¯àªí¤W¿ï¾Ü¿ï¶µ 7¡C

¨t²Î·|Åã¥Ü©Ò¦³®Ú CA ÃҮѡC

---

¦C¥Ü©Ò¦³ÃÒ®Ñ

±z¥i¥H¨Ï¥ÎÃҮѺ޲zµ{§ÇÀÉÀ˵ø©Ò¦³ÃҮѤΨä¹ïÀ³ªº«H¥ôÄÝ©Ê¡C

   ­Y­n¦C¥Ü©Ò¦³ÃÒ®Ñ

¥H¶W¯Å¨Ï¥ÎªÌ¨­¥÷°õ¦æ certadmin µ{§ÇÀÉ¡C

portal-server-install-root/SUNWps/bin/certadmin -n gateway-profile-name

¨ä¤¤ gateway-profile-name ¬O¹h¹D¹ê¨Òªº¦WºÙ¡C

¨t²Î«K·|Åã¥ÜÃҮѺ޲z¥\¯àªí¡C

1) ²£¥Í¦ÛñÃÒ®Ñ 2) ²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) 3) ¥[¤J Root CA ÃÒ®Ñ 4) ¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃÒ®Ñ 5) §R°£ÃÒ®Ñ 6) ­×§ïÃҮѪº«H¥ôÄÝ©Ê (¨Ò¦p PDC ªº«H¥ôÄÝ©Ê) 7) ¦C¥Ü Root CA ÃÒ®Ñ 8) ¦C¥Ü©Ò¦³ÃÒ®Ñ 9) ¦C¦LÃҮѤº®e 10) °h¥X ¿ï¾Ü¡G [10] 8

¦bÃҮѺ޲z¥\¯àªí¤W¿ï¾Ü¿ï¶µ 8¡C

¨t²Î·|Åã¥Ü©Ò¦³ CA ÃҮѡC

---

¦C¦LÃÒ®Ñ

±z¥i¥H¨Ï¥ÎÃҮѺ޲zµ{§ÇÀɦC¦LÃҮѡC

   ­Y­n¦C¦LÃÒ®Ñ

¥H¶W¯Å¨Ï¥ÎªÌ¨­¥÷°õ¦æ certadmin µ{§ÇÀÉ¡C

portal-server-install-root/SUNWps/bin/certadmin -n gateway-profile-name

¨ä¤¤ gateway-profile-name ¬O¹h¹D¹ê¨Òªº¦WºÙ¡C

¨t²Î«K·|Åã¥ÜÃҮѺ޲z¥\¯àªí¡C

1) ²£¥Í¦ÛñÃÒ®Ñ 2) ²£¥ÍÃÒ®Ññ¸p­n¨D (CSR) 3) ¥[¤J Root CA ÃÒ®Ñ 4) ¦w¸Ë¨Ó¦Û»{ÃÒ¾÷ºc (CA) ªºÃÒ®Ñ 5) §R°£ÃÒ®Ñ 6) ­×§ïÃҮѪº«H¥ôÄÝ©Ê (¨Ò¦p PDC ªº«H¥ôÄÝ©Ê) 7) ¦C¥Ü Root CA ÃÒ®Ñ 8) ¦C¥Ü©Ò¦³ÃÒ®Ñ 9) ¦C¦LÃҮѤº®e 10) °h¥X ¿ï¾Ü¡G [10] 9

¦bÃҮѺ޲z¥\¯àªí¤W¿ï¾Ü¿ï¶µ 9¡C
¿é¤JÃҮѪº¦WºÙ¡C

¤W¤@­¶      ¥Ø¿ý      ¯Á¤Þ      ¤U¤@­¶

---

Copyright 2003 Sun Microsystems, Inc. «O¯d©Ò¦³Åv§Q¡C