Sun Java logo     �W�@��      �ؿ�      �d�      �U�@��     

Sun logo
Sun Java System Portal Server 6 2005Q1 �޲z��n 

�� 4 ��
�]�w Portal Server �H�ϥΦw�����~�� LDAP �ؿ��A��

�b�w�]�w�ˤ��ASun Java™ System Portal Server�BSun Java™ System Access Manager �M Sun Java™ System Directory Server �n�鳣�O�b�ۦP�D��W���C�M�ӡA�ھڳ��p���į�B�w���ʻP��X�ݨD�A�z�i�H�b�W�ߡB�~�����D��W���ؿ��A���A�èϥΦw���M���h (SSL) �b�w���s���W�� Portal Server �s��ؿ�C���F�z�L�w���s�u�s�� Directory Server�ASun Java™ System Web Server �� Sun Java™ System Application Server �����t�m���H��ñ�p�ؿ���Ҫ��{�Ҿ�c�C

�]�w Sun Java System Portal Server �H�ϥΥ~�� LDAP �ؿ�A�ݭn���U�C�{�ǡG

�Y�n�t�m Directory Server �H�b SSL �U���

  1. ���� Directory Server (ns-slapd �{��) �P�޲z��A�� (ns-httpd �{��) �O�_�w�ҰʻP���C
  2. �H�W�ŨϥΪ̪�����A�b�׺ݾ��Ұʥؿ��A���D���x�A��k�O��J�G

    3. /var/opt/mps/serverroot/startconsole

  3. �b��ܪ��n�J���A��J admin �@�� Directory Server ���ϥΪ̦W�ٻPpassphrase�C
  4. �b�D���x�������椤�A�i�}�ؿ��b [��A���s��] �U�ݨ� Directory Server ��ҡC
  5. ��� Directory Server ��Ҩë�@�U [�}��]�C
  6. ��� [�@�~] ������ [�޲z����]�C

    7. �Ĥ@�����o�ӥ�ȮɡA�t�η|�n�D�z��J�K�X�H�إ߾��Ҹ�Ʈw�C�O��o�ӱK�X�A�]������|�ݭn�o�ӱK�X�Ұ� Directory Server�C

  7. ��@�U [�ШD]�C

    8. �|�X�{ [���ҽШD���F]�C��Ӻ��F����ܨç����o�ǨB�J�H���;��ҽШD�C�ШD�|�ǰe�� [���Һ޲z��A�� (CMS)] �H��o�\�i�CCMS �|�Ǧ^�u�������ҡC�x�s���ҽШD�ƥ��A��k�O�N�ШD��ƽƻs���ɮסC

  8. �b���ҽШD�ǰe�� CMS ����ACMS �޲z��|�{�i�ШD�ñN�w�{�i�����ҶǦ^�C
  9. ��o�w���ͪ� DS ���һP CMS ���ҡC

    10. �]�� CMS �|�� DS ���;��ҡA�ҥH CMS �]�����Q�H��A��k�O�N����ҧ@���� CA �פJ�C

  10. ��� [�޲z����]�B[��A������]�A�M���@�U [�w��]�C

    11. �|�X�{ [���Ҧw�˽ШD���F]�C

  11. �N�w�\�i�����Ҹ�Ʊq�B�J 8 �ƻs�öK�W�ܤ�r�ϰ�ÿ�u���F��ܪ��B�J�H�w�˾��ҡC

    12. ���\�w�˾��Ҥ���A���ҷ|�H�Ӷ�������ܩ� [��A������] ���ҤW�C

  12. �}�� [�޲z����] ��A��� [CA ����] ���ҡC

    13. �p�G�z�b�B�J 9 ���q����o���Ҫ� CA �i�H�b CA ���ҲM�椤���A�z�N���ݭn�b�ӲM�椤�w�˾��ҡC

    �p�G���Ҩå��b�M�椤�A�z�ݭn�z�L�z���{�Ҿ�c��o�� CA ���Ҩå[�H�w�ˡC

    1. ��@�U [�w��]�C
    2. �N CMS ���Ҹ�ƽƻs�öK�W�ܤ�r�ϰ�ÿ�u���F��ܪ��B�J�H�w�˾��ҡC

      3. ���ҦW��3�ӷ|�X�{�b CA ���ҲM�椤�C

  13. ��@�U [��] �H�� [�޲z����] ��C
  14. ��� [�պA�]�w] ���ҡC
  15. ��@�U [�[�K] ���ҡA�֨� [���o�Ӧ�A���ҥ� SSL] �P [�ϥαK�X�t�C�GRSA] �֨���A�ë�@�U [�x�s]�C
  16. �b [���] ���Ҥ�����άO�b [�[�K�s����] ��줤��w���Ī��s����s���A�ë�@�U [�x�s]�C

    17. �w�]�s���� 636�C

  17. ���s�Ұ� Directory Server �ô��Ѧb�B�J 6 ����J�����Ҹ�Ʈw�K�X�C

    18. �z���ؿ�{�b����ť�� SSL �s���� 636 �s���� (�w�])�C

�Y�n�إ߫H���Ʈw

�إ߫H���Ʈw�ɡA�z�n��w�N�Ω�K�_���ɮת��K�X�C�z�]�ݭn���K�X�Ұʦ�A���A��k�O�ϥΥ[�K���q�T�C

�z�إ߻P�x�s���}�P�p�H�K�_�����Ҹ�Ʈw�٬��K�_���ɮסC�K�_���ɮ׷|�Ω� SSL �[�K�C��ШD�P�w�˦�A�����Үɷ|�ϥαK�_���ɮסC�b�w�˫���ҷ|�x�s�b���Ҹ�Ʈw���C

�إ߾��Ҹ�Ʈw���{�Ƿ|�ھڨϥΪ� Web �e�������өw�C�U�C�O�b Sun Java System Application Server �W�إ߾��Ҹ�Ʈw����ܡC�z�]�i�H�b http://docs.sun.com �W���uSun Java System Application Server Administration Guide to Security�v�������C

����b Sun Java System Web Server �إ߾��Ҹ�Ʈw������A�i�H�b http://docs.sun.com ���uSun Java system Web Server, Enterprise Edition Administration Guide�v���C

����b Sun Java System Application Server �إ߾��Ҹ�Ʈw������A�Цb�޲z���������U�C�B�J�G

  1. �нT�w Application Server ��Ҥw�g�ҰʡC
  2. �s�� App Server ��Ҩÿ���A����ҡC
  3. �s��w���ʡC
  4. ��@�U [�޲z��Ʈw]�C
  5. ��@�U [�إ߸�Ʈw] �s���C

    6. �N�|��� [��l�ƫH���Ʈw] ���C

  6. ��J��Ʈw���K�X�C
  7. ���ƱK�X
  8. ��@�U [�T�w]�C
  9. �b�����椤�s�� App Server ��һP��A����ҡA�M���@�U [�M���ܧ�]�C
  10. ����í��s�Ұʦ�A���ϤW�z�ܧ�ͮġC

�ϥ� password.conf �ɮ�

�p�G�z�Ʊ� SSL/TLS �ҥΪ� Sun Java System Application Server �b�w�� SSL �t�m�ɯ��۰ʭ��s�ҰʡA�z�i�H�N�H���Ʈw�K�X�x�s�b password.conf �ɮפ��C

�Ƶ�

�T�w�z���t�Τw��o�R�+O�@�A�p���o���ɮשM�K�_��Ʈw�~���|�Q���|�C

���� password.conf �ɮת��i�@�B��T�A�i�H�b�uSun Java System Application Server Administrator's Configuration File Reference�v�����uUsing the password.conf File�v�����C

�@��Ө��A�z����ϥ� /etc/rc.local �� /etc/inittab �ɮױҰʤw�ҥ� Unix SSL ����A���A�]����A���b�Ұʤ��e�ݭn��J�K�X�C��M�p�G�z�N�K�X�O�s�b�@�ӯ¤�r�ɤ��A�N�i�H�۰ʱҰʤw�ҥΪ� SSL ��A���A��M����ij�z�ϥγo�Ӥ�k�C��A���� password.conf �ɮ�3�Ӷ��ݩ�کΦw�˦�A�����ϥΪ̡A�u���Ҧ��H�~�i�H�i��Ū��P�g�J�C�b Unix �W�A�b password.conf �ɮפ��O�d�w�ҥ� SSL ��A�����K�X���ܤj���w�����I�C�i�H�s���ɮת����H���㦳�i�s��w�ҥ� SSL ��A�����K�X�C�b password.conf �ɮפ��O�s�w�ҥ� SSL ��A�����K�X���e�A�ЦҼ{�w�����I�C

�w�ˮڻ{�Ҿ�c (CA) ����

�w�ˮ� CA ���Ҫ��{�Ƿ|�ھڨϥΪ� Web �e�������өw�C

�U�C�{�ǻ���p��b Sun Java System Application Server �W�w�ˮ� CA�C�z�]�i�H�b http://docs.sun.com �W���uSun Java System Application Server Administration Guide to Security�v���������C

����b Sun Java System Web Server �w�ˮ� CA ������A�i�H�b http://docs.sun.com �����uSun Java System Web Server, Enterprise Edition Administration Guide�v���C

���Ѿ��Ҫ��ӷ��P�z��o�� CA ���Ҫ��ӷ��ۦP�C

�Y�n�q CA �w�˾��ҡA�Цb�޲z���������U�C�B�J�G

  1. �b�����椤�s�� App Server ��Ҩÿ���A����ҡC
  2. �s��w���ʡC
  3. ��� [�޲z����]�C
  4. ��@�U [�w��] �s���C

    5. �N�|��� [�w�˦�A������]�C

  5. �� CA �����ҿ�ܥi�H��{�Ҿ�c (CA)�A�ӱz�|����{�Ҿ�c�@���Τ�ݻ{�Ҫ���H�� CA�C
  6. �бq�U�Ԧ��M�椤���[�K�ҲաC
  7. ��J�K�_���ɮת��K�X�C
  8. �p�G���ҬO����A����ҨϥΪ��ߤ@���ҡA�бN�������W�٫O�d�ťաA���D�G
    • ���&�A���N�ϥΦh�Ӿ��ҡC�p�G�O�o�ر��p�A�п�J�b��A����Ҥ��ߤ@�����ҦW�١C
    • �ϥΤF�P�������P���[�K�ҲաC�p�G�O�o�ر��p�A�п�J�b��@�[�K�Ҳժ��Ҧ���A����Ҥ��ߤ@�����ҦW�١C

      • �p�G�w�g��J�W�١A�ӦW�ٱN�|��ܦb [�޲z����] �M�椤�A�ӥB��y�z�ʡC�Ҧp�AUnited States Postal Service CA �O CA ���W�١F�� VeriSign Class 2 Primary CA �h�P�ɴy�z CA �M���������C

      �Ƶ�

      �p�G�S����J���ҦW�١A�h�|�M�ιw�]�ȡC

  9. ��ܤ@�ءG
    • �T���b���ɮפ��C�p�G�O�o�ر��p�A�п�J�w�x�s�q�l�l�󪺧����|�W�١C
    • �T����r (�t���Y)�C�b�o�ر��p�U�A�жK�W�q�l�l���r�C�p�G�z�ƻs�öK�W��r�A�нT�w�w�]�A���Y Begin Certificate �P End Certificate�A�䤤�]�A�}�l�P����s�r���C
  10. ��@�U [�T�w]�C
  11. ��� [�s�W����] �H�w�˷s�����ҡC
  12. �b�����椤�s�� App Server ��һP��A����ҡA�M���@�U [�M���ܧ�]�C
  13. ����í��s�Ұʦ�A���ϤW�z�ܧ�ͮġC���ҷ|�x�s�b��A�������Ҹ�Ʈw���C�ɮצW�ٱN�|�O cert8.db�C

�Y�n�ҥ� Access Manager �H�K�Q�� SSL �P Directory Server �q�T

�Y�n�� Directory Server �ҥ� SSL�A�нs�� /etc/opt/SUNWam/config/AMConfig.properties �ɮסC���B�J�P�e���L��A�ӥB Sun Java System Web Server �H�� Sun Java System Application Server ��������榹�B�J�C

�NAMConfig.properties �ɮת��U�C�]�w�q�G

 

com.iplanet.am.directory.ssl.enabled=false

com.iplanet.am.directory.host=server12.example.com (if it needs to be changed)

com.iplanet.am.directory.port=389

�ܬ�

 

com.iplanet.am.directory.ssl.enabled=true

com.iplanet.am.directory.host=server1.example.com

com.iplanet.am.directory.port=636 (port on which DS uses encryption)

�b AccessManager-base/SUNWam/config/ums/serverconfig.xml �ɮפ��ܧ�s�u�s����P�s�u�����ȡA�N���}�Ҧ��ܧ� SSL�C

�s�� serverconfig.XML �ɮרñN�U�C�U��q�G

 

<Server name="Server1" host="gimli.example.com"

port="389"

type="SIMPLE" />

 

�ܬ��G

to

<Server name="Server1" host="gimli.example.com"

port="636"

type="SSL" />

�b������ serverconfig.xml �ɮשҰ����ܧ󤧫�A�Э��s�Ұ� Web �e���C



�W�@��      �ؿ�      �d�      �U�@��     

Copyright 2005 Sun Microsystems, Inc. ���v�Ҧ��C