Tivoli Public Key Infrastructure -...
82
Tivoli ® Public Key Infrastructure dC8O f> 3 "Pf 7.1 SB84-0415-00
Transcript of Tivoli Public Key Infrastructure -...
Tivoli ® Public Key InfrastructuredC8O
f> 3 "Pf 7.1 SB84-0415-00
Tivoli ® Public Key InfrastructuredC8O
f> 3 "Pf 7.1 SB84-0415-00
Tivoli Public Key Infrastructure dC8O
f(yw
Copyright © 1999, 2001 by Tivoli Systems Inc., an IBM Company, including this documentation and all software. All rights
reserved.vI@U Tivoli Systemsm~mI$-i9C,r_w* IBM M'-irmI$-iPX Tivoli z7D=<9
C#4- Tivoli SystemsBHifmI,{9TNNN=rNNVN(gSD"z5D"E'D"b'D"/'D"K$D
HH)T>iDNN?VxP4F"+%"*<"f"Zlw53Pr-kINNFczoT#Tivoli SystemsZhzFwv
)zT:9CD2=4rNNICFcz&mDD5DP^mI,0aG?vbyD4F7y&XP Tivoli +>Df(y
w#4- Tivoli SystemsBHifmI,;Zhf(PDd|({#>D5;G*zz<8D,"RGT0vK4,1Dy
!a)D,;PNNN=D#$#
rKT>D5;wNN#$yw,|(JzTMJCZ3X(C>D#$#
Lj
TBz7{FG Tivoli Systems Inc.rzJL5zw+>Z@zM/rd|zRrXxDLj:AIX"DB2"DB2"Universal
Database"IBM"RS/6000"SecureWay"Tivoli M WebSphere#
Tivoli PKI Lr(0Lr1)|(?V IBM WebSphere&CLr~qwM?V IBM HTTP Web ~qw(0IBM ~q
w1)#}G!CKLrDmI$sE\9C,qrz^(20r9C IBM ~qw#IBM ~qwMLrXk$tZ,;zw
P,z^(ZkLrVkDivB%@20r9C IBM ~qw#
Lr|(?V DB2 (C}]b#}G!CKLrM IBM WebSphere&CLr~qwDmI$sE\9C,"RLrM
IBM WebSphere&CLr~qwGCZ|GyzIr9CD}]Df"M\m,xGCZd|}]\m?D,qrz^(2
0M9Cb)i~#}g,KmI$;|(Sd|&CLr=}]bDCZi/r(mzIDk>,S#z;P(ZLry
ZD,;(zwO20M9Cb)i~#
Microsoft"Internet Explorer"Windows"Windows NTM WindowsUjG Microsoft CorporationDLjr"aLj#
UNIX GZ@zMd|zRrXxI The Open Group@Rd"D"aLj#
JavaMyPyZ JavaDLjrUjG Sun Microsystems,Inc.DLj#
PentiumG Intel CorporationZ@zMd|zRrXxD"aLj#
KLr|,4T RSA Date Security, Inc.D2+Tm~#Copyright © 1994 RSA Data Security, Inc. All
rights reserved.
KLr|,4T Hewlett-Packard Companyj<#eb(STL)m~#Copyright (c) 1994.
¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5CZNN?DP*bQZkmI,+0aGTOf(yw
XkvVZyP1>P,"Rf(ywMKmIyw<XkvVZ'VD5P#Hewlett-Packard Company;TNN?DT
Km~DJOT"mNN4(#Km~GT0vK4,1Dy!a)D,;=Pw>r,>D#$#
KLr|,4T Silicon Graphics Computer Systems, Inc.Dj<#eb(STL)m~#Copyright (c) 1996–1999#
¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5DP*bQZkmI,+0aGTOf(ywXkvVZ
yP1>P,"Rf(ywMKmIyw<XkvVZ'VD5P#Silicon Graphics;TNN?DTKm~DJOT"m
NN4(#Km~GT0vK4,1Dy!a)D,;=Pw>r,>D#$#
d|+>"z7M~q{FI\Gd|+>DLjr~qjG#
iiiTivoli PKI dC8O
yw
>vfoPya=D Tivoli Systemsr IBM z7"Lrr~q";5>b)z7"Lrr~q+ZyPP Tivoli Systems
r IBM LqDzRrXxPa)#NNTb)z7"Lrr~qD}C";5>v\9C Tivoli Systemsr IBM Dz
7"Lrr~q#;*;V8 Tivoli Systemsr IBM DP'*6z(rd|\(I#$D({,NN,H&\Dz7"L
rr~q,<ITC4zfya=Dz7"Lrr~q#Zkd|z7aO9C1,}KG)I Tivoli Systemsr IBM w
78(Dz7.b,d@@Mi$yIC'TP:p#
Tivoli Systemsr IBM I\Q5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhC'9Cb)({DNN
mI$#PXmI$i/DBK,C'ITk IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk,
New York 10504-1785, USAif*5#
>un;JCZ*OuzrNNbyDunk>X(I;;BDzRrXx#
zJL5zw+>T0vK4,1Dy!a)>vfo,;=PNNN=D(^[Gw>D9G,>D)#$,|((+;
^Z)TGV(T"JzTMJCZ3X(C>D,>#$#;)XxZ3);WP;JmEzw>r,>D#$#rK>
un2;;(JC#
>E"PI\|,P<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b)|D+|,ZBf>P#IBM IT
f1T>E"PhvDz7M/rLrxPDxM/r|D,x;mP(*#
>E"PTG IBM Web >cD}C<;G*K=cp{Ea)D,;TNN==P#TG) Web >cD#$#C Web
>cPDJO;G IBM z7JOD;?V,9CG) Web >cx4DgU+IzTPP##
iv f> 3 "Pf 7.1
?<
0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
>8ODA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
`XE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
>8O|,DZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .viii
>8OP9CD<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .viii
*5M''V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .viii
Tivoli PKI Web E". . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .viii
Z1B XZ Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Z2B Ev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Z3B gNYw? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
<8dC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
hC$w> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
U/dC}] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
dC53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
KP20r< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Z AIX OKP CfgStart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Z Windows NTOKP CfgStart. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
<kdC}] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
hC6L~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
9CVPD Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
|D PKI tTDitH6p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
mStTA PKI `. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
(}dk8( DN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
9C DN `-w. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
i4dC{" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
i$dC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
<8zz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
#$20r< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Z AIX O|D Directory mI(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
|D~qw\k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
`-dCD~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Z("a1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
8] Tivoli PKI 53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
CZ DN inTD Directory |D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
*B LDAP s:^D ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
(F"ar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
XBdC53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
vTivoli PKI dC8O
||
||
||
||
||
||
||
||
||
||
||
||
||
||
k Policy Director;p9C Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
6X Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
S AIX 6X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
S Windows NT6X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Z4B `XE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
sF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
O$PD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
DB2 }]b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Directory w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Root C' DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Directory \m1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
PKIX CMP ,S. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
"ar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
SSL ,S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Web ~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4758-&mw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Z5B N< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
t/!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
<k!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
CA MsF~qw!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
CA \?!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Directory ~qw!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Directory rootC'!n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Directory \m1!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
"ar!n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
+C Web ~qw!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
2+ Web ~qw!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
RA !n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
dC\a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
#fdC}] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
dC}L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
sjYwD|L8CYw. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
>XoT"bBn. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Jcm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
vi f> 3 "Pf 7.1
||
||
||
0T
>ihvKgN9C20r<*zD73dC Tivoli PKI#
>z7D"Pfv'V AIX =(#&1vSyPV[ Microsoft WindowsDDO#
>8ODA_>i*53\m1a)KdC Tivoli PKI DfrNqDE"#
>8ODC'&1$H_PZxg73P20MdCz7D-i#&1_8TBEnD`X*
6:
¶ 2~20MdC
¶ rXx(EM-i,XpG TCP/IPM2+WSVc(SSL)
¶ Web ~qw\m
¶ +C\?y!a9(PKI)<u,|( Directory#=,X.509 f> 3 j<Ma?6?<CJ
-i(LDAP)
¶ X5}]b53,XpG IBM DB2 (C}]b
`XE"Tivoli Web >ca)K Tivoli PKI z7D5DIF2D5q=(PDF)M HTML q=#;)v
foD HTML f>GMz7;p20D,"RIIC'gfCJ#
"bTvfovfs,z7PI\"zd/#XZnBDz7E",T0XZgNTz!qDo
TMq=TvfoxPCJ,kND6"P5w7#nBf>D6"P5w7IZ Tivoli Public
Key Infrastructure Web>cqC:
http://www.tivoli.com/support
Tivoli PKI b|,TBD5:
6hCkKP7
Kia)Kz7Ev#|a)Kz7Dhs,|(20}L,"a)gNCJ?vz7
i~ICD*zoz#Ki+Zr!skz7;pV"#
System Administration GuideKi|,XZ\m Tivoli PKI 53D;cE"#||,t/MXU~qw"|D\k"
\m~qwi~"4PsFT0KP}]j{TliH}L#
6dC8O7
Ki|,XZgN9C20r<4dC Tivoli PKI 53DE"#Zi4r<D*zoz
1,z\CJK8OD HTML f>#
6"aPD@f8O7
Ki|,XZgNZ$iP'ZZ9C RA @f4\m$i#Zi4@fD*zoz1,
z\CJK8OD HTML f>#
viiTivoli PKI dC8O
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6C'8O7
Ki|,XZgNqCM\m$iDE"#|a)K9C Tivoli PKI /@wGGm%4
ks"|BM7z$iD}LDE"#,12V[KgN$"af] PKIX $i#
Customization GuideKiT>KgN(F Tivoli PKI "a$_,T'VLq_TD"ak$w?j#}g,
zI'agN(F HTML M Java® Server Page"(*E"$iE*D~M_TvZ#
>8O|,DZ]>8O|,TBE":
¶ Z13D:XZ Tivoli PKI;r%hvK Tivoli PKI D&\MT\#
¶ Z33D:Ev;hvKgN9C>8O#
¶ Z53D:gNYw?;a)KfrNqDE",9z\dC Tivoli PKI#
¶ Z293D:`XE";xvKXZ Tivoli PKI &\D;cE"MXZXkdCDi~Dj8
E"#
¶ Z353D:N<;hvKKP Tivoli PKI 20r<1IT8(D5#
¶ Z453D:Jcm;(eK>iPI\GBDr;#CDuoMu4T0A_I\PK$D
uo#
>8OP9CD<(>8OTXbuoMYw9C;,DVM<(#b)<(_PTB,e:
<( ,e
VeV |n"X|V"j>Md|Xk9CDE",TVeVT>#
1eV Xka)Dd?MBuoT1eVT>#?wDJMLo2,yT>*1eV#
HmVe zk>}"dvM53{"THmVeT>#
*5M''Vg{9CNN Tivoli z71v='Q,<ITxk http://www.support.tivoli.com i4 Tivoli
Supportw3#4SA"a;M'"am%s,4ITZ Web OCJ\`M''V~q#
Z@z9CTBg0Ek*5M''V:Tivoli EkG 1–800–848–6548(1-800–TIVOLI8),IBM®
EkG 1–800–237–5511(&rKEks4 8 rXp 8)#b=vEk<a1S+zDg0*A
Tivoli M''Vg0PD#
RG.VVZ}=XZz9C Tivoli z7MD5D-i#RG6-zavDxb{#g{zPX
Z>D5Db{r(i,k"MgSJ~A:[email protected]#
Tivoli PKI Web E"Tivoli M IBM Tivoli M'ITR=XZNN Tivoli 2+Tz7M Tivoli PKI DZ_E"#
XZ T i v o l i P K I DnBz7|BM~qE"DX*E",kCJK W e b >c:
http://www.tivoli.com/support/secure_download_bridge.html
viii f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
||
||
|||
|
|
|
|
|
|
|
|
|
|
|
|
XZ Tivoli Public Key Infrastructurez7DE",kCJK Web >c:
http://www.tivoli.com/products/index/secureway_public_key/
XZd| Tivoli 2+\mz7DE",kCJK Web ;C:
http://www.tivoli.com/products/solutions/security/
ixTivoli PKI dC8O
|
|
|
|
x f> 3 "Pf 7.1
XZ Tivoli PKI
Tivoli Public Key Infrastructure(PKI)9&CLr\;O$C'"7#IED(E:
¶ |Jmi/@U|GD"aM$w_T4)"""<M\m}V$i#
¶ T X.509 f> 3(PKIX)D+2\?y!a9M+2}]2+a9(CDSA)S\j<D'
V<GK)&LD%YwT#
¶ }V)pM2+-ia)KZ;WPO$yPEeD=(#
¶ yZ/@wD"a\&a)KnsDinT#
¶ S\(EM"aE"D2+f"PzZ7#z\T#
Tivoli PKI 53IZ IBM AIX/6000 M Microsoft Windows NT~qw=(OKP#|,TBw
*&\:
¶ IEO$PD(CA)\m}V$iDP'Z#*7O$iDf5T,CA T}V==)p?;
])"D$i#,1,|2)p$i7zPm(CRL),T7#C$i;YP'#*Kx;
=#$d)p\?,zI9C2~S\,2F*2~2+T#i(HSM),g IBM 4758 PCI
Cryptographic Coprocessor#
¶ "aPD(RA)&mC'"aD\mNq#RA a)v)"'VLqn/D$i,Rv)"x
QZ(C'#\mNqI(}T/}LrK$v_==bv#
k CA `F,z2IT9C IBM 4758 PCI Cryptographic Coprocessor#$ RA D)p\?#
¶ yZ WebDGGgf9q!$idCO*]W,b)$iICZ/@w"~qwMd|?D,
gib(Cxg(VPN)h8"G\(M2+gSJ~H#
¶ yZ WebD\mgf,RA @f9QZ("a1\;K<r\xGGjk,"Z)"$is
\m$i#
¶ sFS53\*?vsFG<FcdE"i$zk(MAC)#g{sF}]Z4ksF}]
bs;^Dr>},MAC IozzlbkV_#
¶ _TvZML5wLTs(BPO)9&CLr*"_\;(F"a}L#
¶ *S\}fa)/I'V#*KO$(E,KD Tivoli PKI i~IC$'zID(C\?x
P)p#2+TTs,g\?M MAC,<;S\,"f"ZF* KeyStoreD\#$xrZ#
¶ * IBM Directory a)/I'V#DirectoryT{O LDAP Dq=f"XZP'MQ7{$i
DE"#
¶ * IBM WebSphere Application ServerM IBM HTTP Servera)/I'V#Web ~qwk
RA ~qw-,$w,TS\E""K<jkM*$ZDSU=*F$i#
¶ * IBM DB2 (C}]ba)/I'V#
1
1Tivoli PKI dC8O
|
|
|
|
|
1.XZ
Tivoli
PK
I
2 f> 3 "Pf 7.1
Ev
20 Tivoli PKI m~s,XkKP20r<*73dC53#}g,Xk8(;,~qwLr2
0D;C,T9|GITxP(E#
¶ !q:gNYw?;wbTKbkdC`XDNq,}ggN(e(P{F(DN)"gNi
$dC}LT0gNZz773P*"Pf<853#
¶ !q:`XE";wbTKbdC531h*mbDEn#}g,ITKb Tivoli PKI Gg
Nk Directory %`wCDrq!9C2~S\D8<#
¶ !q:N<;wbTKbKP20r<1ITrXk8(D5#
XZnBDz7E",kZ*<dC5304i6"P5w7#nBf>D6"P5w7IZ
Tivoli Public Key Infrastructure Web>cqC:
http://www.tivoli.com/support
2
3Tivoli PKI dC8O
2.Ev
4 f> 3 "Pf 7.1
gNYw?
>ZPDwbT>KgNdC Tivoli Public Key Infrastructure#dMNq|(TBwn:
¶ U/dC53yhDE"
¶ 9C(P{F`-w(e DN
¶ Z6LzwO20 Tivoli PKI ~qwLrM}]b
¶ +dC5/<kBD Tivoli PKI 53
¶ i$53Q}7dC
dC53Ts,k4ib)wbTozz9BD Tivoli PKI 53xkz7==#2IqC6Xz
7m~D=h#
<8dC*<dC Tivoli Public Key Infrastructure0,Xk7#Q}7hCK$w>CZKP20r<#
9h*U/XZ73DE",TcZZ20r<PITa)J1Dl&#
k4iTBwZPD8<T7#*<dC}LQ<8C#
hC$w>*5VnQT\,&1Z@"Z Tivoli PKI ~qwDzwOKP20r<#byvIoz7#K
P!&CLr1I9Cns?D53J4#
*KP20r<,h*TB$w>nMdC:
¶ TBomzwhC;
v Intel <Z®&mw,AY 96 MB RAM
v 'V 1024x768r|_VfJ,65536+DFczT>w#
¶ Microsoft Windows 95"Windows 98r Windows NTYw53
¶ 'VyZ JDK 1.1 !&CLrD Web /@w,}g:
v Netscape NavigatorM Netscape Communicator,vTZf> 4.7x#
":20r<;'V Netscape NavigatorM Netscape Communicatorf> 6#
v Microsoft Internet Explorer,f> 5.0 r|_f>
/@w"bBn:
Xk20 Netscaper Microsoft V"D/@w}=f>#SZ}=)&Lq!Df>I
\^(}7T>E",XpGT;,Z"oDoTKP!&CLr1#
g{h*Z Tivoli PKI ~qwOKP20r<,"}Z Windows NT=(OKP,k9
C Microsoft Internet Explorerf> 5.0 r|_f>#Z Netscape/@wBKP1,!
&CLrDT\+a}\`#
3
5Tivoli PKI dC8O
|
|
|
|
|
|
|
|
|
|
3.gNYw?
k7#/@w49C HTTP zmCJ Tivoli PKI ~qw#
U/dC}]dCZd,20r<+a>zdkZ73D:Tivoli PKI dC}]m%;PT>DE"#*<dC
}L0,kU/b)E"#
g{F.20`v Tivoli PKI ~qw,zI\*r!vm%"G<B!n#byPzZj6zk
<kB20DX(dC5/#
":20r<a)\`dC!nD1!5#Zs?VivB,&1S\b)5#;PZ7(h*
|D1,E\|D|G#
6 f> 3 "Pf 7.1
|
Tivoli PKI dC}]m%
0Z hv 1!5 zD5
<kdC}] k*<kDdC}]D~DD
~{#
^#
CA MsF~qw ~qwibwz{r IP X
7#
CA ~qwD+^(wz{
CA ~qwDl}KZ# 1830
sF~qwDl}KZ# 59998
CA D DN# /C=US/O=Your
Organization/OU=Trust
Authority/CN=Trust Authority
CA
CA \? CA ){c(# sha–1WithRSAEncryption ¶ sha-1WithRSAEncryption
¶ md5WithRSAEncryption
CA \?s!# 1024 ¶ 1024
K CA &19C 47582~
p?
q ¶ G
¶ q
g{Z9C 47582~,RSA
\?s!#
1024 ¶ 512
¶ 768
¶ 1024
*1S+ CA \?f"Z
47582~Pp?
q ¶ G
¶ q
CA 4758E*D~\kr\
kLo
^#
Directory ~qw ~qwibwz{r IP X
7#
Directory ~qwD+^(w
z{
Directory ksDl}KZ# 389
*9CVP Directory p? q ¶ G
¶ q
*9C Directory #=f> 3
p?
G ¶ G
¶ q
Directory rootC' DN Directory rootC' DN# /C=US/O=Your
Organization/OU=Trust
Authority/CN=Ldap Root DN
Directory rootC'\k# ^#g{H0Q20K
Directory,rXkkVPD
root C'\k%d#
Directory \m1 Directory \m1 DN# /C=US/O=Your
Organization/OU=Trust
Authority/CN=DirAdmin
Directory \m1\k# ^#g{H0Q20K
Directory,rXkkVPD\
m1\k%d#
Directory \m1&1|B
Directory p?
G(Fv) ¶ G
¶ q
7Tivoli PKI dC8O
|
|
||
||
||
|||||
3.gNYw?
0Z hv 1!5 zD5
"ar r{#;\|,Uq# zDr
roT# "o
r20?<# AIX:/usr/lpp/iau/pkrf
/Domains
Windows NT:c:\Program
Files\IBM\Trust
Authority\pkrf\Domains
+C Web ~qw ~qwibwz{r IP X
7#
RA ~qwD+^(wz{
;h*S\rO$DksDl
}KZ#
80
2+ Web ~qw,4-}M
'zO$
~qwibwz{r IP X
7#
RA ~qwD+^(wz{
;h*M'zO$D SSL k
sDl}KZ#
443
2+ Web ~qw,-}'z
O$
~qwibwz{r IP X
7#
RA ~qwD+^(wz{
Xk-}M'zO$D SSL
ksDl}KZ#
1443
RA ~qw RA ~qwDl}KZ# 829
K RA &19C 47582~
p?
q ¶ G
¶ q
g{Z9C 47582~,RSA
\?s!#
1024 ¶ 512
¶ 768
¶ 1024
*1S+ RA \?f"Z
47582~Pp?
q ¶ G
¶ q
RA 4758E*D~\kr\
kLo
^#
S\-&mw\mdC 2m&mw!n q
S\-&mw\mdC RA r CA D\m1E*D
~\k
^
#fdC}] dC}]D~DD~{#dk
'V AIX r Windows NT
<(D{F#k;*dkD~
)9{#
DatabaseBackup
8 f> 3 "Pf 7.1
|
||||
|||||
||||||
||
||
|||
||||
dC53dC Tivoli Public Key Infrastructure1,*8(Z73PhCm~D!n#>ZPDwb+V[
dC Tivoli PKI i~D;,=(#98>zgN#fdC5CZZTsD Tivoli PKI 20PY
N9C#&14iDwb|,TBwn:
¶ KP20r<
¶ <kdC}]
¶ hC6L~qw
¶ (}dk8( DN
¶ 9C DN `-w8( DN
¶ i4dC{"
¶ i$dC
KP20r<1*<dC<8C1,k9CK}Lt/"KP20r<#
1. k7#/@w<8C,ITKP!&CLrK#K=h\X|# Lx.0kNDZ53D:h
C$w>;#
2. T Tivoli PKI dCC'm](dMivB* cfguser)G<#
3. CJ20!&CLrw}3fD WebX7#ZTB>}P,secure_Web_server j6K20
w Tivoli PKI zkDzwOD2+ Web ~qwKZ:
https://secure_Web_server/
4. l&S\T)p$iD/@wa>#
¶ g{Z9C Netscape/@w,r+a>zS\B>c$i#X4%wB;=,1=%w
jIS\$i#a>1,!q!nT@6S\K$i(1='')#
¶ g{Z9C Internet Explorer,ra4=;r{"m>$i"PL4*#%wGS\$i
"Lx#
5. TC'{a>C cfguser Tl&TZC'{M\kD/@wa>,"dkZ CfgPostInstallL
r*<&8(DXFLr\k#
6. 7#$w><8C,IT*<dC}L1,k%wA CfgSetupWizard D4S#
":t/!&CLrs,*(8VSjIK=h#"TZNbVNPdk}]0,XkH}
1=!&CLrj+0kdC}]b#
9C Microsoft Internet Explorer,JavaXF((g{!qT>)I\T>\$D2+T
l##g{ Swing UI \mwT<0kIBX!&CLr;ICJDtTD~,r+"
zKiv#ITvTKl##
7. (}8(5"%wB;=TLxILxKP!&CLr#Z\`ivB,ITS\T>D1
!5#
¶ g{dk;}7D5,rg{ZyhVNPa)E"0"TLxxP,r!&CLr+
T>{"#1=a)K5,qrTB}7{Em>VN1YXh}]:
9Tivoli PKI dC8O
|
|
|
|
|
|
|
|
|
|
3.gNYw?
¶ P1,49D>u?VN;|,D>,2I\!q|#"zbViv1,ah9zZV
NPdkV{#*bvKJb,4 Home |4;D>VND!q"ME|TS\D>#
¶ 1+bjF}VN1,!&CLr+T>CVNDr*ozP#
¶ *Zx(0ZPi4XZyPVND|j8hvE",kf1%woz#
¶ *i4XZ Tivoli PKI dCDj8E",Zi4*zoz1%wTBi.<j#KYw
Ir*>i,6Tivoli PKI dC8O7#
8. #fdC5s,%wKv"XU/@w#5X~qwTt/dCLr(CfgStart),KLr
I|B~qwdCD~"4(yhD}]b#XZdC}LD|`E",kND:Z AIX O
KP CfgStart;M:Z Windows NTOKP CfgStart;#
9. dCLrKP1,4i4,{"#g{Z6LzwO20KNbi~,ra4={"8>z
Z}LITLx0kZ6L53O4PYw#
10. 9C530Xh4P8vsdC=hTi$"#$53#XZj8E",kNDZ213D
:i$dC;MZ223D:<8zz;#
Z AIX OKP CfgStartg{Z`zw20P20K Tivoli PKI,rXk4iZ113D:hC6L~qw;,"7#T}7
D3rZ?(zwOKP CfgStart#
9CTB}LKP CfgStart#K>}T>K1!2076;ZzD53PI\kK;,:
1. w* root C',dkTB|n:
su - cfguser
2. (}dkTB|n|DA bin S?<:
cd /usr/lpp/iau/bin
3. dkTB|n.;:
./CfgStart (CZj<&m)
./CfgStart -i (CZq!j8E")
dC}LDdv#fZD~ /usr/lpp/iau/logs/instCfg.logP#&1ZdMzz53P4iKD~#
Z Windows NT OKP CfgStartg{Z Windows NTO20K Tivoli PKI,rXkZ20r<P%wjI4%sV$t/ CfgStart
Lr#
g{Z`zw20P20K Tivoli PKI,rXk4iZ113D:hC6L~qw;,"7#T}7
D3rZ?(zwOKP CfgStart#
9CTB}LKP CfgStart#K>}T>K1!2076;ZzD53PI\kK;,:
1. T cfguserm]9C`&D\kG< Windows NT#
2. r* MS DOS|n0Z#
3. |DA Tivoli PKI 2076D bin S?<#}g:
cd "c:\Program Files\IBM\Trust Authority\bin"
10 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
4. g{k*6qj8dv,rk^D MS DOS|n0ZDtT:!q<V!n(,"+A;:
exs!D_HvSA 9999#
5. dkTB|n.;:
CfgStart (CZj<&m)CfgStart -i (CZq!j8E")
CfgStart}ZKP1,I\av=0Z^(}7XUDJb#g{"zKKJb,kH}dC}L
ax,;sKvyPr*D0Z#
<kdC}]*9C`FDdChC`v Tivoli PKI 53,20r<a+dC5#f=I<vD~P#TsI
T<vKD~"+dw*hCm;v Tivoli PKI 53Dy<#
g{F.Z`v~qwO20 Tivoli PKI "*Z?v~qwOhC`FDdC,rI\k9CK
&\#<kdCD\&2IT|]WX(FVPD* Tivoli PKI gZf>dCD53#
":
¶ g{"T+dC}]<kQdCD53,r+F5yPDVP}]#
¶ <kdC}]1,vI+d<k}ZKP`,Yw53D53#}g,;ITZ
Windows NTO<k|,CZ AIX =(D5DdC}]D~,"C.ZZ WIndows
NT OdC Tivoli PKI#
9CTB}Lw*<kdC}]D8<#
1. Z;(zwO20MdC Tivoli PKI##fdC}]1,G<z*}]D~ypD{F#
2. Z;,DzwO20 Tivoli PKI DB5}#
3. +dC}]D~SZ;( Tivoli PKI zw4F=Z~(zw#
¶ Z AIX O,f"dC}]D~D1!76G:/usr/lpp/iau/cfg/cfgdb/
¶ Z Windows NTO,f"dC}]D~D1!76G:
c:\Program Files\IBM\Trust Authority\cfg\cfgdb\
4. ZBzwOt/20r<#Z;v0Z+*sz8(Gqk*ST0D20<kdC}]#
%w4!rm>zk*<k#
5. B;v0Z8>z!qdC}]D~(zk+KD~CZK20)#!q4F=KzwDD
~#
6. 9Xk8(G*20BD Tivoli PKI ~qw9GSz7DT0f>(F}]#
7. %wB;=Lx1,20r<+<kD~DE"2k!&CLrPD#`0Z#
8. P!qX|Dh*k Tivoli PKI DK20;,DY}5#
hC6L~qw>ZhvKdC6L~qwDDv=8#yV[DdCgB:
¶ =8 1 * RA ~qwZ;(zwO;CA"sFM Directory ~qwZm;(zwO
¶ =8 2 * RA M Directory ~qwZ;(zwO;CA MsF~qwZm;(zwO
¶ =8 3 * RA"sFM CA ~qwZ;(zwO;Directory ~qwZm;(zwO
11Tivoli PKI dC8O
|
|
|
|
|
|
3.gNYw?
¶ =8 4 * RA ~qwZ;(zwO;CA MsF~qwZm;(zwO;Directory~qwZ
Z}(zwO
dC6L~qw1,9CTB=hw*8<#
=8 1 * RA ~qwZ;(zwO;CA"sFM Directory ~qwZm;(zwO
1. 9CZ103D:Z AIX OKP CfgStart;PhvD=(Z RA ~qwO*<dC Tivoli PKI#
2. CfgStartLra>1,k*A20 CA"sFM Directory ~qwDzw#
3. Z AIX OT root C'm]G<#
4. dkTB|n|D?<:
cd /usr/lpp/iau/bin
5. dkTB|nt/s20Lr:
./CfgPostInstall -r
6. CfgPostInstalla>1,8( Tivoli PKI RA ~qwD+^(r{T0 cfguserM Tivoli PKI
XFLrD\k#mb,dkcTx}* WebSphere}]b`F?<D=h#
7. CfgPostInstalljIs,dkTB|n:
su - cfgusercd /usr/lpp/iau/bin./CfgStart -i
CfgStartdC Directory"sF}]bM CA }]b#CfgStartax1,T>;u{"8>z
5X RA ~qw#
8. YNKPZ103D:Z AIX OKP CfgStart;PhvD CfgStart|n,LxdC RA ~q
w#
9. CfgStartLra>1,k*X20 CA"sFM Directory ~qwDzw#
10. KPZ103D:Z AIX OKP CfgStart;PhvD CfgStart|n,LxdC CA MsF~
qw#CfgStart+dCsF~qwM CA#CfgStartax1,T>;u{"8>z5X RA ~
qw#
11. KPZ103D:Z AIX OKP CfgStart;PhvD CfgStart|n,jI RA ~qwDdC#
=8 2 * RA M Directory ~qwZ;(zwO;CA MsF~qwZm;(zwO
1. 9CZ103D:Z AIX OKP CfgStart;PhvD=(Z RA ~qwO*<dC Tivoli PKI#
2. CfgStartLra>1,k*A20 CA MsF~qwDzw#
3. Z AIX OT root C'm]G<#
4. dkTB|n|D?<:
cd /usr/lpp/iau/bin
5. dkTB|nt/s20Lr:
./CfgPostInstall -r
6. CfgPostInstalla>1,8( Tivoli PKI RA ~qwD+^(r{T0 cfguserM Tivoli PKI
XFLrD\k#mb,dkcTx}* WebSphere}]b`F?<D=h#
7. CfgPostInstalljIs,dkTB|n:
12 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
us - cfgusercd /us/lpp/iau/bin./CfgStart -i
CfgStart+dCsF~qwM CA ~qw#CfgStartax1,T>;u{"8>z5X RA ~
qw#
8. YNKPZ103D:Z AIX OKP CfgStart;PhvD CfgStart|n,jI RA ~qwD
dC#
=8 3 * RA"sFM CA ~qwZ;(zwO;Directory ~qwZm;(zwO
1. 9CZ103D:Z AIX OKP CfgStart;PhvD=(Z RA ~qwO*<dC Tivoli PKI#
2. CfgStartLra>1,k*A20 Directory ~qwDzw#
3. Z AIX OT root C'm]G<#
4. dkTB|n|D?<:
cd /usr/lpp/iau/bin
5. dkTB|nt/s20Lr:
./CfgPostInstall -r
6. CfgPostInstalla>1,8( Tivoli PKI RA ~qwD+^(r{T0 cfguserM Tivoli PKI
XFLrD\k#mb,dkcTx}* WebSphere}]b`F?<D=h#
7. CfgPostInstalljIs,dkTB|n:
su - cfgusercd /usr/lpp/iau/bin./CfgStart -i
CfgStart+dC Directory~qw#CfgStartax1,T>;u{"8>z5X RA ~qw#
8. YNKPZ103D:Z AIX OKP CfgStart;PhvD CfgStart|n,jI RA ~qwD
dC#
=8 4 * RA ~qwZ;(zwO;CA MsF~qwZm;(zwO;Directory ~qwZZ
}(zwO
1. 9CZ103D:Z AIX OKP CfgStart;PhvD=(Z RA ~qwO*<dC Tivoli PKI#
2. CfgStartLra>1,k*A20 Directory ~qwDzw#
3. Z AIX OT root C'm]G<#
4. dkTB|n|D?<:
cd /usr/lpp/iau/bin
5. dkTB|nt/s20Lr:
./CfgPostInstall -r
6. CfgPostInstalla>1,8( Tivoli PKI RA ~qwD+^(r{T0 cfguserM Tivoli PKI
XFLrD\k#mb,dkcTx}* WebSphere}]b`F?<D=h#
7. CfgPostInstalljIs,dkTB|n:
su - cfgusercd /usr/lpp/iau/bin./CfgStart -i
13Tivoli PKI dC8O
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
3.gNYw?
CfgStart+dC Directory~qw#CfgStartax1,T>;u{"8>z5X RA ~qw#
8. YNKPZ103D:Z AIX OKP CfgStart;PhvD CfgStart|n,LxdC RA ~q
w#
9. CfgStarta>1,k*A20 CA MsF~qwDzw#
10. Z AIX OT root C'm]G<#
11. dkTB|n|D?<:
cd /usr/lpp/iau/bin
12. dkTB|nt/s20Lr:
./CfgPostInstall -r
13. CfgPostInstalla>1,8( Tivoli PKI RA ~qwD+^(r{T0 cfguserM Tivoli PKI
XFLrD\k#mb,dkcTx}* WebSphere}]b`F?<D=h#
14. CfgPostInstalljIs,dkTB|n:
su - cfgusercd /usr/lpp/iau/bin./CfgStart -i
CfgStart+dC CA MsF~qw#CfgStartax1,T>;u{"8>z5X RA ~qw#
15. YNKPZ103D:Z AIX OKP CfgStart;PhvD CfgStart|n,jI RA ~qwD
dC#
9CVPD DirectoryTZ20 Tivoli PKI 53T0MfZD IBM Directory,Tivoli PKI dC}L_PTBwL:
1. dCLr"Ts( DirAdmin DN M\k#
¶ g{s(I&,rLrLxTmS CA DN#
¶ g{s('\,rLr+mS DirAdmin DN M\k#
2. Lr"Ts( root C' DN M\k#
¶ g{s('\,rLrvm"5Xl##
¶ g{s(I&,rLr"TT CA DN xP LDAP Qw(ldapsearch)#
v g{ LDAP QwI&,rLr+;xPNNYw"YhQhCCJXF#
v g{ LDAP Qw'\,rLr+mS CA DN(MNbPdZc)T0XhDCJXF
E"#
":;4PT/#=li#
_PQhCDX(Z Tivoli PKI D#=M DN DVP IBM Directory q-0vdC}L#;x,
g{VP Directory1YX(Z Tivoli PKI D#=M DN,rdC DirectoryD=(+TP;,#
TBwZV[:
¶ 1d#=X(Z Tivoli PKI +d DN 4;G1,gNdCVPD Directoryk Tivoli PKI ;
p$w#
¶ 1d#=M DN <;X(Z Tivoli PKI 1,gNdCVPD Directory k Tivoli PKI ;p
$w#
14 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
vT}7D#=dC
YhhCK}7D"X(Z Tivoli PKI D#=(XZ Tivoli PKI #=(e,kN<Z173D:m
StTA PKI `;),Tivoli PKI dC}L"T4( DirAdmin M CA DN#TZ4(b) DN,
h* root C' DN M\k#9XkhC root C' DN DCJmI(,CZ4(BD DN MN
bXhDPdZc#10,4( DN MmSCJXF;GV*xPD#
1d#=X(Z Tivoli PKI +d DN 4;G1,*dCVPD Directory k Tivoli PKI ;p$
w,kq-TB=h:
1. CJ Tivoli PKI 20r<dC!&CLr"Lx8( Tivoli PKI dC!n#
2. *A Directory~qw!n1,!q9CVPD Directory ,;sLx8(dC5,1=jI#
3. #fdC5s,%wKv"XU/@w#
9CZ103D:Z AIX OKP CfgStart;PhvD=(Z RA ~qwO*<dC Tivoli PKI#
g{Z$tyPd| Tivoli PKI i~D,;(zwO20K Directory~qw,r CfgStart;
aa>zdk|`E"#
g{Z6LzwO20 Directory~qw,XZjI Tivoli PKI dCD8>E",rkN<Z
113D:hC6L~qw;;Z#
dC1^}7D#=M DN*dC4hC}7DX(Z Tivoli PKI D#=,21Y}7 DN DVP Directory,kq-TB
}L:
1. Tivoli PKI 20jIs,*A Tivoli PKI ~qwOD|nP#
2. S Tivoli PKI 20?<+ V3.Modifiedschema.taD~4FAzD Directory ;C,gB:
¶ Z AIX P:
cp /usr/lpp/iau/cfg/V3.Modifiedschema.ta yourDirectoryPath/etc
¶ Z Windows NTP:
copy c:\Program Files\IBM\Trust Authority\cfg\V3.Modifiedschema.tayourDirectoryPath\etc
V3.Modifiedschema.taD~|, Tivoli PKI Ts` pkiUserM pkiCA D#=(e#
3. C;Z IBM Directory 2076D etc S?<PDVP V3.user.atD~DZ]k Tivoli PKI
20?<PD V3.user.atZ]HO#GB;,.&,"y]d^D;Z Directory ~qwD
V3.user.atD~#
":g{4FD~,r Tivoli PKI D~+2G Directory ~qwOD V3.user.atD~Z],
F5X(i/D}]#
4. C;Z IBM Directory 2076D etc S?<PDVP V3.user.ocD~DZ]k Tivoli PKI
20?<PD V3.user.ocZ]HO#GB;,.&,"y]d^D;Z Directory ~qwD
V3.user.ocD~#
":g{4FD~,r Tivoli PKI D~+2G Directory ~qwOD V3.user.ocD~Z],
F5X(i/D}]#
5. `-;Z yourDirectorypath\etc DVP slapd.confD~,mSTBP:
15Tivoli PKI dC8O
||
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
3.gNYw?
includeSchema /etc/V3.user.ocincludeSchema /etc/V3.user.atincludeSchema /etc/V3.Modifiedschema.tasuffix "c=us"
6. 9C20r<8( Tivoli PKI dC!nLxdC#
7. *A Directory~qw!n1,!q9CVPD Directory ,;sLx8(dC5,1=jI#
8. #fdC5s,%wKv"XU/@w#
9CZ103D:Z AIX OKP CfgStart;PhvD=(Z RA ~qwO*<dC Tivoli PKI#
g{ZyPd| Tivoli PKI i~$tD,;(zwO20K Directory~qw,r CfgStart;
aa>z|`E"#
g{Z6LzwO20 Directory~qw,XZjI Tivoli PKI dCD8>E",rkN<Z
113D:hC6L~qw;;Z#
|D PKI tTDitH6pZ IBM Directory P,tTIT_PTBitH6prCJXFH6,0Yg1Gn_it6p,
0U(1GnMit6p:
¶ Yg
¶ it
¶ U(
DirectoryPDCJXFm(ACL)GIitH6p8(D,x;GItT8(D#rx,ITI
itH6pZh Directory C'(s(= Directory)A"4"QwrHOX(#}g,Nb CA
D DirAdmin ;ZhyPitH6pDA"4MHOX(#
Z1! Directory P,{<TB PKI tTtZYgitH6p:
¶ authorityRevocationList
¶ caCertificate
¶ certificateRevocationList
¶ crossCertificatePair
¶ deltaRevocationList
¶ userCertificate
mb,Z1! Directory P,{< userPasswordtTtZYgitH6p#
(#,PKI tT(XpG caCertificateM userCertificate)&1^A^F#4s(= DirectoryD
NNTs(|,d{s(DC')&1\;A PKI tT#r* userPasswordtZ PKI tTD`
,itH6p,yTr;1! Directory iv5> userPasswordGIA1h*byv#
rx,*E/2+CJ,Tivoli PKI a+ PKI tTDitH6p5M*it"Zh{<d6p*
itDtTTG^FACJ(#TbV==,TI{< userPasswordtT*Yg,+|PA^F#
g{k*|D PKI tTDitH6p,dCT0"Zs20Ts4PTB=h:
1. 9Cz!qDD>`-w,`-;ZTB1! Tivoli PKI 2076D V3.user.atD~:
¶ TZ AIX:
/usr/lpp/iau/cfg/
¶ TZ Windows NT:
16 f> 3 "Pf 7.1
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
c:\Program Files\IBM\Trust Authority\cfg\
2. (}|DCtTD ACTION CLASS 5,|DPK$DtTDitH6p#
3. #f|D#
4. Lx Tivoli PKI dC#
mStTA PKI `10 Tivoli PKI JmzZ DirectoryP4(u?1!q*9CD)Ts`#Tivoli PKI DT0f
>^Fz;\9C pkiCA M pkiUserTs`#VZTIT9C pkiCA M pkiUserTs`,+2
JmzS Directory#=P(eDyPTs`P!q#g{!q9C Tivoli PKI DT0f>9C
DTs`R#{mS|{tT,rXkmS|{tTw*b)Ts`D;?V#b)Ts`D#
=(e|,Z V3.modifiedschema.taD~P#r*D#=(egB:
Ts`(PKIX LDAP #= V2) tTPm
pkiUser ¶ userCertificate
¶ cn
¶ userpassword
pkiCA ¶ cACertificate
¶ certificateRevocationList
¶ authorityRevocationList
¶ crossCertificatePair
¶ cn
¶ O
¶ ou
¶ userpassword
I\T#=D~ywD^D`M|,DtTHCZ|{tTDtT|`#*5VK|D,kZI
&jIs20}LsR*<dC04PTBYw:
1. 9Cz!qDD>`-w,`-;ZTB1! Tivoli PKI 2076D V3.modifiedschema.taD
~:
¶ TZ AIX:
/usr/lpp/iau/cfg/
¶ TZ Windows NT:
c:\Program Files\IBM\Trust Authority\cfg\
2. TZ!qDTs`(pkiUserr pkiCA),q-VP#=mSC@*{E($)VtD?vtT#
k7#v|,#=D~P(eDG)tT#
3. #f|D#
4. Lx Tivoli PKI dC#
g{!q9C;,DTs`,rXk8(Ts`D{Fw*(F}LD;?V#1!dC9CT
BTs`:
17Tivoli PKI dC8O
|
|
|
|
|
|
|
|
|
|
|||
|||||
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3.gNYw?
Ts`(PKIX LDAP #= V3) tTPm
a9`
inetOrgPerson
XhtT:
¶ cn
¶ sn
I!tT:
¶ audio
¶ businessCategory
¶ carLicense
¶ departmentNumber
¶ employeeNumber
¶ employeeType
¶ givenName
¶ homePhone
¶ homePostalAddress
¶ initials
¶ jpegPhoto
¶ labeledURI
¶ manager
¶ mobile
¶ pager
¶ photo
¶ preferredLanguage
¶ roomNumber
¶ secretary
¶ uid
¶ userCertificate
¶ userSMIMECertificate
¶ x500UniqueIdentifier
¶ I inetOrgPersonDO6Ts`a)=StT
C'u?(z`
ePerson
XhtT:
¶ userCertificate
¶ I ePerson(zTs`a)=StT
O$PDu?(z`
certificationAuthority-V2
XhtT:
¶ authorityRevocationList
¶ caCertificate
¶ certificateRevocationList
I!tT:
¶ crossCertificatePair
¶ deltaRevocationList
(}dk8( DN
a>
*K'Vz8((P{F(DN),20r<|,;v<NC'gf,(P{F`-w#9
CK$_8( Tivoli PKI D DN,x;Xdk|G#
18 f> 3 "Pf 7.1
|||
|
|
|||
|||||||||||||||||||||||||||
|
|
|||
|
|
||||
||||
|
|
|
dCZd,Xk*8v Tivoli PKI i~8((;D DN:CA"Directory rootC'M Directory\
m1#g{T X.509v3 j<Dq=;l$,kNDZ203D:9C DN `-w;TqCoz#
g{zl$ X.509v3 j<,IZKP20r<1dk DN#Tivoli PKI 'VTB DN tT:
u? $H 5
C= 4 DN TsyZDzRrXx#bXkk ISO 3166j<P(eDV{.
%d#
ST= 128 DNTsyZD!r1=P#
L= 128 DN TsyZDyZX(P/X/xrTNx)#
STREET= 128 DNTsyZDV@X7#
O= 64 K DN TsytDi/{F#
OU= 64 K DN TsytDi/yZD%;,}g+>?Erz7{F#%@;
v DN IT|,`o 4 v OU tT#
CN= 64 K DN TsD+2{F,}gK1D+{rh8D$Z?D#
DC= 64 ri~,ITI;vr`v`X(P{F(RDN)9I#?v RDN |
,5eDrXxr{Di~,WHPvKnX*Di~#}g,rXx
r{0CS.UCL.AC.UK1IT*;*
/DC=UK/DC=AC/DC=UCL/DC=CS#
dk DN 1,XkqXTB DN q=*s:
¶ Xk8(hvr+2{FTj6Ts#yPd|tT<GI!D#
¶ 49 CN G(;XhtT,DN 2^(vI CN tT9I;}K CN tTTb DN 9Xk
|,Dm;vtT#
¶ nsdk CN tT#
¶ ?vtT0P;v}1\(/),|,Z;vu?#
¶ ;*9CaxVt{#
¶ g{5|,XbV{,+|G}Z+}EP(″ ″)#
¶ g{|,;CtT,TBP3rdk|G:/ST= /L= /STREET=#
¶ g{|,i/tT,TBP3rdk|G:/O= /OU=#
¶ g{#t|GwTD3r,rIT;m;CMi/tT#
Tivoli PKI (iTB3r:
v /C=/DC=/ST=/L=/STREET=/O=/OU=/CN=(bGW!q=)
v /C=/DC=/ST=/L=/O=/OU=/STREET=/CN=
v /C=/DC=/ST=/O=/OU=/L=/STREET=/CN=
v /C=/DC=/O=/OU=/ST=/L=/STREET=/CN=
TBT>DG9CW!q=D DN u?>},r{G TRUSTCA.IBM.COM:
/C=US/DC=COM/DC=IBM/DC=TRUSTCA/ST=MD/L=Gaithersburg/STREET=800 N. Frederick Avenue/O=IBM/OU=PKI/CN=TrustCA
XZ Tivoli PKI gN9C Directory D|`E",kND6Tivoli PKI hCkKP7#
19Tivoli PKI dC8O
3.gNYw?
9C DN `-w^[N120r<*sz8((P{F(DN)1,IT%w DN `-w<jTt/(P{F`-
w#
K<NC'gf9z\]WX8(zk|,D DN w?V#*k*|,Z DN PDtTn
dUW&,;sStT3rPm!q#
DN `-w+ DN w?VVt*8vjGDxr:
¶ ;vxrU/XZvK"Lrrh8D;cE",DN G*b)Ts4(D(DN Ts)
¶ ;vxrU/XZ5P DN TsDi/DE"
¶ ;vxrU/XZ DN TsyZ;CDE"
¶ ;vxrj6;, DN w?VD3rq=
;cE"
+2{F
dkK DN TsDhv{F#TZvK,(#GKKD+{#TZ~qw"&C
Lr"h8rd|Ts,8(;vPzZj6d&\r?D{F#
zRrXx
!q DN TsyZDzRrXx#
r{ dkj6Ku?DrXxr{#
i/E"
i/{F
I!qdk DN TsytDi/{F#dMXbGi/DO("a{F#*|,
i/D%;,XkWH8(i/{F#
i/%;
IT!qj6 DN TsytDi/PD%*#}g,bITGi/?E(}gM
'J')r$w`p(gz7{F)#IT+;vx( DN n`k 4 vi/%;
X*#
;CE"
!r1=P
IT!qj6 DN Ts5JyZD!r1=P#2I\GT3VP,eD==X
*TsDXmxr#dMX,bG DN ytDi/;C#
y]"aW!n,IT44!r1=PD+{r9Cj<rF#}g,IT9C
New York r NY#
yZX IT!qj6 DN Ts5JyZDP/X/xrTNx,}g Chicagor Paris#
b2I\G;)T3V==T DN TsP,eDXmxr#*|,XZyZXD
E",XkWH8(!r1=P#
V@X7
IT!qj6 DN TsyZDV@X7#dMX,bG DN ytDi/DV@
X7#*|,V@X7,XkWH8(yZXM!r1=P{F#
20 f> 3 "Pf 7.1
|
|
q=`M:
j6tT(b)tT9K DN w7M(;)s,Xk!qtT3r#!q!n1,DN `
-w+T>>},mw DN +uyT!(D3rT>#
!qD3rj+!vZzDi/gNi4da9"i/rcZx(\mrP|,D5e
T0|rcgN9CMQw Directory#
}g,g{i/Z`v;CPl+R,zI\k*Zi/E"08(;CE"#ZK=
(P,IT+ Directory i/^FZtZX(XmxrDu?#
k"b DN `-wI\Z0q=1xr(ZK&T> DN Dq=)R_DUW&T>X
ODD>#bGT>ms;+|;a0ly4( DN D5Jq=#
WHT>;C
bG1!MW!q=,Kq=P+Zi/E"0T>yPD;CE"#tT3r
gBy>:
/r{/zRrXx/!r1=P/yZX/V@X7i//i/%;/+2{F
i/szfV@X7
ZKq=P,XZi/DE"Zk DN TsX*[email protected]#tT3rgB
y>:
/r{/zRrXx/!r1=P/yZX/i//i/%;/V@X7/+2{F
i/szfyZX
ZKq=P,XZi/DE"Zk DN TsX*DP/X/xrTNxT0dV
@X7.0#tT3rgBy>:
/r{/zRrXx/!r1=P/i//i/%;/yZX/V@X7/+2{F
i/szf!r1=P
ZKq=P,XZi/DE"Z;CE".0#tT3rgBy>:
/r{/zRrXx/i//i/%;/!r1=P/yZX/V@X7/+2{F#
i4dC{"g{C -i !nKP CfgStartLr,rxLKP1,z+a4=s?dC{"ZA;Ov/#g{
;C -i !nKP CfgStartLr,rITi4U>D~T`SdCxH#U>D~F* instCfg.log,
|$tZ20y?<D logs S?<P#Z1! Tivoli PKI 20P,KD~D1!2076G
/usr/lpp/iau/logs/instCfg.log#
i$dCdC}Laxs,Xk7O53Q}7dC#K}L8>zi$IT=NqC$i:;NGZ5
3u<dCTs,53j+XU"XBt/sIYNqC$i#
1. dCjI1,*A$w>"r*/@w#IT=TB Web X7CJGG Web >c:
http://MyPublicWebServer/MyDomain/index.jsp
dP MyPublicWebServer G+C Web ~qwDwz{,MyDomain G"arD{F#
/@wr*GGw}3f,Z1!20PF*>$PD#zDi/I\xPK;,D|{#
2. %wA20RGD~qw CA $iD4S#K$i9zD/@w\;SGG~qPO$(E#
g{+4YNSK/@w,SAGG~q,rIT!TK=h#
21Tivoli PKI dC8O
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3.gNYw?
3. Z$iGGxr:
a. !qGG`M → /@w$i#
b. !qYw → GG#
c. %w7(#
4. q-Z_8>E"TjI"am%D=?V#
Zm%D"aE"?V!q$i`M1,k!q Web M'zO$(1 j)#Z1!20P,
KYwJm(}T/K<}L&m$iks#
5. TzDGG}]zb1,k%wa;GGks#
6. kq-Z_8>E"TliksD4,#*4,3Si)G5XMli4,Dnr%==#
w*#$,kZa;kssG<T>Dksj6#g{ZGGm%O8(k*SUgSJ~
(*,rksj6+"Mxz#
7. K<kssZ;Nli4,1,+T/BX$i"20=zD/@wP#kq-K<(*P
DZ_8>E",7OQ}720#
8. q- Tivoli PKI System Administration GuidePD}LT#9yPD Tivoli PKI i~#g{
QZ`vzwO20K Tivoli PKI,rT}7D3r#9?v~qwLr#
9. (vCZ Windows NT )(}Z`XD0ZPdk Ctrl-C #9k20r<X*D WebSphere
Application ServerM IBM HTTP Server5}#
10. q- Tivoli PKI System Administration GuidePD}LTt/yPD Tivoli PKI i~#g{
QZ`vzwO20K Tivoli PKI,rT}7D3rt/?v~qwLr#
11. X40v=h(=hZ213D1==h7)TYN7OITqC/@w$i#
I&20KZ~v$is,53Q<8C*<&mks#XZGG}LMC'ICD;,`M$
iDj{E",kND6Tivoli PKI C'8O7#
<8zzi$B Tivoli PKI 53D20s,&14P8v=hT*zz737(53hC"#$|:
¶ #$20r<#
¶ |D Directory mI((vCZ AIX)
¶ |D~qw\k#
¶ `-dCD~(v1h*1)#
¶ Z("a1#
¶ 8]BdCD53#
¶ (F"ar#
¶ `5\m1MC'#XZozE",kN<TBi.:
v 6Tivoli PKI "aPD@f8O7,XZgNCJM9C RA @f\m$iDE"#
v 6Tivoli PKI C'8O7,XZ9CyZ/@wDGGm%DE"#
22 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#$20r<KP20r<"&CdC5s,&1#$!&CLrT#$|;aYNKPZK Tivoli PKI ~q
wO#;)QdCKx( Tivoli PKI 53,M^(XBdC|#d;dCLrPP;)j>IT
@9YNdCX(i~,+zI\k*I!;)=S=hT#$!&CLr#
*@9YNKP20r<,kX|{|r+dF/=^(]WDCJD?<P#Z20Zd,2
0r<20ZTB;C:
¶ Z AIX P,!&CLrD1!76G:/usr/lpp/iau/cfg/CfgSetupWizard.html
¶ Z Windows NTP,!&CLrD1!76G:
c:\Program Files\IBM\Trust Authority\cfg\CfgSetupWizard.html
Z AIX O|D Directory mI(g{Z AIX =(OdC Tivoli PKI,Xk|D slapd.confD~DyP(mI(#ZdCZd,
Tivoli PKI a+X( Directory dCD~DyP_hC* cfguser.cfggrp#Xk+yP_|D*
ldap.ldap#byv+Jm Directory \m1Td|I\k Tivoli PKI 2m Directory Dz7vv
XhD|D#*|D Directory mI(,k4PTBYw:
1. T root C'm]G<#
2. dkTB|n|D?<:
cd /usr/ldap/etc
3. dkTB|nhCJ1DyP(mI(:
chown ldap.ldap slapd.conf
|D~qw\kdC Tivoli PKI 1,k8(TB\k:
¶ CZ Directory rootC'D\k
¶ CZ Directory \m1D\k
¶ CZ CA 4758E*D~(I!)D\k
¶ CZ RA 4758E*D~(I!)D\k
XkG!b)\kTKP3)\m$_#xR,953xkzz==1,XkKP|D\k5C
Lr"8(?vIEi~D\k#*#$53,&XFTdDCJ,"Jmi~2+t/,K=
h\X|#
tCO$~qwi~D\?f"Z@"DS\ KeyStoreP#Z;NKP5CLr1,Xk8(Z
dCZd8(D\k#
|D\ks,;PZ(Di~EITCJ KeyStoreMdPD\?MS\}]#
XZ9C|D\k5CLrDj{E",kND Tivoli PKI System Administration Guide#
`-dCD~#fdC5"t/dC}Ls,dCLr+|B8vdCD~#b)D~XFz7i~DKP1
P*#
23Tivoli PKI dC8O
|
|
|
|
|
|
3.gNYw?
IT"R&19CdC}LZdhCDdC5#;x,I\k*w{3)5T|CXzcYw7
3Dh*#}g,I\kw{~qw,15rw{V/1ddt#
XZ`- Tivoli PKI dCD~MXZITr;IT|DD)N}DE",kND Tivoli PKI System
Administration Guide#
Z("a1Tivoli PKI 'V"aksDT/K<#*JmK`\m14iks"y]ksK<r\x,Xk8
(C'* Tivoli PKI "a1#Z(s,"a1I\KP RA @fT\m$iMGGks#*'V
"a$w:X,ITZ(Nb}?D"a1#
*r/K}L,Tivoli PKI a)K|nP5CLr#9C add_rauser5CLrZ(\mC'1,
*j6"ar"8(C'X(#}g,I\Z(;v"a1vK<"\xks,+Z(m;v"
a17z$i#
¶ XZmS"a1DE",kND Tivoli PKI System Administration Guide#
¶ XZCJM9C RA @fDE",kND6Tivoli PKI "aPD@f8O7#
8] Tivoli PKI 53953xkzz0,k7#_PyP~qwi~D108]T0|GD}]bJ4b#b|,:
¶ w Tivoli PKI ~qw,|,"aPD"yP Tivoli PKI KDm~M'V5CLrM*dCM
"a}]4(D}]b#
¶ Web ~qw,|, WebSphere Application ServerM HTTP Server#
¶ Directory ~qw,|, Directory D~qw#
¶ CA MsF~qw,|,* CA MsF}]4(D}]b#
¶ 4758-&mw,g{Q20"CZK Tivoli PKI 20#
XZ8]h*Z Tivoli PKI P#$Di~DE",kND Tivoli PKI System Administration Guide#
CZ DN inTD Directory |Dg{zz73f09C CA V'TbDr{)"$i,r^D Directory TJm Tivoli PKI Z
Directory P4(V':
1. 7(h*mSD)s:#
2. #9 slapd#
3. ^D slapd.confD~T+s:mSA Directory#
4. XBt/ slapd#
5. Zks:`&D Directory wPmSTs#
6. ^D?vs:DCJXFPm(ACL)#
7. 7# the raconfig.cfgD~PD ldap_autoCreate_entriesj>hC* true#
*B LDAP s:^D ACLTivoli PKI 9C Directory\m1C'j6M\ks(A Directory#?vBs:h*Zd ACL P
|, Directory \m1#}g ACL,dP Directory \m1mSAs:,gB:
access-id:CN=DIRADMIN,OU=TIVOLI PKI,O=YOUR ORGANIZATION,C=US:object:ad:normal:rwsc:sensitive:rwsc:critical:rwsc
24 f> 3 "Pf 7.1
,1d{C'(CN=ANYBODY)DBs:h*_P:
group:CN=ANYBODY:normal:rsc:sensitive:rsc
dP}#"itMYgG ACL D`,rwsc GTBYwDmI(6p:A"4"QwMHO#
(F"ar"arIT9Cka)D Tivoli PKI ;pa)D"a$_#;x,I\k*|D;)GGm%r
"a}LT43i/D}V$wDX(?j#}g,I\k*Z/@wGGm%OT>+>U
j#2I\k*4(r(F$iE*D~TcZ9|'VGGDC'"~qwrh8DXp`#
20 Tivoli PKI "KP20r<s,IT(F\`(eLq?D"arDD~#TZNN(FN
q,k*F.|DDNND~<Fw;v8]1>#
IT(FTBD~#ZdCZd,+Z"arD?<76P4(b)D~:
¶ dCD~(D~`M .cfg)20Z etcS?<P#}g,I\k*w{ RA ~qwr RA @
fDYwhC#
¶ y>(*E~(D~`M .ltr)20Z etcS?<P#Tivoli PKI a)y>D>T(*C'N
1K<r\xks,+zI\k4T:DD>#
¶ HTML D~(D~`M .html)M Java~qw3f(D~`M .jsp)20Z"arDy?<
B,<ND~(D~`M .gif)20Z webpages3fS?<B#}gI\k*DdT>Z/
@wGGm%PDD>M<N#2IT(FVPD$iE*D~r(eBDD~T'Vi/
D$i_T#
¶ _TvZ(policy_exit)20Z bin S?<B#Tivoli PKI a)KvZw*gN&mT/K<
&mD>}#IT4d|vZT+"a&mkd|&CLr/Ir_C4wCT:D&mY
w#
¶ L5wLTs(BPO)#IT4((F BPO T{OT:@XDLqhs#XZ*" BPO D
8O,kN< IBM l$i,Working with Business Process Objects for Tivoli SecureWay PKI,
SG24-6043-00#
XZITT"aM$w}LvD|DE",T0XZgN|DD8>E",kND Tivoli PKI
Customization Guide#
XBdC53*K Tivoli PKI 20&CdC5"KPdCLrs,M;\XBdC53#
IT`-dC5T|D3)YwX~,+;\XBKP20r<TDdT0dCD53#
XZdC53sIT|BDdCN}E",kND Tivoli PKI System Administration Guide#
k Policy Director ;p9C Tivoli PKIIThC Tivoli Policy Directork Tivoli PKI 2m Directory,"S\ Tivoli PKI CA )pD$
i#TB=h\aKhC Tivoli PKI M Policy DirectorD}L,TcZ|GIT%YwM2m
2+J4#
1. 20MdC Tivoli PKI "7#|T:}Z}7$w#
25Tivoli PKI dC8O
|
|
|
|
|
|
|
3.gNYw?
":*<8 Policy Director,&1ZKP20r<1^D1! Directory rootC' DN#TZ
Policy Director,root C' DN ;\|,NNUq#
g{QZ AIX =(OdCK Tivoli PKI,rq-Z233D:Z AIX O|D Directorym
I(;PD=h#dC Policy Director9C Directory 1,q-b)=hG\X|D#
2. 20MdC DCE#7#|T:}Z}7$w"dkBP|nT7O DCE ~qGICD:
dcecp -c cell ping
3. Z Directory ~qwO,4( Policy Directorh*D Directory u?#k7#Z DN PNN
:Es<;PzfUq#XZyhu?Dj8E",kN< Policy DirectorD5#w*;c8
<:
¶ hC Directory \m1KZ"t/\m13fT4(yhD\m1u?#
¶ 9C Directory \mXF(4(=SDyhu?#
4. 20 NetSEATM Policy Director#k7#i~Gn/D"IT(E"R|T:}Z}7$w#
20MdC Policy Director1,IBM l$i,Tivoli SecureWay Policy Director Centrally Managing
e-business Security, SG24-6008-00ITozz#
=K&,Q}7dC Tivoli PKI M Policy DirectorT2m,;v Directory#
6X Tivoli PKI9CTB}L6X Tivoli PKI#}g,zI\kZ2053(zrcZzzP9C|)06XT0
CZbT?Dx20D Tivoli PKI f>#
TZwv\'V~qw=(,fZ;,D}L#
S AIX 6XZ AIX 53O,9CTB}L6X Tivoli PKI ~qwi~#}% Tivoli PKI m~T04iT
B8<:
¶ g{Z`vzwO20K Tivoli PKI i~,rXkX4TB=hTS?vzwO}%m~#
¶ g{SU=KXZxLr}]b;fZDms{",rvSK{""JmE>Lx#
1. T root C'm]G<A Tivoli PKI AIX ~qw#
2. (}dkTB|n|DA bin S?<:
cd /usr/lpp/iau/bin
3. dkTB|n:
./Uninstall_TPKI
4. a>1dkXFLr\k#q-A;OT>D8>E"#6X`zwdC1I\av=m
s#vSms,r*|G+;a0l6X}L#
5. 6XjI1,XBt/53#
S Windows NT 6XZ Windows NT 53O9CTB}L6X Tivoli PKI ~qwi~#}% Tivoli PKI m~T0
4iTB8<:
¶ g{Z`vzwO20Ki~,rXkX4TB=hTS?vzwO}%m~#
26 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
¶ g{SU=KXZxL;fZDms{",rITvSK{""Lx#K}La);c8
<;5JKPZ53OD}LI\;,#
¶ K}LYh1!20}/w(c:)"Tivoli PKI dCC'{(cfguser)M Tivoli PKI }]b{
F#g{20Py;,,y]5Jiv^D}L#
1. !q*< → Lr → IBM SecureWay Trust Authority → #9 Trust Authority #
2. 7#yPDi~<Q#9s,!q*< → hC → XFfe#
3. +wmS/>}Lr#
4. !q IBM SecureWay Trust Authority LrD~P,"%wmS/>}#
5. a>7Ok*>}Lr,%wG#
6. r* DB2 |n0Z:!q*< → Lr → DB2 Windows NT f → |n0Z#
7. dkTB|n6X Tivoli PKI 5}M}]b:
set db2instance=cfguserdb2 force application alldb2 terminatedb2 drop db adtdbdb2 drop db pkrfdbdb2 drop db ibmdbdb2 drop db cfgdbdb2stopdb2idrop cfguserrd /s c:\cfguser
8. dkTB|n6X Directory5}M}]b#k"bK}LYhQI Tivoli PKI 20MdC
K Directory;g{Q*VP Directory dCK Tivoli PKI,r^D`&D=h#
":;h*6X Directory#g{k*XB9C|,k8(z}Z9CVPD Directory,BN
KP20r<dC Tivoli PKI#
set db2instance=ldapInstdb2 force application alldb2 drop db ldapDBdb2stopdb2idrop ldapInstrd /s c:\ldapInst
9. k7#Q}%* Tivoli PKI 20DyP?<#1!2076G c:\Program Files\IBM\Trust
Authority#V$>}K76PDNN?<#
10. Xz"XBt/ Windows NT#
27Tivoli PKI dC8O
3.gNYw?
28 f> 3 "Pf 7.1
`XE"
>ZPDwbIozzKbM9C Tivoli Public Key Infrastructure#Kwba)KXZ Tivoli PKI
&\D;cE",T0XZ20 Tivoli PKI 531XkdCDi~Dj8E"#
sFZ Tivoli PKI P,sF~qw'VTBn/:
¶ SU4TsFM'z(}g"aPDMO$PD)DsFB~#
¶ +B~4ksFU>,dMX,sFU>f"Z DB2 }]bP(I!q+U>w*}]D~
f")#?vsFB~ZU>PP;vG<#
¶ JmsFM'zANX(sFB~#!\\GG<3)B~,+2I9CAN(Th9(f
d|B~#bJmzXFsFU>Ds!,"7#G<DB~GZzD73PP0lDB
~#
¶ *?vsFG<Fcd{"O$zk(MAC)#MAC PzZ7#}]bZ]Dj{T#}g,
I7(G<KG<U>.s,CG<GqQ;^D"[Dr>}#
¶ a)TsF}]bMi5DsFG<4Pj{TliD$_#
¶ a)i5M)psF}]b104,D$_#vZ2+T?D,ki5sF}]b"T\Z
y!+}]bk_f"#i5}]b2Ix4T\EF"Z!ELUd#
KP20r<1,Xkj6sF~qwDwz{#,1Xkj6Il}M'zksDsF~qw
DICKZ#
dC53.s,XZTBNqDE",kND Tivoli PKI System Administration Guide:
¶ KP0|D\k1$_,T|DsF\m1D\k#K=hTZ7#;PsF~qwCJs
FU>rKPsF\m$_GH*X|D#
¶ KP AuditIntegrityCheck$_,TlisF}]bMi5DsFD~Dj{T#
¶ KP AuditArchiveAndSign$_,T+10sF}]bmPDyPG<i5AD~P,;s)
pCD~#
O$PDO$PD(CA)w*IEDZ}=,7#SBgSLqDC'IKKEN#|(}d)"D$
i,i$C'm]#}K$wC'm].b,$i2|,;+C\?,9C'\i$"S\(
E#
4
29Tivoli PKI dC8O
4.`XE"
ZbV2+T#MB,w=DI?T!vZDh)"$iD CA PDEN#*7#$iDj{T,
CA T$ixP}V){,bG4($iD;?V#"T|D$ia<B){^',"9d;I
C#
Z Tivoli PKI P,CA 'VTBn/:
¶ *K7#$iD(;T,CA *?vBD$iM?v|BD$izIrPE#CrPEG(;
j6,|;w*(P{F(DN)D;?Vf"Z$iP#
¶ *KzY)"D$i,CA TQ)"$iPm(ICL)xP,$#ICL f"?v$iD2+1
>,TrPE("w}#dMX,ICL w* DB2 }]b4(#
¶ *KzY7zD$i,CA 4("|B$i7zPm(CRL)#CA ;)p$i,MTyP CRL
xP}V){,T#$dj{T#
¶ *K#$}]9d\b[D,CA T4k}]bD?nG<Fc{"O$zk(MAC)#MAC
(}9z\lbdPD}]N1Py^Dr>},PzZ7#}]bDj{T#
¶ *Kx;=#$ CA ){,CA Ik IBM 4758 PCI Cryptographic Coprocessor/I#4758
9Cf"Z2~PDS\\?4S\"#$ CA D)p\?#
¶ *K'VsFM}]V4,CA *m`IsFDB~zIsFG<#b)G<IsF~qwf
"Z DB2 }]bP#
XZ Tivoli PKI CA D|`E",kND Tivoli PKI System Administration Guide#}g,Ci
|,w{ CA ~qwKP1!nD8O,T0(";%O$MVc CA EN#MD=h#
DB2 }]bTivoli PKI 9C IBM DB2 (C}]b4f"$i}]""a}]MsFU>#KP20r<.
0,Xk7# DB2 m~D}76pZ?(20K Tivoli PKI ~qwi~DzwOIC#
w*s20}LD;?V,Tivoli PKI 4(dC}]b"T|2k1!}]#ZdC}LP,*~
qwi~4(}]b#BfPvDG1!}]b{F:
¶ TZdC}]b* cfgdb
¶ TZ CA }]b* ibmdb
¶ TZ"a}]b* pkrfdb
¶ TZsF}]b* adtdb
¶ TZ Directory }]b* ldapdb(}G9CVPD Directory }]b)
¶ TZ(C\?8]kV4}]b* krbdb
g{Z6LzwO20NNi~,Xkq-Z113D:hC6L~qw;PD=h,T7#}7
hC}]b#
DirectoryTivoli PKI 9C IBM Directory w*dPDJ4b,CZ+C\?$i#(}k DB2 D/I,
DirectoryI'V}YrD?<u?#|29M'z&CLr(}g Tivoli PKI)\4PBqDf
""|BMlw#
Z Tivoli PKI P,RA ~qw"< Directory PDTBE":
¶ CZS\MO$D+C\?$i
30 f> 3 "Pf 7.1
¶ k(P{FX*DtT(yP_DG+MX()
¶ PvyP7zD$irPED$i7zPm
¶ XZ)p$iD CA DE",|,k$iX*DLqM$i_T
Directorya)K2+GGMO$C'MJ4D=(#Directory2(eK+2?<#=;4:f"
E"rS DirectorylwE"Dfr#C#=?FK}]D;BT#27#Kx(C'rJ4DE
";ZxgPD`&;CrT`Vq=f"#
KP20r<1,Xk8(E",9 Tivoli PKI i~\A!"f""|B DirectoryPD}]#
}K*@ZxgPN&20 Directory .b,9h*Kb:
¶ Directory w
¶ Directory root\m1
¶ Directory \mw
Directory wDirectoryPD?vu?m>I;v(;Rw7D(P{Fj6D%vTs(}gK1"i/"J
4rh8)#DN |,;itT,PzZ(;Xj6Ts"hvTsX(#tTI8(Tsp4D
zRrXx"kTsPXDi/,T0Q*TsD{F#
yP Directoryu?<G_-Xi/=F* DirectorywDVca9P#Cw_P;vyM^^6
*Zc#?vZcT&Z;v Directoryu?,PzZ+B6u?k,;ZcDd|B6u?(;
Xxp*#
DN o(I Directory#=M}"TCJ DirectoryDM'zXF#8( Tivoli PKI D DN 1,
I+|Gdk=}]dkVNP,r9C<NC'gf#
¶ XZgN9C Tivoli PKI yhDo(48( DN D8>E",kNDZ183D:(}dk8
( DN;#
¶ XZgN9C(P{F`-w4(e DN D8>E",kNDZ203D:9C DN `-w;#
9C`-w\uYmsDI\T,"9z;X+fKb DN o(#
Root C' DNroot C' DN G_P|B{v Directory wD(^D Directory zm#|G;vQdCD5e,
+5JO|";fZZ Directory wP#
root C' DN 2Jm Tivoli PKI 7(XZ Directory ~qwDy>E"#}g,root C' DN
PDtTa) Directory DTBXw:
¶ 20D Directory m~D6p
¶ ~qwy*DTs`MtT#=
¶ \~qw'VDYwMX~
¶ \'VD2+T-i
KP20r<1,Xk8( Directory rootC'D DN M\k#g{9C20 Tivoli PKI .0
MfZD Directory,rXk8(CVPD Directory rootC' DN 0d\k#
31Tivoli PKI dC8O
4.`XE"
Directory \m1r* Tivoli PKI CA ;1Ss(= Directory,|9CzmLr(F* Directory\m1)4\m
f" CA )pDu?DSw#X(Z CA D Directory \m1_P|B Directory wP CA k
ZcDrBfDyPu?D(^#CX(|,mS">}"|D"A!"QwMHO Directoryu
?D\&#
KP20r<1,Xk8( Directory\m1D DN M\k#g{9C20 Tivoli PKI .0Mf
ZD Directory,rXk8(CVPD Directory \m1 DN 0d\k#
PKIX CMP ,S+C\?y!a9 X.509 f> 3 j<(PKIX)"9*;Yh*a)YxgSLq&CLr%Y
wTDr\#|Dw*EFGI9i/\\m2+gS;W,x;X<GYw=(r&CLrm
~|#
1C'a;q!"|Br7z$iDks1,M'z+Kks+]x"aPD#)"$i1,&
CLr+|f"ZC'DibromG\(O#+K=(kZ333D:SSL,S;TH,s_ Web
/@w+ks+]A RA,Tq!C'$i#
"ar?v Tivoli PKI 53_P%v"ar#Cr(eKki/"aM$w}L`XDLq_T"$i
_TMJ4#kCJJ4DC'XkZ\mCJ4D9CDrP"a#
120K RA ~qwm~1,|M|,K"a$_r\#KP20r<1,k*}* Tivoli PKI
20xZKPD"a}L!qr{"roTMr76#
Z#fdC}]"*<dC}L.s,dCLr4("ar#539Cr{4+=/ WebX7,
C'I(}C Web X74CJ"a$_#
}g,g{zD+C Web~qw|{* MyPublicWebServer,r{* MyDomain,rI9CTB
Web X74CJ"a>c:
http://MyPublicWebServer/MyDomain/index.jsp
C Web X7D1! Java~qw3f(index.jsp){*>$PD#|a)U/GG}]""aC
'M)"$iDkZc('V1!$iE*D~P(eD?D)#w**Cr(F"a$_D;
?V,zDi/I\QX|{C3f"|DKGGm%#2I\mS"}%r|DK$iE*D
~#
¶ XZzDi/(F"a$_D=(D\a,kNDZ253D:(F"ar;#
¶ XZgN(F"a&mT'Vi/D_TDj{E",kND Tivoli PKI Customization Guide#
¶ XZ*"M(FL5wLTs(BPO)TzczT:(;LqhsD8<,kN< IBM l$
i Working with Business Process Objects for Tivoli SecureWay PKI,SG24-6043-00#
32 f> 3 "Pf 7.1
|
|
SSL ,S2+WSVc(SSL)-i9C+C\?){"}V$iMS\,T*=v(E= * dM* Web
~qwM/@wM'z * a);;{"D5CENDM(CD73#
kj< TCP/IPWSV,S`H,SSL a)TBEF:
¶ #\T#S\M'zM~qw.d;;DyP{",x;PSBBqD+=Ib\}]#
¶ j{T#yZ2+"P/}Dj{TliI7#}]Y5;alb;=#
¶ f5T#(}}V$iD;;,M'zIT~qwm]xPO$,xR~qwITM'zx
PO$(I!)#
¶ ;IqOT#(}}V){,IzYyP(EA"45e,X*1JmI$5dpNT#
Z Tivoli PKI 53P,fZ@"KZ,T&m;,6pDO$#KP20r<1,kj6;v2
+KZ,T&mh*~qwO$D SSL,S#j6m;v2+KZ,T&m,1h*~qwO$
MM'zO$D SSL ,S#
"a$_|,;i/@wGGm%,9C'\+] SSLks,rq!CZtC SSLD&CLr
D$i#}g,1C'a;ksT|B$i1,C'D Web/@w+Cks+]="aPD#)
"BD$i1,RA +|f"ZC'D/@wP#+K=(kZ323D:PKIX CMP ,S;TH,
s_M'z&CLr+]ks"20C'$i#
XZ9C/@wGGm%4q!"|BM7z$iDE",kND6Tivoli PKI C'8O7#Ci
V[K;,`MD$i(zI(}9C1!D$iE*D~4q!b)$i),"hvK?V$
i`MD9C?D#
Web ~qwTivoli PKI 9CyZ}vib~qwM}vKZD#M,4&mM'zks#w*dC53D;?
V,kj6zZ20 IBM HTTP Server1dCDwz{MKZ#
+C Web~qw9C HTTP -iM%vKZ4&mG SSLks#b)ks;h*S\rO$#
=v2+ Web~qw9C HTTPS-i4&m SSLks#*K7#z\T,M'zM2+~q
w.dDyP(E<*S\#mb,SSL ,SPLPD+C\?\ku9\Za0t/1O$~
qw#Z Tivoli PKI 53P,Za0t/12dC2+~qwKZ.;4O$M'z#
Bm\aKCe5a9M1!KZ5#y]zDi/GgNhC@p=,zI\h*9C`,D
KZE(}g 443)4&m=V`MD2+ks#g{75h*,rXZhC;, Web~qwx
LD IP p{DE",kND6Tivoli PKI hCkKP7#XkZKP Tivoli PKI 20r<.0
(eb)p{MKZ#
-i SSL ~qwO$ M'zO$ KZE
HTTP q q q 80
HTTPS G G q 443
HTTPS G G G 1443
33Tivoli PKI dC8O
4.`XE"
4758 -&mw!\bGI!D,+Dxz9C IBM 4758 PCI Cryptographic Coprocessor4ns/ CA r RA
D)p\?D2+T#
w*20 4758-&mwD;?V,dCLrzIw\?"+|f"Z2~P#Z Tivoli PKI 5
3P,-&mwI9CCw\?M RSA c(4}XS\ CA r RA D)p\?#K=ha)2
+Tnbc,T\bT<9)rmbFk CA r RA D){#
g{v(9C 4758 -&mw,rXkZ20 Tivoli PKI CA r RA DzwO20|#KP2
0r<1,k8( CA r RA Gq&9C-&mw4#$d)p\?#
Zs`} Tivoli PKI 53P,CA \?r RA \?"GZomOk-&mwPDw\?;pf"#
;x,P;dC!nJmz2GC1!5 * IBM ;DxKYw#g{!qZ2~Pf" CA r
RA D\?,rPX*@?TBgU:
¶ 8] 4758-&mw1,v8]|Dw\?,;8]f"Z2~(PDNNd|\?#rK,
g{(p5,r"zd|2~JO,z+*' CA r RA D)p\?#
¶ g{ CA r RA D\?Q*'r9),rXk!B CA r RA,";OBD\?#1 CA r
RA ;IC1,I CA r RA )p$iDC';\9C|G,r*^(i$|G#
¶ r*T CA r RA D-<\?)pD$i;YP',yTXk)"XB(" CA r RA .
sTBD CA r RA \?)pDB$i#
XZ20"dCMK! 4758-&mwDj8E",kN< 4758z7D5,CD5ISTB Web
X7CJ:
http://www.ibm.com/security/cryptocards/
34 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
N<
>ZPDwbhvKKP Tivoli PKI 20r<1IT8(D5#?vwbhvK!&CLrPD
%@0Z#
ns=vwba)KXZ!&CLrD;cE":
¶ Z433D:sjYwD|L8CYw;xvK/@!&CLrD8C=(#
¶ Z443D:>XoT"bBn;a)KZ}"oTbDoTPKP!&CLrD<I#
t/!nZ;Nt/20r<1,53af_z20w Tivoli PKI m~D~qwDwz{#g{b;Gz
*dCD~qw,k%wKv,Kv20r<#g{ZdCjI.0Kv20r<,r;#f}
]#
"b!
g{TQdCCDzwKP20r<,+F5yPVPD}]#;\XBdCVP53,
r+dC}]<k=T0dCD53P#
SVPDdC<k}]
;PZ{OTBiv1E!qC!n:
¶ T020"dCK Tivoli PKI 53
¶ z*9CVPDdC}]w*dCC53Dy<
¶ ZkT0D53`,DYw53=(O20CBD53
g{zF.Z`(~qwO20 Tivoli PKI,"Z?(~qwOhC`FDdC,rI\
h*dV{CK&\#
g{!qKC4!r,+a>z!q|,z*<kDdC}]DD~{F#
<k!ng{8(*SVPDdC<k}],rXk8(XZz*<kDdC}]D!n#
dC}]
Pmr|,Z0;N20 Tivoli PKI }LP#fDT04F=>zwDyPdC}]D
~DPm#v/CPm"!q|,z*&C=KN20PDdC5DD~#
5
35Tivoli PKI dC8O
|
5.N<
20r<+<kD54F=10!&CLra0P#KP!&CLr1,I#VT>D
5,rI!qTX|D;&C=C Tivoli PKI 53D5#
B20r(F
¶ g{z}ZdCBD Tivoli PKI 53,k%wB(#
dCLr4(BD}]b,T#fK Tivoli PKI B5}D}]#
¶ g{z}Z(FdC}],k%w(F#}g,*ST0f>D Tivoli PKI (F}
],k!qK!n#
dCLr4FVPDdC}]b,TCZC Tivoli PKI 20#
CA MsF~qw!nXk8(9d| Tivoli PKI i~\k Tivoli PKI O$PD(CA)MsFS53(ED!n#
Tivoli PKI CA MsF~qwLrXkfZZ,;zwO#y]zDi/gN20m~,|GI\
Zk "aPD(RA)r Directory ~qw`,DzwO,2I\;G#
wz{r IP X7dk20 CA MsF~qwLrDzwD+^(wz{#;\dkL{Frp{,2;\
dk IP X7#
bG*zDxgD TCP/IPr{~q(DNS)PDC~qwdCDwz{#1!5*"a
PD~qwDwz{#
CA ~qwDKZEj6 Tivoli PKI CA l}ksDICKZ#1!5* 1830#
sF~qwDKZE
j6 Tivoli PKI sFS53l}ksDICKZ#1!5* 59998#
CA D DNC(P{Fj6K DirectoryPD CA,"CC'\]WX6pDv CA )pK|GQ)
"D$i#1!5*:
/C=US/O=Your Organization/OU=Trust Authority/CN=Trust Authority CA #
g{zl$ X.509v3 DNDq=,I* Tivoli PKI CA dk;v(;D DN#XZgN
T Tivoli PKI *sDq=48( DN DE",kNDZ183D:(}dk8( DN;#
8((;D DN 1,*K-zz{}msDI\T,k%w DN `-w<j#X
Z9CK$_44( DN DE",kNDZ203D:9C DN `-w;#
CA \?!nXk8( CA (C)p\?DS\c(M\?s!#g{zDi/20K IBM 4758 PCI
Cryptographic Coprocessor,IhC CA(I!),Tc9CS\2~CZ\?#$#
)p$iDc(
!q Tivoli PKI CA }V){DS\c(#CA ){i$I CA )pD$iM$i7z
Pm(CRL)Df5TMj{T#
k!qTB3n:
36 f> 3 "Pf 7.1
|
|
|
|
sha–1WithRSAEncryption(}+yZ2+"Pc((SHA-1)D"P/}&C=}V){c((DSA)f
qP(eD){Fc,zI){#
md5WithRSAEncryption(}+ MD5 {"**/}&C= RSA j<P(eD){Fc,zI){#
$i\?s!
CA }V){D2+T2G\?s!D;vrX#(#,1\?s!s=cTh9frF
c1,O*){c(G2+D#|sD\?s!av?2+T,+,12vSK("2
+a01i$){yhD1d#
ZKf>Dz7P,Xk!q 1024#
9CS\2~
;PZ{OTBiv1E!qC!n:
¶ Z IBM AIX =(O20K Tivoli PKI
¶ T0Z Tivoli PKI CA MsF~qwzwO20K 4758S\-&mw
¶ z*9C 4758-&mw4#$ CA \?
g{z;9C 4758-&mw,rT CA \?xPS\"f"Z2+D KeyStoreP#;
x,4758-&mw(}9Cdw\?4S\ CA )p\?,a)K)92~#$#
RSA \?s!g{8(*9CS\2~,r 4758-&mwT/9C RSA c(4S\ CA )p\?#
Xk!q\?s!,TCwFcDdk#|sD\?s!\v?2+T,+2vSKi
$2+BqyhD1d#
k!qTB35#1!5* 1024#¶ 512
¶ 768
¶ 1024
+)p\?f"Z2~P
g{8(*9CS\2~,rI!q CA )p\?Gq&omOf"Z2~P#
1!5*q#
"b!
8] 4758-&mw1,v8]|Dw\?#g{2~p5,z+*' CA \?#
*bvbVp',XkKP_PB\?D CA,;sXB)"B)pD$ixVPD
$iVP_#
;PZzKbf0=DgU1,E\!qG#XZgUM@}YwDV[,kNDZ34
3D:4758-&mw;#
CA 4758 E*D~\kr\kLo* 4758dk\kr\kLo#
\kr\kLoITGNb$H#*KC2+TnE/,k8(;v;\4v5J%J
DV{.#\kr\kLo2&9Cs!4lODV{,RAY|,;v}V#
37Tivoli PKI dC8O
|
|
|
|
|
|
|
|
|
|
5.N<
Directory ~qw!nXk8(9 Tivoli PKI \k IBM Directory ~qw(ED!n#}g,RA ~qwZ Directory
P"<$iM$i7zPm(CRL)#@@$iDP'T1,&CLrhA! DirectoryPDE"#
wz{r IP X7dk20 Directory~qwm~DzwD+^(wz{#;\dkL{Frp{,2;\
dk IP X7#
bG*zDxgD TCP/IPr{~q(DNS)PDC~qwdCDwz{#|ITGkd
|&CLr;p9CD Directory ~qw,r_2ITGz*9C Tivoli PKI X(20
D~qw#1!5*"aPD~qwDwz{#
Directory DKZE
j6 Directory ~qwl}ksDICKZ#1!5* 389#
9CVPD Directory1!ivB,;tCC4!r,bm>z*4(k Tivoli PKI ;p9CDBD Directory
}]b#
;PZT020K Directory "#{9C|4f" Tivoli PKI DE"1,E&!PK4
!r#
g{zF.kVPD Directory ;p9C Tivoli PKI,kNDZ143D:9CVPD
Directory;#
9C Directory #=f> 3?1!ivB,tCC4!r,bm>z*k Tivoli PKI ;p9C Directory #=f> 3
(g RFC 2256y(eD)#@;'VVPD PKIX LDAP #=,f> 2(g RFC 2587
y(eD)#
g{z*9C PKIX LDAP #=f> 2(g RFC 2587y(eD),ke}C4!r#
g{zF.kVPD Directory ;p9C Tivoli PKI,kNDZ143D:9CVPD
Directory;#
Directory root C'!nXk8( Directory rootC'D(P{F(DN)M\k#root C'G_P\m Directory wPy
Pu?D(^D Directory zm#29 Tivoli PKI \q!XZ Directory ~qw'VD-iMj
<DE"#
":g{zD Directory ~qwZ20 Tivoli PKI .0MfZ,rI\Q-_P*.dCD
Directory rootC'#g{75gK,k8(K&VPD root C' DN 0d\k#
Root C' DNg{zl$ X.509v3 DN Dq=,I* Directory rootC'dk;v(;D DN#1!
5*:
/C=US/O=Your Organization/OU=Trust Authority/CN=Ldap Root DN #
XZgNT Tivoli PKI *sDq=48( DN DE",kNDZ183D:(}dk8(
DN;#
Root C'\kkdk Directory rootC'D\k#
38 f> 3 "Pf 7.1
|
|
|
|
|
|
|
\kXk|, 8 vV{#*KC2+TnE/,k8(;v;\4v5J%JDV{.#
\k2&9Cs!4lODV{,RAY|,;v}V#
g{z8(VPD root C' DN D\k,Tivoli PKI ;i$0 8 vV{#
7O root C'\kkYNdk`,\k#
g{8(K|,s!4lOV{D\k,K&kT`,Ds!4dk#
Directory \m1!nXk8( Directory\m1D(P{F(DN)M\k#CzmLr4("\m DirectoryPD CA
SwZDu?#|k CA M RA ~qw;,$w,T"<XZ$iM$i7zPmDE"#
":g{zD Directory ~qwZ20 Tivoli PKI .0MfZ,rI\Q-_P*.dCD
Directory \m1#g{75gK,kZK&8(VPD DN 0d\k#
Directory \m1 DNg{zl$ X.509v3 DNDq=,I* Tivoli PKI Directory \m1dk;v(;D DN#
1!5*:
/C=US/O=Your Organization/OU=Trust Authority/CN=DirAdmin #
XZgNT Tivoli PKI *sDq=48( DN DE",kNDZ183D:(}dk8(
DN;#
8((;D DN 1,*K-zz{}msDI\T,k%w DN `-w<j#X
Z9CK$_44( DN DE",kNDZ203D:9C DN `-w;#
Directory \m1\k
kdk Directory \m1D\k#
\kXk|, 8 vV{#*KC2+TnE/,k8(;v;\4v5J%JDV{.#
\k2&9Cs!4lODV{,RAY|,;v}V#
g{z8(VPD Directory \m1D\k,Tivoli PKI ;i$0 8 vV{#
7O Directory \m1\k
kYNdk`,\k#
g{8(K|,s!4lOV{D\k,K&kT`,Ds!4dk#
Jm Directory \m1|B DirectoryDirectory \m1&_P|BX(,Tc\mS"}%M^D Directory PDu?#
1!ivB,tCC4!r,bm> Directory\m1I|B DirectoryPD CA Sw#
dMX,&#tC!n*tC#
"ar!nXk8(XZ Tivoli PKI 20D"arDE"#"ar(eKx(D"a$_5}X(DLq_
T"$i_TMJ4#
"ar{F
dkz*C4j6"arD{F#1!5* YourDomain #&|DC{F*TzDi/r
z9C "a$_ D?DPbeD{F#
39Tivoli PKI dC8O
5.N<
r{Xk{OzDYw53(AIX r Windows NT)D?<|{*s#XpG,7(*9
CD{F1,XkaVTBfr:
¶ {FXkGP'D URL V{.#
¶ {F|,DV{;\`Z 128 v#
¶ {F;\|,Uqrxq#
¶ {F;\|,TBXbV{:41\(\)"}1\(/)"0E(:)"GE(*)"
JE(?)"}E(″)"b(E(< >)"zu(|)".E(#)"@*{E($)r2
E(’)#
"aroT
!qC"arDoT#
C'a;$iks1,r\m1CJ RA @f1,}]T!qDoTT>"f"#1!5
*"o#
k!qTB35:
¶ "o
¶ (o
¶ Bo
¶ bs{o
¶ w`@o
¶ MwOQ@o
¶ Uo
¶ +zo
¶ rePD
¶ 1ePD
20y?<
Z RA ~qwOdk"arD;C#Xk8(+^(76#
dC}LP,53ZC;ChC"ar#g{(F"a$_,r(FCrPDD~#b
7#K07CrDNN"an/\z*.(eD_TXF#
¶ Z AIX P,r76D1!5* /usr/lpp/iau/pkrf/Domains #
¶ Z Windows NTP,r76D1!5*
c:\Program Files\IBM\Trust Authority\pkrf\Domains #
+C Web ~qw!nXk8(9 Tivoli PKI i~\k+C Web~qw(ED!n#C~qw&m;h*S\rO$
Dks#
+C~qwDwz{r IP X7dk*&m+Cksx20D~qwD+^(wz{#;\dkL{Frp{,2;\
dk IP X7#
20 IBM HTTP Serverm~1,&Q*&mG SSL ksD~qwLrdCKibwz
{#1!5*"aPD~qwDwz{#
+C~qwDKZE
j6+C Web ~qwl}ksDICKZ#1!5* 80#
40 f> 3 "Pf 7.1
2+ Web ~qw!nXk8(9 Tivoli PKI i~\k2+ Web~qw(ED!n#b),S&mh*S\MO$D
SSL ,S#XkdC3v2+~qw4&m2h*M'zO$Dks#
¶ dC&m;h*M'zO$DksD2+~qw#
wz{r IP X7dk*&mb)`MDksx20D~qwD+^(wz{#;\dkL{Frp
{,2;\dk IP X7#
20 IBM HTTP Serverm~1,&Q*&m;h*M'zO$DksD~qwLr
dCKibwz{#1!5*"aPD~qwDwz{#
KZE j62+ Web~qwl}h*S\M~qwO$+;h*M'zO$D SSLksD
ICKZ#1!5* 443#
¶ dC&mh*M'zO$DksD2+~qw:
wz{r IP X7dk*&mb)`MDksx20D~qwD+^(wz{#;\dkL{Frp
{,2;\dk IP X7#
20 IBM HTTP Serverm~1,&Q*&mM'zO$DksD~qwLrdCK
ibwz{#1!5*"aPD~qwD>Xwz{#
KZE j62+ Web~qwl}h*S\"~qwO$MM'zO$D SSLksDICK
Z#1!5* 1443#
RA !nXk8( RA (C)p\?D\?s!#g{zDi/20K IBM 4758 PCI Cryptographic
Coprocessor,IhC RA(I!),Tc9CS\2~CZ\?#$#
M'zksDKZE
j6 RA C4l} PKIX CMP ksDICKZ#1!5* 829#
9CS\2~
;PZ{OTBiv1E!qC!n:
¶ Z IBM AIX =(O20K Tivoli PKI
¶ T0Z Tivoli PKI RA ~qwzwO20K 4758S\-&mw
¶ z*9C 4758-&mw4#$ RA \?
g{z;9C 4758-&mw,rT RA \?xPS\"f"Z2+D KeyStoreP#;
x,4758-&mw(}9Cdw\?4S\ RA )p\?,a)K)92~#$#
RA 4758 E*D~\kr\kLo* 4758dk\kr\kLo#
\kr\kLoITGNb$H#*KC2+TnE/,k8(;v;\4v5J%J
DV{.#\kr\kLo2&9Cs!4lODV{,RAY|,;v}V#
41Tivoli PKI dC8O
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5.N<
RSA \?s!g{8(*9CS\2~,r 4758-&mwT/9C RSA c(4S\ RA )p\?#
Xk!q\?s!,TCwFcDdk#|sD\?s!\v?2+T,+2vSKi
$2+BqyhD1d#
k!qTB35:1!5* 1024#¶ 512
¶ 768
¶ 1024
+)p\?f"Z2~P
g{8(*9CS\2~,rI!q RA )p\?Gq&omOf"Z2~P#
1!5*q#
"b!
8] 4758-&mw1,v8]|Dw\?#g{2~p5,z+*' RA \?#
*bvbVp',Xkav_PB\?D RA,;sXB)"B)pD$ixVPD
$iVP_#
;PZzKbf0=DgU1,E\!qG#XZgUM@}YwDV[,kNDZ34
3D:4758-&mw;#
2m&mw!n
g{ RA M CA Z,;zwOR*2m 4758-&mw,rXk!qC!n#
RA/CA D\m1E*D~\kdk 4758-&mwOD\m1E*D~D\kr\kLo#t!qK2m&mw!n,
r!&CLr?F\m1E*D~D\kk RA M CA D\k`,#
dC\av/*;, Tivoli PKI i~8(DdC!n#
g{Z&ChC.0*^DNNhC,k%wO;=,1=5XAz*|DDi~#
<8CRITLxxPdC}L1,k%wB;=#
#fdC}]TdC}]D#f*za)KzDdC5D8]#29z\9Cb)5w*hCm;v Tivoli PKI
53Dy<#
t/20r<1,a/JzGq*ST0DdC<k}]#g{G,rI!qdC}]D~,C
D~|,z*<kD5#
dC}]{F
dkdC}]DD~{#;XdkD~)9{#1!5* DatabaseBackup #
dCm;v Tivoli PKI 531,k9CPzZzj6CD~*z*<kDD~D{F#
C{FIT|,Uq,+;\|,{EMzDYw53;JmDNNV{#
42 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
XZ<k}]=BD Tivoli PKI ~qwyXkI!D=h,kNDZ113D:<kdC
}];#
*#fdC}]"LxxPdC}L,k%wB;=#g{8(zDYw53;JmDD~{,
r20r<aa>z|}|#k"bg{Zw7X#fdC}].0,%wKvTKv20r
<,z8(D5+^;#f#
dC}L#fC Tivoli PKI 20DdC}]s,Xk+b)5&C=53P#&Cb)51,*< CfgStart
dCLr#ZK}LP,534(i~}]b,"|Bi~dCD~#
":g{Z6LzwO20KNN~qwi~,rdCLr]#,"a>zLxdC}LDB;
=.0,ZC6LzwOI!Yw#XZj8E",kNDZ113D:hC6L~qw;#
sjYwD|L8CYwg{9C|Lx;GsjZ20r<r(P{F`-wPxP!q,kiDBm#
bj9c;C w|
Z DN `-wZYw
!qm;v!n(j),T>C!n(# R}7*AB;v!n(#s}7*A
O;v!n(#
Z!n(Zv/# Page DownrBv/#Page UprOv
/#
Kv DN `-w# Esc#
ZVNdF/
Ss`}VNFAB;VN# Tab#
Ss`}VNFAO;VN# Shift-Tab#
9CiOrPDn
ZnPmPF/# B}7BF#O}7OF#
FAB;VN;10T>Dn#V!P# Tab#
&mPmrPDn
ZnPmPF/# B}7BF#O}7OF#
FAB;VN;10T>Dn#V!P# Tab#
&m%!4%/(S;v%!4%/*;vVN)
Z%!4%dF/,"!q;n# B}7MR}7FAB;!n#O}7
Ms}7FAO;!n#
Kv"FAB;VN# Tab#
&m4!r
!qr!{!q4!r# Uq|#
Kv"FAB;VN# Tab#
&m|n4%
FA|n4%# Tab#
4P|n# Uq|r Enter|#
43Tivoli PKI dC8O
5.N<
>XoT"bBn>Z\aK Tivoli PKI D"of>0d'VDd|oTf>.dDxp#g{KP9CG"of
>D Tivoli PKI D20r<,k4i>Z,TKbzDoTI\gNT>r&mE"D;,#
8("aroT
g{F.KPG"oD"a$_,8("arDdC!n1,k!qzDoT#1!5
*"o#g{dC}LP;|DC5,r}GXB20Cz7,qrZTs;\|D
|#
9C ASCII V{* CA"Directory \m1r Directory rootC'8(?<76r(P{F(DN)1,X
k9C ASCII V{#;\dk|,G ASCII r+VZoTDV{(}gUorPD)D
76{Fr DN#
KP1ePDD!&CLr
g{9C1ePDf>D Netscape Navigatorr Netscape Communicator,f> 4.05 r
f> 4.5,r20r<w}3fI\5X"oxG1ePD#7#zD/@wDoTW!
nhC*9C1ePDw*w*oT,xG"o#
g{@;fZJb,rI\G NetscapeZzi/Z>X/D==y<BD/@wV^T#
w*;vI!=(,"T9C Microsoft Internet Explorer40k20r<#
44 f> 3 "Pf 7.1
Jcm
>Jcm(eK>iPI\GBDr;#CDuoMu4T0A_I\PK$Duo#UkDu
oM(e4T:
¶ 6nB IBM® Fcz<uGd7,&<:McGraw-Hill,1994#
¶ 6@zzRj<E"53Vd7,@zzRj<-a X3.172–1990,@zzRj<-a
(ANSI),1990#
¶ 6#{Jbbp7,f> 3.0,S{#aG:RSA Data Security,Inc.,1998#
2A3
2+gS;W(Secure Electronic Transaction ,SET)G;VZ;IExgOxP=c2+DEC(rhG('6D$5j<#IZCj<+*s$iD"P,
yT|aOKV(K"LRM"(xPDm]O$#
2+"Pc((Secure Hash Algorithm ,SHA-1)|GI NIST M NSA hFD;Vc(,M}V){j<;p9C#Kj<G2+"Pj<;SHA GKj
<9CDc(#SHA zz;v 160 ;D"P5#
2+WSVc(Secure Sockets Layer ,SSL)xPTnUC'!I\8wDZC2+~qD IETF j<(E-i#|a)K;u}V/2+(E(@#
P SSL &\D~qw(#Zk HTTP j<;,DKZOS\ SSL ,Sks#Z=(wFbwwd;;E
ET("(EZd,SSL4(a0,K}L;h"z;N#ZK.s,(EMS\K#E"j{Tli+;
1Lx= SSL a0ax#
2+Tr(security domain )I,;v CA 4O$$iDi(+>"$wirES"L}gr~.)#I CA )p$iDC'ITENd
{IK CA )p$iDC'#
2B3
#\T(privacy )@94Z(D}]96#
>XoT'V(National Language Support ,NLS)z7Z?T;,oT73D'V,b|(oT"uR"UZM1dq=,T0}Vm>==#
j<(CjGoT(Standard Generalized Markup Language )
CZhvjGoTD;Vj<#HTML MGyZ SGML D#
;IqOT(non-repudiation )9C}V(C\?\bD~"PLJbqOTD5D)p#
2C3
Ywz7(action history )>$P'ZP}[DB~#
_TvZ(policy exit )Z"a$_P,I"a&CLrwC"i/(eDLr#Z?v_TvZP8(Dfr,|Qi/D5q
M2+T!n&C=GG}LP#
45Tivoli PKI dC8O
Jcm
cNa9(hierarchy )EN4PDO$PD(CA)Di/,TT)p CA r%KDy*<,"T)"$ixnUC'D CA ax#
,D>(hypertext )|,%J"Lor<NDD>,A_IT(}sjcwTlwMT>m;vD5#byD%J"Lor<
NF*,4SD>#y=lw,D>,MG4S=CD>#
,D>jGoT(Hypertext Markup Language ,HTML)T Web 3f`kDjGoT#|yZ SGML#
,D>Bq&m-i(Hypertext Transaction Protocol ,HTTP)(} Web *F,D>D~DrXxM'z/~qw-i#
iso(m>( 1(Abstract Syntax Notation One ,ASN.1);V ITU F(Dm>(,CZ(eE"}]Do(=(#|(eKm`r%D}]`M,R*j6b)`M
M5w|GD58(Km>(#1h*(eE"Diso(1,<IT&Cb)m>(,+;C\+db
)E"D`k==D<x#
+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol ,TCP/IP);i'V>XxMcrxDcTc,S&\D(E-i#
2D3
zm~qw(proxy server )ZksCJDFcz(Fcz A)M;CJDFcz(Fcz B).dDPi#rK,g{nUC'ksF
cz A DJ4,rks;(r=zm~qw#zm~qwrFcz B ks"q!l&,YQl&*"xU
KC'#(}Z?@p=4CJr,xJ4D}LPzm~qwpEX*DwC#
zk)p(code signing );VC}V){)pI4PLrD<u#zk)phFC4DxV<ZrXxODm~DI?T#
GG(enrollment )Z Tivoli PKI P,q!ZrXx9CD>$D}L#GG|($iDks"a"|BM7z#
GGd?(enrollment variable )kNDGGtT(enrollment attribute)#
GGtT(enrollment attribute )
|,ZGGm%PDGGd?#|D543KGGZd6qDE"#GGtTD5Z>$9CZZG;d
D#
gS3W(e-commerce )LR=LRD;W#|,(kKM"a)L")&LMd{K)ZrXxOrtL7M~q#|GgSL
qDw**X#
gSLq(e-business )(}xgMFczxPL5;W#||(rtL7M~q#9|((}}V(E*FJp#
%c CA(top CA)Z PKI CA cNa9%cD CA#
TF\ku(symmetric cryptography )
9C`,D\?4S\Mb\D\ku#|D2+T!vZ\? * \?9\Mb6NNK<IT`kMb
k{"#;P1\?#\,(EEG#\D#kTUGTF\ku(asymmetric cryptography)#
46 f> 3 "Pf 7.1
TF\?(symmetric key )ITS\`Ib\D\?#m{TF\ku(symmetric cryptography)#
Ts(object)ZfrTsDhF`LP,k}]`XDisb0}]MYw#m{`(class)#
Tsj6(object identifier ,OID)y>Z\m,8(xiso(m>( 1(ASN.1)P(eD`MD}]5#
Ts`M(object type )ITf"Z Directory PDTs#}g:i/"aiR"h8"K1"Lrr}L#
`&\rXxJ~)9(Multipurpose Internet Mail Extensions ,MIME);WTIICDf6,9CT;,V{/`kDD>IT`%;;#,129`=egSJ~JCZ9C
rXxJ~j<D`V;,Fcz53#}g,}K US-ASCII"v?D>"<qMytb8VV{/,gS
J~{"9IT|,d|V{/#
2F3
@p=(firewall )xgdDxX,CZ^Fxg.dDE"w/#dMX,@p=D?DG#$Z?Dxg,@94Z(D
b?C'9C#
CJXFm(access control list ,ACL);VTQZ(C'^F9CX(J4DzF#
GTF\ku(asymmetric cryptography )
\kuGC;,D"GTF\?xPS\Mb\#?vC'IU=;T\?:;vyPKICJD+C\
?M;vvC'*@D(C\?#1+C\?M`&D(C\?`%d1,t/;Wb\,byM\xP
2+;WK#b2F*\?T\ku#kTUTF\ku(symmetric cryptography)#
qO(repudiate )IZ;f5x\x;}g,qO"MK8({"ra;K8(ks#
~qw(server)(1)ZxgP,*d|>ca)&\D}]>c,}g,D~~qw#(2)Z TCP/IPxg53P*d|
>c53Dksa)&mD53,F*M'z/~qw#
~qw$i(server certificate )I CA )"D}V$i,9 Web~qw\&myZ SSLDBq#1/@wC SSL-ik~qw,S1,
~qwa"x/@w;v+C\?#K\?I'V~qwm]O$#,1|2'V*"Mx~qwDS\
E"#m{ CA $i(CA certificate)"}V$i(digital certificate)M/@w$i(browser certificate)#
2G3
+2S\a9(Common Cryptographic Architecture ,CCA)IBM m~,|9s`} IBM Fc=(<\T;BD=(IC\ku#|'VIC;,D`LoT`4D&
CLrm~#&CLrm~ITwC CCA ~q4jIs6'DS\&\,|( DES M RSA S\#
+2}]2+Te5a9(Common Data Security Architecture ,CDSA)*yZFczD2+T&CLrx4(Dfr2+T~qM2+T\m(eD[O=(#|I Intel hF,
T9Fcz=(T&CLrxT|*2+#
+2xXSZ(Common Gateway Interface ,CGI)Z Web 3fM Web ~qw.d+ME"Dj<=(#
47Tivoli PKI dC8O
Jcm
+C/(C\?T(public/private key pair )+C/(C\?TG\?T\kuEnD;?V(1976j,I Diffie M Hellman*bv\?\mJbx}
k)#Z{GDEnP,?KqC;T\?,;vF*+C\?,m;vF*(C\?#?vKD+C\?
G+*D,x(C\?G#\D#"M=MSU=;h*2m#\E":+?(Ef0D;G+C\?,
R(C\?"4+dr2m#;Yh*EN(E(@D2+,T@9T}r9\#;*s+C\?k|G
DC'T;VIE(O$)D==(}gZIE?<P)`X*#(}9C+2E"NNK<\"Mz\
{"#;x,C{";\I(C\?b\,$ZDSU=(;5PK(C\?#Kb,\?T\ku;v
CZ#\T(S\),9CZO$(}V){)#
+C\?(public key )(C/+C\?TPTd{KP'D\?#|9d{K\k\?DyP_xPBq&mri$}V){#
C+C\?S\D}];\(}`&D(C\?4b\#kTU(C\?(private key)#m{+C/(C\
?T(public/private key pair)#
+C\?y!a9(public key infrastructure ,PKI)yZ+C\?\kuD2+Tm~Dj<#PKI G}V$i"O$PD""aPD"$i\m~qMV<=
?<~qD53#C4i$rXxOf0BqDw=Dm]M(^#b)BqI\f0=h*i$m]D
Yw#}g,|GI\*7Oav6jDp4"gSJ~{"Dw_rpZ5q#
PKI (}CC'D+CS\\?M$iTP'vKri/DO$P'45VK?D#|a)D*z?<|,
CZi$}V$i">$M}V){D+CS\\?M$i#
PKI *+CS\\?Di$i/Mksa)lYP'Dl&#|96p53P1ZD2+T~2",$J4
T&m2+%f#ns,PKI 9*X*DL5Bqa)K}V1dAG~q#
+C\?\kuj<(Public Key Cryptography Standards ,PKCS)G}=D)&L.dDj<,|GI RSA 5iR0;,Fcz)&LDzmZ 1991j*"#Cj<|,
RSA S\"Diffie-Hellman -("yZ\kDS\")9D$io("S\{"o("(C\?E"o(M
$wo(#
¶ PKCS #1hvK9C RSA +C\?\k534S\}]D=(#<ZCZ}V){M}VEbD9l#
¶ PKCS #78(\k{"D;cq=#
¶ PKCS #108($wksDj<o(#
¶ PKCS #11*\kh8(}g:G\()(e<u^XD`LSZ#
¶ PKCS #12*f"r+MC'D(C\?"$i"d|X\E"H8(;VIF2q=#
zJj</i/(International Standards Organization ,ISO)*!=F-s=Fczxg-iDyP+w*"0+<j<DzJi/#
zJgE*K(International Telecommunication Union ,ITU)~.M(E?E-w+r6L(ExgM~qDzJi/#|G6L(E<u"\mMj<E"Dnw*
"<_#
zR2+z9(National Security Agency ,NSA)@z~.Y=D2+zX#
2J3
z\T(confidentiality );+E"96x4Z(=DXT#
y>`kfr(Basic Encoding Rules ,BER)Z ISO 8825P8(DCZT}]%*`kDfr,C}]%*GCiso(m>( 1(ASN.1)4hvD#
fr8(`k<ux;Giso(#
48 f> 3 "Pf 7.1
S\(encrypt )rRE"3r,by9C;PG)5PJ1Db\zkDKE\(}b\q!-<E"#
S\/b\(encryption/decryption )
9CSU=D+C\?*KKS\}],xSU=9CdTD(C\?4bk}]#
r%J~+M-i(Simple Mail Transfer Protocol ,SMTP)ZrXxO*FgSJ~D;V-i#
;f$w(cross-certification )
EN#=,yZ|;v CA *m;v CA )"$i,C$i|,k(C){\?`%dD+C\?#;f
$wD$iJm;v\mrODM'z53rUK5eITkm;vrODM'z53rUK5e2+(
E#
b\(decrypt )CZ7zS\}L#
2K3
*E=}]b,S(Open Database Connectivity ,ODBC);VCJ;,}]b53Dj<#
*E53%,(Open Systems Interconnect ,OSI)IzJj</i/K<DFczxgj<{F#
IEFczy!(trusted computer base ,TCB)2,5)i/Fcz2+T_TDm~M2~*X#0l2+T_T5)D*Xr*XD;?VG2+T
`XDrG TCB D;?V#TCB GI2+T6'<xDTs#5V2+T_TDzFXkG;IFPD,
Xk\h9LrqCT4Z(D53X(DCJ#
M'z(client)(1);vSU4T~qwD2m~qD&\%*#(2);vFczr_Lr,|ksm;vFczr_
Lr*|~q#
M'z/~qw(client/server )V<=&mPD#M,Zbv#MP&Z;v>cDLrTm;v>cDLr"vks"RH}|Dl
&#RGQksLrF*M'z;xQl&=F*~qw#
2L3
`(class)ZfrTsDhFM`LP,;i2m+2(eRrK22m+2XT"YwMP*DTs#
`M(type)kNDTs`M(object type)#
4i$(chain validation )ZENcNa9PTZyP CA ){Di$,(}|)";v8(D$i#}g,g{m;v CA *;v
CA )"K)p$i,G4=v){ZC'a;$ii$1<hi$#
/@w(browser )kND Web /@w(Web browser)#
49Tivoli PKI dC8O
Jcm
/@w$i(browser certificate )
}V$i,2F*M'zK$i#|GI CA (}tC SSL D Web ~qw4)"D#S\D~PD\?
9$iVP_ITS\"b\M)p}]#dMDiv,Web/@wf"b)\?#;)&CLrJmZG
\(rd|iJOf"\?#m{}V$i(digital certificate)#
2M3
@zzRj<-a(American national standard Institute ,ANSI)G@zD;vi/,|F(;OIDi/Z4(M,$GY=$5j<1yqXD}L#|Izz_"{
Q_M;c{f/EiI#
@zzRE";;j<zk(American National Standard Code for Information ,ASCII)Z}]&m53"}](E53M`Xh8PxPE";;yICDj<zk#ASCII V{/GI 7 ;`k
V{(8 ;|,;;f<#i)iID#V{/|(XFV{M<NV{#
\k==(cryptographic )XZ*;}]T~Xd,eD==#
\ku(cryptography )ZFcz2+TP,CZS\wDMb\S\D>D-m"=(MVN#
\?(key)\kuP9CDCZ`kMbkD?#
\?8]kV4(Key Backup and Recovery )Tivoli PKI D&\,9z\8]MV4nU5e$i0dI Tivoli PKI O$D`&+CM(C\?#$iM
\?f"Z PKCS #12D~P#CD~\\k#$#8]$iM\?1+hC\k#
\?T(key pair)ZGTF\kuP9CD`&D\?#;v\?CZS\xm;vCZb\#
wkD>(cleartext )4S\D}]#wD(plaintext)D,eJ#
wD(plaintext )4S\D}]#wkD>(cleartext)D,eJ#
#=(schema)k Directory `X,(e;,Ts`M.dX5DZ?a9#
#}(modulus )Z RSA +C\k53P,=vsX}(p M q)DK}(n)#RSA #}DnQs!!vZ2+Th*##
}=s2+T=_#10D RSA 5iR(iD\?s!&!vZT\?DF.9C:vK9C* 768;,
+>9C* 1024;,x+*X*D\?(g CA D\?T)r* 2048;#AYZ 2004jT0,768;
D\?;O*G2+D#
?j(target)8(Dr!(D}]4#
2N3
Z?a9(internal structure )
kND#=(schema)#
50 f> 3 "Pf 7.1
Z?x(intranet )s5Z?Dxg,(#;Z@p=.s#|GTrXxDIz"9C`FD<u#S<uO5,Z?xv
vGrXxD)9#HTML M HTTP G|GD;)2,c#
2P3
>$(credential )ZO$;;PCZ$wvKm]Dz\E"#ZxgFc73P,n#{D>$`MGQI CA 4(M)p
D$i#
2Q3
)p(sign)9CzD(C\?zI){#){Gi$zGIE5D;V==,RK<}Z)pD{"#
)p/i$(signing/verifying )
)pG9C(C}V\?zI){#i$G9C`&D+C\?i$){#
a?6?<CJ-i(Lightweight Directory Access Protocol ,LDAP);vCZCJ Directory D-i#
ksj6(request ID);v 24 = 32 V{D ASCII 5,|\(;j6T RA D$iks#C5IT&CZ$iksBqP,T
lwCksD4,r`X*D$i#
2R3
O$(authentication )I?X7((E=m]D}L#
O$PD(certificate authority ,CA);Vm~,:pq-i/2+T_TMT$iN=8(2+gSm]#CA &m4T RA DksT)""|
BM!{$i#CA M RA ;%$wTZ DirectoryP"<$iM CRL#m{}V$i(digital certificate)#
2S3
}X DES(triple DES)}NTwDS\DTFc(#d;fZm`==I5ZK?D,+`XS\Dn2+N=Gx}v`l\
?D}X DES#
L5wLTs(business process objects )
;5PCZ5VX("aYwDzk,}gliGGks4,ri$+C\?Q"M#
L5wL#e(business process template )
48(3rKPD;5PL5wLTs#
sF~qw(Audit server );v Tivoli PKI ~qw,|SsFM'zSUsFB~,"+d4ksFU>#
sFzY(audit trail )}]T_-76DN=44SB~rP#sFzY'VBqrx(n/Dz7DzY#
sFM'z(audit client )53PC4"MsFB~x Tivoli PKI sF~qwDNNM'z#ZsFM'z"MB~xsF~qwT0,
|HksF~qw(",S#,S("s,M'z9CsFS53M'zbxsF~qw+ME"#
51Tivoli PKI dC8O
Jcm
sFU>(audit log )Z Tivoli PKI P,|G}]bD;vm,+?vsFB~f"*;uG<#
sFS53(audit subsystem )
Z Tivoli PKI P, *G<2+T`XYwa)'VDS53#|{O*pZ~qz5D+C\?\kuDj
</PDj< X9.57 FvZ]#
5}(instance )Z DB2® P,5}Gf"}]MKP&CLrD_-}]b\m73#|Jm*`}]b(e;i+2Dd
CN}#
Bqj6(transaction ID )I RA a)Dj6,Tl&$"aGGks#|9C'\KP Tivoli PKI M'z&CLr4qC$Hz<
D$i#
X$Lr(daemon);vZs(&mNqDLr#1vVh*|ozDiv1,53+a~=wC|#C';h**@X$L
r,r*|(#GI53T/zzD#X$LrI\@6Gn/D,r_|adtXXBzI#
Kuo("t* demon)4TZq0#s4,|;]mbM*WV8uTJ DAEMON:Disk And Execution
MONitor#
Z((authorization )CZCJJ4DmI(#
}]f"b(Data Storage Library ,DL)w*;v#i,|a)T$i"CRL"\?"_TMd|k2+T`XTsDVC}]f"DCJ#
}]S\j<(Data Encryption Standard ,DES)w*}=Dj<,Z 1977jI@z~.(eMz<DVi\kS\c(#nuI IBM *"#TS DES+
<T4C=Kc:DP?,VZ|QI*Zy\*"Rc:9CD\k53#
DESG;vTF\k53#1|CZ(E1,"M=MSU=Xk5P,;v\?#C\?CZS\Mb\
{"#DES 2ITCZ%C'DS\,}gTS\Dq=QD~f"=2LO#DES P 64 ;Dis!,
|ZS\Zd9C 56 ;\?#|-H*2~5VxhF#NIST ?tejXBO$;N DESw*@z~.
Y=DS\j<#
}V){(digital signature );vmS=D5r_}]D`k{",|7#K"M=Dm]#
}V){ITa)Hom){|_6pD2+T#bGr*}V){;GS\{Fr;5Pr%Dj6z
k#|z.TQ)p{"DS\**#by,Z{"O=S}V){ITa)"M=DLPj6#(;P"
M=D\?EIT4(C){#)|,y9L(KQ)p{"DZ](S\D{"**XkM{"DZ]`
%d,qr){+^')#by,}V){M^(S{"P4F"R&C=m;v{"P%,r***r"
PE"+;%d#NNTQ)p{"DD/<a9){^'#
}V){c((Digital Signature Algorithm ,DSA)+C\?c(,Cw}V){j<D;?V#|^(CZS\x;\CZ}V){#
}V$w(digital certification )
kND$w(certification)#
}V$i(digital certificate )
IEDZ}=)"xvKr5eDgS>$#?v$iC CA D(C\?4)p#|xpvK"L5r_i
/Dm]#
y] CA DG+,$iIT$5VP_ZrXxOxPgS;WD(^#Z3VbeO,}V$i`FZ]
;mI$r_='D>#|O$K5P`&(C\?DVP__P-*3)gSLqn/D(^#
$i|,dO$D5eDE",^[GK1"zwrFczLr#||,C5eDQO$D+C\?#
52 f> 3 "Pf 7.1
fz}(nonce)I~qwr&CLr"vDV{.,|*sC'Z(#C'C(C\?4)pfz}#C'D+C\?M
)pDfz}"MXAksZ(D~qwr&CLr#;s~qw"TCC'+C\?4bkQ)pDf
z}#g{fz}Dbka{k"MD-~;y,rCC';O$#
m@(tunnel)Z VPN <uP,(}rXx("Dks~qibc=c,S#;),S,6LC'\9Cm@kZ+>D
(CxgO~qw;;2+"S\Mb0DE"#
2T3
3;J4(;w(Uniform Resource Locator ,URL)CZrXxJ4`7D;V=8#URL 8(-i,wz{r IP X7#,12|,KCJX(zwDJ4y
hDKZE"76MJ4j8E"#
2W3
b?x(extranet)9CMrXx`FD<uDIzzo#ws+>}*<TKM"oiMZ?K1`vEe&C Web "<"
gS;W"{"+MM:~#
j{T(integrity )#$}]j{TD53,h94Z(D^D(;,Z#$}]Dz\T,h94Z(D96)#
j{Tli(integrity checking )
TIb?i~-,Bq&mzzDsFG<Dli#
r,x(World Wide Web ,WWW)Z|,,=eDODFcz.diIxg,SDG?VrXx#b)JOa)E""a)=r,xMrX
xPd|JOD4S#RGIT(} Web /@wLrCJr,xJ4#
xX(gateway);V&\%*,Jm%;f]Dxgr&CLr%`xP(E#
D5S\\?(document encrypting key ,DEK)dMX,D5S\\?G;TTFDS\/b\\?,}g DES#
D~+d-i(File Transfer Protocol ,FTP)rXxM'z/~qw-i,CZZFcz.d*FD~#
2X3
{"O$zk(message authentication code ,MAC)"M=MSU=d2mD#\\?#"M=O$,xSU=i$#Z Tivoli PKI P,MAC \?fEZ CA
MsFi~D KeyStoreP#
{"**(message digest )S\Nb$HD{";szIL($HD?D;If&\#MD5 MG;V{"**c(#
!~qLr(servlet);V~qwKDLr,xh'V JavaD~qwT=S&\#
!&CLr(applet)GC Java`4DFczLr,IKPZk Javaf]D Web /@wP#2I1w Java!&CLr#
53Tivoli PKI dC8O
Jcm
-i(protocol )Fcz.d(ED;B<(#
EN4(trust chain );i$i,ISC'$i=yrT)p$iDIEcNa99I#
EN#M(trust model )\mO$PDgNO$d|O$PDDa9<(#
ENr(trust domain );i5e,|GD$iI`,D CA O$#
ib(Cxg(Virtual Private Network ,VPN)9CrXxx;Gg0_4("6L,SD(C}]xg#r*C'(}rXx~qa)Lx;Gg0+
>CJ+>xgJ4,i/ITs?uY6LCJI>#VPN 9v?K}];;D2+T#Z+3D@p=
<uP,{"Z]ITS\,+G;ITS\?DX7M4X7#Z VPN <uP,C'IT(";v(@
,S,dP{vE"|(Z]M(7)<xPS\Mb0#
2Y3
Q)"$iPm(issued certificate list ,ICL)Q)"D$i0|G104,DjIPm#$iGIrPEM4,4w}D#KPmI CA ,$,"#fZ
CA }]bP#
l=(E(asynchronous communication )
;h*"M=kSU=,=D(E#=#
rXx(Internet)|G@g6'Dxg/O,Ta)Fcz.dDgS,S#9|GIT(}nggSJ~r Web /@wH
m~h84`%(E#}g:;)s'hPT:Dxg,(}k`Fxg4S,i(I3;DrXx#
rXx$LNqi/(Internet Engineering Task Force ,IETF)Y]M*"rXx-iD;vi#|zmK|(xghF_"Yw_")&LMP?1ZZDzJi/#
IETF f0=rXxe5a9D*"MrXxD3{9C#
C'O$(user authentication )
CZi$3v{"D4w_GC{"IxpRO(DyP_#|9i$z}ZkZ{DUKC'r53x
P(E#
$"a(preregistration )Z Tivoli PKI P,Jm;vC'(dMDG\m1)GGd{C'#g{ks;z<,RA a)E",Jm
C'ZTs9C Tivoli PKI M'z&CLrqC$i#
r(domain)kND2+Tr(security domain)M"ar(registration domain)#
2Z3
v?#\TJ~(privacy-enhanced mail ,PEM)IrXxe5a9DhF_(IAB)ICDrXxv?#\TJ~j<4#$rXxOgSJ~#PEM -i
a)KS\"O$"{"j{TM\?\m#
>c$i(site certificate )`FZ CA $i,+GvCZ8(D Web >c#m{ CA $i(CA certificate)#
54 f> 3 "Pf 7.1
$w(certification )IEDZ}=)"CZ##vK"L5ri/m]DgS>$D}L#
$i_T(certificate policy )fr|{/,|mw$iT_P+22+ThsD&CLrX(`DJCT#}g,$i_TI\amw
X(D$w`MGqJmC'Z;vx(D[q6'ZxP;W#
$i7zPm(certificate revocation list ,CRL)O$PDQ7zDT}V)pRjP1dAGD$iPm#ZPmPD$i&1O*;IS\#m{}V
$i(digital certificate)#
$iE*D~(certificate profile )
(eyh$i`MD;iXT(}g:SSL$ir IPSec$i)#E*D~oz\m$if6M"a#"P
LIT*ksPD$i|DE*D~{FM8(XT,}gP'Z"\?C(M DN <xHH#
$i)9(certificate extension )
X.509v3$iq=DI!&\,|a)Z$iP|,=SVN#|_Pj<)9MC'T(e)9#j<)
9*wV?DxfZ,|,\?M_TE""wbM"PLtT"T0O$76<x#
G\((smart card );if"C'}V\?D2~,dMD;PEC(s!#G\(ITIC\k#$#
"a$_(registration facility )
;v Tivoli PKI &CLrr\,*GG5e(}g:/@w"7Iw"gSJ~M2+M'zLr)a)(
CVN"RZ{vP'ZZ\m$i#
"a}L(registration process )
Z Tivoli PKI Pi$C'm]D=h,Sx9C'Md+C\?CTO$"NkBq#C}LITG>Xr
GyZ Web D,|ITT/xPrK$;%4\m#
"a}]b(registration database )
|,K$iksMQ)"$iDE"#C}]bf"KGG}]M{vP'ZPDT$i}]|D#}]
bII RA }LM_TvZr"a14|B#
"ar(registration domain )
;iMX(D$iGG}L`XDJ4"_TMdC!n#Cr{G URL D;vS/,CZKP"a$_#
"a1(Registrar )QZ(CJ RA @fDC',{\\m$iMks$i#
"aPD(RA);V\m}V$iDm~,|7#SGGksDnuSU=$i7zZdi/DL5_T<CT&C#
(C\?(private key )(C/+C\?TP;T\?yP_P'D\?#9yP_\SU=KDBq&mrxP}V){#9C
(C\?)pD}];\I`&D+C\?4i$#kTU+C\?(public key)#m{+C/(C\?T
(public/private key pair)#
(P`kfr(Distinguished Encoding Rules ,DER)a)Z BER OD<x#DER SG)`kfrJmD`k`M(E}yP"M=!n)P!qD;V`M#
(P{F(distinguished name ,DN)f"Z Directory PD}]nD(;{F#DN (;Xj6 Directory DcNa9PDu?D;C#
VZk(bytecode )I Java`kwzI,RI JavabMw4PDkzw`M^XDzk#
55Tivoli PKI dC8O
Jcm
nU5e(end-entity )|G$iwb,+;G CA#
}V
4758 PCI Cryptographic Coprocessor;VI`LD,Ifl&D PCI \_S\(,C(a)_T\D DESM RSA S\&m#S\}LZ(D
2+bGZ"z#K(Oq{O FIPS PUB 140-16p 4 j<#m~ITZ2+bGZKP#}g,EC
(;W&mI9C SET™ j<#
A
ACLCJXFm#
ANSI@zzRj<-a(American National Standards Institute)#
ASCII@zzRE";;j<zk(American National Standard Code for Information Interchange)#
ASN.1iso(m>( 1(Abstract Syntax Notation One)#
B
base64 `k(base64 encoding )IC MINE +M~xF}]D+2=(#
BERy>`kfr(Basic Encoding Rules)#
C
CAO$PD(Certificate Authority)#
CAST-64;v9C 64 ;i$M 6 ;\?DVi\kc(#GI Carlisle AdamsM Stafford TavareshFD#
CA cNa9(CA hierarchy )Z Tivoli PKI PD;vENa9,|D%KP;v CA,Z|DBfP`oDcDS CA#1 CA "aC
'r~qw1,C'M~qw+U=C CA )"D$i"+LPdOcD$wcNa9#
CA ~qw(CA server)CZ Tivoli PKI O$PD(CA)i~D~qw#
CA $i(CA certificate )ZzDksB,Web/@wS|^(6pD CA S\D$i#;s/@w9CC$iO$kVP CA )"
D$iD~qw.dD(E#
CCAIBM +2S\e5a9(IBM Common Cryptographic Architecture)#
56 f> 3 "Pf 7.1
CDSA+2}]2+Te5a9(Common Data Security Architecture)#
CGI+2xXSZ(Common Gateway Interface)#
CRL$i7zPm(Certificate revocation list)#
CRL "<1ddt(CRL publication interval )hCZ CA dCD~P,(Z"< CRL = Directory D1ddt#
D
DEKD5S\\?(Document encrypting key)#
DER(P`kfr(Distinguished Encoding Rules)#
DES}]S\j<(Data Encryption Standard)#
Diffie-HellmanZ;I?iJO("2m\?D=(,T"w_(Diffie M Hellman)|{#
Directoryk(E`XDCZE"+VJ4b(}ggSJ~r\k;;)DcNa9#Directory f" PKI a9yX
hDX(n?,|,+C\?"$iM$i7zPm#
DirectoryPD}]GTwDN=Vc\m,wD%KMGDy#(#O_cNDi/zm@"DzRrXx"
~.r+>#?CwD6Zc#CZm>C'Mh8#b)C'"i/"yZX"zRrXxT0h8<
PwTDu?#?v5eI_8`MDtTiI#b)a)K5eyzmTsDE"#
DirectoryPD?vu?<s(=X*D(P{F(DN)#TZV5@gPDTs,15e|(DtT(;1,
b2G(;D#<GTBD>} DN#dP,zRrXx(C)G US,i/(O)G IBM,i/?E(OU)
G Trust,T0+2{F(CN)G CA1#
C=US/O=IBM/OU=Trust/CN=CA1
Directory ~qw(Directory server )Tivoli PKI P,IBM Directory#Directory 'V LDAP j<"9C DB2 w*|Dy!#
DL}]f"b(Data Storage Library)#
DN(P{F(Distinguished name)#
DSA}V){c((Digital Signature Algorithm)#
F
FTPD~+d-i(File Transfer Protocol)#
57Tivoli PKI dC8O
Jcm
H
HTML,D>jGoT(Hypertext Markup Language)#
HTTP,D>Bq&m-i(Hypertext Transaction Protocol)#
HTTP ~qw(HTTP server){C/@wMd|LrZxgP&myZ Web (ED~qw#
I
ICLQ)"$iPm(Issued certificate list)#
IniEditorZ Tivoli PKI P,CZ`-dCD~D$_#
IPSecI IETF *"D;VrXx-i2+Tj<#IPSecGxgc-i,CZa)\k2+T~q,|TO$"
j{T"CJXFMz\TDiOa)inD'V#r*|?sDO$&\,m` VPN z7)&LIC|
w*-iT("ZrXxOD2+cTc,S#
ISOzJj</i/(International Standards Organization)#
ITUzJgE*K(International Telecommunication Union)#
J
JavaI SUN Microsystems, Incorporated*"D;5PyZxgDg=(Fcz<u#Java73I Java OS";
,=(Dibz"frTsD Java`LoTM8v`b9I#
Java `(Java class )JavaLrzk%*#
Java !&CLr(Java applet )kND!&CLr(applet)#kTU Java&CLr(Java application)#
Java ibz(Java Virtual Machine ,JVM)JavaKP173PD;?V,:pbMVZk#
Java &CLr(Java application )9C JavaoT`4D@"Lr#|KPZ Web /@w73.b#
Java oT(Java language );V`LoT,GI SUN Microsystems*Z!&CLrMzmLr&CLrP9CxhF#
K
KeyStoreTS\q=f" Tivoli PKI i~>$(}g\?M$i)D DL#
58 f> 3 "Pf 7.1
L
LDAPa?6?<CJ-i(Lightweight Directory Access Protocol)#
M
MACE"O$zk(Message authentication code)#
MD2;VI Ron RivesthFD 128 ;{"**"P/}#|Z PEM -iPk MD5 ;p9C#
MD4;VI Ron RivesthFD 128 ;{"**"P/}#Z4PYHO,MD4 *H MD2 lC86#
MD5;VI Ron RivesthFD%r{"**"P/}#bG MD4 DDxf>#MD5 }LT?i 512 ;(V
I 16 v 32 ;Si)dkD>#Kc(DdvG;iDv 32 ;Di,b)i,SINI;v%@D 128
;"PE"5#|2ITZ PEM -iPk MD2 ;p9C#
N
NISTzRj<M<u-a(National Institute of Standard and Technologe),T02F* NBS(zRj<V)#
|YxKyZFczDz5*Ej<M%CT#
NLS>XoT'V(National language support)#
NSAzR2+z9(National Security Agency)#
O
ODBC*E=}]b,S(Open Database Connectivity)#
OSI*E53%,(Open Systems Interconnect)#
P
PC ((PC card)`FZG\((smart card),2F* PCMCIA (#HG\(sR&\|?#
PEMv?#\J~(Privacy-enhanced Mail)#
PKCS+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #1kND+C\?\kuj<(Public Key Cryptography Standards)#
59Tivoli PKI dC8O
Jcm
PKCS #7kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #10kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #11kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #12kND+C\?\kuj<(Public Key Cryptography Standards)#
PKI+C\?y!a9(Public key infrastructure)#
PKIXyZ X.509v3 D PKI#
PKIX CMPPKIX $i\m-i(PKIX certificate management protocol)#
PKIX l}w(PKIX listener )IX(DGGr9CD+C HTTP ~qw,C4l} Tivoli PKI M'z&CLrDks#
PKIX $i\m-i(PKIX certificate management protocol ,CMP)5Vk PKIX `]&CLrD,SD-i#PKIX CMP 9C TCP/IPw*|Dw*+MzF,+GZWS
VOP;visc#|5VT=SV/+MD'V#
R
RA"aPD(Registration authority)#
RA ~qw(RA server)CZ Tivoli PKI "aPDi~D~qw#
RA @f(RA Desktop );v Java!&CLr,T<Ngfa) RA 4&m>$ksM\m|GD{v9CZ#
RC2Id\?s!i\k,GI Ron Rivest* RSA }]2+TxhFD#RCzm Ronzk r Rivest\k#
|H DES|l,RhFw* DESD0kf;#yZnY\?Qw_T,(}9CJ1D\?s!,RC2I
TH DES |2+,2IT|;2+#|P;v$ 64 ;Di,Zm~KPP*H DES s<l==}6#
RC2 ITCk DES `,D==9C#
m~vfL-a(SPA)M@z~..dD-(7(K RC2DXbX;#b9CZvZz<}LH(#D\
kz7vZ}L|r%|lY#;x,*zclYvZz<Jq,z7Xk^F RC2 \?s!* 40 ;,
1;2P}biv#IT9C=SDV{.4h9;)%w_,{GT<$HFcCI\S\DsMi/
m#
RSAT"w_(Rivest"ShamirM Adelman)|{D+C\?\kc(#|CZS\M}V){#
60 f> 3 "Pf 7.1
S
SET2+gS;W(Secure Electronic Transaction)#
SGMLj<(CjGoT(Standard Generalized Markup Language)#
S/MIME'V)pMS\ZrXxO+dDgSJ~D;Vj<#kND MIME#
SMTPr%J~+M-i(Simple Mail Transfer Protocol)#
SSL2+WSVc(Secure Sockets Layer)#
T
TCP/IP+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol)#
Tivoli PKI'V}V$iD"P"|BM7zD/I Tivoli 2+Tbv=8#b)$iITZ\s6'ZDrXx&C
LrP9C,a)TC'O$M7#IE(ED=(#
TPEN_T(Trust Policy)#
U
UnicodeI ISO 10646(eD 16 ;V{/#UnicodeV{`kj<GE"&mD;VzJV{zk#Unicodej<
|,@gODw*DV,"a)Km~zJ/M>X/Dy!#Java`L73PDyP4zk<T Unicode
`4#
URL3;J4(;w(Uniform Resource Locator)#
UTF-8;V*;q=#|9;\&m 8 ;V{/DE"&m53\+ 16 ; Unicode*;* 8 ;H'zk,"R
Y4r*;x;ap'E"#
V
VPNib(Cxg(Virtual Private Network)#
W
WebSphere ™ Application ServerIBM z7,ozC'*"M\m_T\ Web >c#|r/KSM6D Web "<=_6gSLq Web &
CLrD*;#WebSphere Application ServerI@"Z Web~qw0dBcYw53DyZ JavaD!~
qLr}f9I#
61Tivoli PKI dC8O
Jcm
Web ~qw(Web server)~qwLr,|lp4T/@wLrDE"J4ks#m{~qw(server)#
Web /@w(Web browser )KPZ(= PCzDM'zm~,9C'\/@r,xr>X HTML 3f#bG;vlw$_,|a)T
WebMrXxPIC,=eDODsM/OD(CCJ#P)/@wITT>D>M<N,xP)v\T>
D>#s?V/@wI&mrXx(E(}g FTP Bq)Dw*m%#
X
X.500I%,Fcz53)P5V`?D"V<=M?<4F~qDj<#IzJgE*K(ITU)(4T0Dz
Jg(g0I//1a CCITT)"zJj</i/MzJg/'/1a(ISO/IEC)*O(e#
X.509 f> 3 $i(X.509 Version 3 certificate )X.509v3$i_PC4f"Mlw$i&CLrE""$iV"E""$i7zE""_TE"M}V){
D)d}]a9#
X.509v3}L*yP$i4(P1dAGD CRL#?N9C$i1,X.509v3D\&Jm&CLrli$i
DP'T#|9Jm&CLr47(C$iGqZ CRL O#I*X(P'Z9l X.509v3 CRL#|G2I
yZd|I\9$i^'D73#}g,g{M1k*i/,d$i+E= CRL P#
X.509 $i(X.509 certificate );c:S\D$ij<,C4(}2+rXxxg'V2+\mM}V)p$iDV"#X.509 $i(e}
]a9,a)V"IIEDZ}=}V)pD+C\?D}L#
62 f> 3 "Pf 7.1
w}
[A]20r<
20;C 23
oz 9, 10
#$ 23
|LXF 43
dC}L 43
t/ 9, 35
Kv 35
W9CT!n 43
<8KP 5
Web /@whC 5
20r<oz 9, 10
[B]#fdC}] 42
#$20r< 23
8]53 24
XAA_ vii
`-dCD~ 23
`- DN 20
[C]Yw53,\'V 5
i4
dC{" 21, 43
dC4, 43
i4_6{"4% 43
z7Ev 1
X|{20r< 23
XBdC53 25
vfo
hv vii
Tivoli 2+Tz7 viii
[D]<kdC}] 11, 35
GG 21
(F"ar 25
A_ vii
KZ
2+ Web ~qw 41
+C Web ~qw 40
M'zO$ 41
CA MsF~qw 36
Directory ~qw 38
Ts`,mStTA 17
[F]CJ6p,|DtT 16
CJXFm 16
~qw
2+ 41
S AIX 6X 26
S Windows NT6X 26
+C 40
sF 36
CA 36
Directory 38
IBM HTTP 40, 41
Tivoli PKI 35
[G]|D\k5CLr 23
+2{F,Z DN P 20
$w>hs 5
XZ>8O vii
zRrXx,Z DN P 20
[J]zwhs 5
6p,|DtTitH 16
|LXF 43
+ CA \?f"Z2~P 36
+ RA \?f"Z2~P 41
V@X7,Z DN P 20
a9DTs` 17
63Tivoli PKI dC8O
w}
[K]M'z&CLr
hv 32
PKIX ks 32
M''V viii
b,Tivoli PKI Web >c vii
[L]`,mStT 17
itH6p,|DtT 16
/@whs 5, 44
[M]\k
|D 23
Directory \m1 39
root C' DN 38
#=(e 17
[P]dC
$w> 5
6L~qw 11
4,E" 43
Tivoli PKI }]b 43
dC}L 43
dC}]
2+ Web ~qw 41
#f 42
<k 11, 35
+C Web ~qw 40
G<!nDm% 7
M'zO$!n 41
t/!n 35
(F 35
sF~qwKZ 36
sF~qw{F 36
i$ 21
&C 43
"ar 39
\a 42
4758-&mw 36, 41
CA ~qwKZ 36
CA ~qw{F 36
dC}] (x)
CA \? 36
CA DN 36
Directory ~qwKZ 38
Directory ~qw{F 38
Directory \m1 39
Directory rootC' 38
RA \? 41
dC}]m% 7
dC}]Dm% 7
dCD~,`- 23
dCC' 9
dC,VPD Directory 14
ANsFB~ 29
>$PD 21
[Q]t/20r< 9
t/!n 35
(FdC}] 35
0TE" vii
[R]U>{" 21
[S]sF~qw
KZE 36
hv 29
wz{ 36
zz53,<8 22
!r1=P,Z DN P 20
U/dC}] 6
Z("a1 24
dk DN 18
sj8CYw 43
}]b,1! DB2 30
tT,|DitH6p 16
tT,mSA PKI ` 17
tT,DN
>} 18
rP 18
yZX,Z DN P 20
64 f> 3 "Pf 7.1
[T]a;$iks 21
[W]jI4% 43
[X]53hs 5
BX swingall.jar 9
{",i4 21, 43
6X
AIX D~qwi~ 26
NT D~qwi~ 26
^D ACL 24
mI(,slapd.conf 23
[Y]i$dC 21
Q)"$iPm(ICL) 29
W9CT!n 43
&CdC5 43
6LdC 11
<( viii
[Z]**
9CD<( viii
$i7zPm(CRL) 29
$i\m-i(CMP) 32
$iks,a; 21
'V,Tivoli M' viii
G\( 32
wz{
2+ Web ~qw 41
+C Web ~qw 40
CA MsF~qw 36
Directory ~qw 38
Tivoli PKI ~qw 35
"ar
20?< 39
(F 25
G"o 44
"ar (x)
hv 32
{F 39
oT 39
"a1,Z( 24
TvD~ 3
i/%;,Z DN P 20
i/{F,Z DN P 20
[}V]4758-&mw
f"\?Z 34
f" CA \? 36
f" RA \? 41
hv 34
tC CA 36
tC RA 41
RSA \?s! 36, 41
Aadd_rauser5CLr 24
AuditArchiveAndSign$_ 29
AuditIntegrityCheck$_ 29
CCA DS\\? 36
CA ~qw
KZE 36
\?s! 36
hv 29
){c( 36
wz{ 36
(P{F 36
4758-&mw!n 36
CA \?
f"Z2~P 34, 36
s! 36
c( 36
CfgSetupWizard.htmlD~ 9
CfgStartLr
Z6LzwO 11
Z AIX O 10
Z NT O 10
cfguserC'{ 9
65Tivoli PKI dC8O
w}
DDB2,hv 30
Directory ~qw
KZE 38
hv 30
yP(mI( 23
wz{ 38
Directory \m1 39
root C' DN 38
Directory \m1
\k 39
hv 32
DN 39
Directory #= 30, 31
Directory w 31
Directory,dCVPD 14
DN
G"o 44
+2{F 20
zRrXx{F 20
V@X7 20
O$PD 36
!r1=P 20
9C DN `-w 20
>} 18
dkfr 18
yZX 20
i/%; 20
i/{F 20
Directory \m1 39
Directory #= 30, 31
Directory w 31
Directory rootC' 38
DN `-w
q=`M 21
|LXF 43
hv 20
9C 20
tT3r 21
<j 36, 38, 39
;CE" 20
;cE" 20
i/E" 20
CA DN 36
Directory \m1 DN 39
Directory rootC' DN 38
DN inT 24
IIBM HTTP Server 33, 40, 41
IniEditor Lr 23
IP X7
2+ Web ~qw 41
+C Web ~qw 40
CA MsF~qw 36
Directory ~qw 38
Tivoli PKI ~qw(server) 35
LLDAP j< 30
MMAC({"O$zk)
sF&mP 29
CA &mP 29
PPKIX $i
hv 32
RRA D\? 41
RA ~qw
\?s! 41
4758-&mw!n 41
RA \?
f"Z2~P 34, 41
s! 41
root C' DN
\k 38
hv 31
{F 38
RSA \? 36, 41
Ssha–1WithRSAEncryption 36
slapd.confD~ 23
66 f> 3 "Pf 7.1
SSL
2+ Web ~qw 41
hv 33
Z Tivoli PKI P 33
Swing b 5
swingall.jarD~ 9
TTivoli
2+\m Web E" ix
Customer Support viii
Tivoli PKI
Web E" viii
Tivoli PKI dCC' 9
Tivoli PKI Web >c 3
UURL
20r< 9
CZ>$PD 21
"ar 32
TvD~ 3
Tivoli PKI 3
Tivoli PKI b3f vii
Tivoli PKI w3 vii
WWeb ~qw
2+~qwKZ 41
2+~qw{F 41
+C~qwKZ 40
+C~qw{F 40
Z Tivoli PKI P 33
Web >c
2+\mE" ix
Tivoli Customer Support viii
Tivoli Public Key Infrastructure viii
Web >c,Tivoli PKI 3
67Tivoli PKI dC8O
w}
68 f> 3 "Pf 7.1
Pz!"
SB84-0415-00
