IBM®
SecureWay®
Trust Authority
C:[ |. H;-
v| 3 1.: 1
SA30-0875-00
IBM
IBM®
SecureWay®
Trust Authority
C:[ |. H;-
v| 3 1.: 1
SA30-0875-00
IBM
VG!
L $8 W vx &0; gkOb |! 123 dLvG :VGgW;! VB O] $8& P8JC@.
JG(1999b 10y)
L %: IBM SecureWay Trust Authority,ANW% 5648-D09, v| 3 1.: 1! {kGg, DSG! /0w mCOb |nv p
g DS 1.: W v$ v|! {kKOY.
© Copyright International Business Machines Corporation 1999b. All rights reserved.
qw
% . . . . . . . . . . . . . . . . v
&1e Trust Authority $8 . . . . . . 1
&2e 3d . . . . . . . . . . . . . 3
&3e f} . . . . . . . . . . . . . 5
Trust Authority |. . . . . . . . . . 5
Trust Authority O# /f . . . . . . 5
-v 8:dR C[ W _v . . . . . . 7
IniEditor& gkQ 8: DO /f . . . . 9
Trust Authority IP VR /f . . . . . 12
C:[ iw W 9x . . . . . . . . 13
WebSphere Application Server|. . . . 14
WebSphere Application ServersB !K 14
WebSphere Application ServerNW !K 15
HTTP Server|. . . . . . . . . . 16
HTTP ServersB !K . . . . . . . 16
HTTP ServerNW !K . . . . . . . 18
CA -v |. . . . . . . . . . . . 18
CA -v ;kZ w. /f . . . . . . 19
CA z5 #] /f . . . . . . . . 20
CRL 3$ /f . . . . . . . . . . 20
s# Nu; gkQ CA Nu d; . . . 22
h~ p(; gkQ CA Nu d; . . . 25
CA -v NW !K . . . . . . . . 28
CA -v sB !K . . . . . . . . 29
RA -v |. . . . . . . . . . . . 30
RA |.Z _! . . . . . . . . . 31
RA -v ;kZ w. /f . . . . . . 34
RA z5 #] /f . . . . . . . . 35
RA gC5 #] /f . . . . . . . . 35
RA -v NW !K . . . . . . . . 36
RA -v sB !K . . . . . . . . 36
p:d.MG kE; 'Q RA 3$ /f 38
(g -jC:[ |. . . . . . . . . . 39
(g 9Ze 8b . . . . . . . . . 40
(g 9Ze =v . . . . . . . . . 42
(g ,sLp.!- (g -v #:. L
' W w. /f . . . . . . . . . 42
(g ,sLp.NNMG L%. |[ f}
]f . . . . . . . . . . . . . 43
(g -v! ;k! gkOB w. /f . . 44
(g ,sLp.!- (g -vNG YNy
C5 /f . . . . . . . . . . . . 45
YNy C5 gLG #] /f . . . . . 46
NW 3$ /f . . . . . . . . . . 46
(g 8m- }: . . . . . . . . . 51
(g NW DO 88 W -m . . . . . 51
(g -v %LM#L: W 88 DOG +
a: !K . . . . . . . . . . . . 52
(g -vG sB !K . . . . . . . 55
(g -v NW !K . . . . . . . . 56
DB2 %LM#L: |.Z . . . . . . . 56
DB2 %LM#L: sB !K . . . . . 57
DB2 NW !K . . . . . . . . . . 60
p:d. -v |.. . . . . . . . . . 60
p:d. -v sB !K . . . . . . . 60
p:d. -v NW !K . . . . . . . 62
4758 O#- ZAN<- |. . . . . . . 62
&4e $8 . . . . . . . . . . . . 63
Trust Authority 8H . . . . . . . . . 63
W<: &n qO . . . . . . . . . . 63
Nu b| . . . . . . . . . . . . . 64
CA h~ . . . . . . . . . . . . 64
Nu .e . . . . . . . . . . . . 65
Nu kR qO . . . . . . . . . . 68
s# Nu . . . . . . . . . . . . 68
© Copyright IBM Corp. 1999b iii
Nu . . . . . . . . . . . . . . 69
pvP Nu . . . . . . . . . . . 69
8P L' . . . . . . . . . . . . 69
_`H Nu qO . . . . . . . . . 70
-m W -m /?: Ku . . . . . . 70
nO GQ . . . . . . . . . . . . . 71
RA |.Z . . . . . . . . . . . 71
nO 5^N . . . . . . . . . . . 71
4758 O#- ZAN<- . . . . . . . . 72
:6. +e . . . . . . . . . . . . 73
(g . . . . . . . . . . . . . . 73
(g 9Ze . . . . . . . . . . . 74
(g L%. . . . . . . . . . . . 74
(g L%. 6:) . . . . . . . . 75
'S k 1C{ (g L%.. . . . . . 75
+a: !K . . . . . . . . . . . 75
+a: @N . . . . . . . . . . . 75
(g NW 88 . . . . . . . . . . 76
DB2 %LM#L: . . . . . . . . . . 76
% -v . . . . . . . . . . . . . 76
IBM WebSphere Application Server . . 77
IBM HTTP Server . . . . . . . . 77
IP 0m v$. . . . . . . . . . . 77
p:d. -v . . . . . . . . . . . 78
@j'. D0Z. . . . . . . . . . . 78
&5e |6gW . . . . . . . . . . . 81
8: DO . . . . . . . . . . . . . 81
DO 3m . . . . . . . . . . . . 82
CA -v 8: DO . . . . . . . . 82
RA -v 8: DO . . . . . . . . 91
(g -v 8: DO . . . . . . . . 100
(g ,sLp. 8: DO
AuditClient.ini . . . . . . . . . 105
mI` /?.< . . . . . . . . . . 107
CA Nu /?.< . . . . . . . . 107
RA gkZ /?.< _! . . . . . . 109
(g 88 W -m /?.< . . . . . 110
(g +a: !K /?.< . . . . . . 111
(g L%. Je . . . . . . . . . . 113
(g L%.. . . . . . . . . . . . 113
(g %LM#L: %LM . . . . . . . 116
0 WLm . . . . . . . . . . . 117
L%. I"5 WLm . . . . . . . 117
L%. &n WLm . . . . . . . . 117
R: WLm. . . . . . . . . . . 118
BNH #<< WLm . . . . . . . 118
BNH *R WLm . . . . . . . . 119
5b^B #<< /| WLm . . . . . 119
8:dR /| WLm . . . . . . . 119
(g NW WLm . . . . . . . . . 120
C:[ WLm . . . . . . . . . . 121
.&! Xa. . . . . . . . . . . . 122
VGgW . . . . . . . . . . . . . 123
s% W -q: s% . . . . . . . . . 125
|C $8 . . . . . . . . . . . . 129
kn} . . . . . . . . . . . . . 131
vN . . . . . . . . . . . . . . 147
iv Trust Authority: C:[ |. H;-
%
1. Trust Authority 8: DO . . . . . 10
2. 3$ 6}gM |CH .#hGG
WebSphere Application ServerNW . 15
3. nO @kANW%z |CH .#hGG
WebSphere Application ServerNW . 15
4. 3$ 6}g |C .#hGG HTTP -
v NW. . . . . . . . . . . . 18
5. nO @kANW%z |CH .#hGG
HTTP serverNW . . . . . . . . 18
6. CA -v NW . . . . . . . . . 29
7. RA -v NW . . . . . . . . . 36
8. Trust Authority (g %LM#L: 8b
G - 3m . . . . . . . . . . 41
9. (g -v NW . . . . . . . . . 56
10. %LM#L: '! . . . . . . . . 56
11. p:d. -v NW . . . . . . . . 62
12. Nu .e . . . . . . . . . . . 65
13. IBM HTTP -vk 3--v, 3-w. p( 77
14. CA -v 8: DO . . . . . . . 83
15. RA -v 8: DO . . . . . . . 92
16. (g -v 8: DO . . . . . . . 102
17. (g ,sLp. 8: DO . . . . . 106
18. (g L%. Je . . . . . . . . 113
19. (g L%. . . . . . . . . . . 113
20. 0 WLm Je . . . . . . . . . 117
21. L%. I"5 WLm Je . . . . . 117
22. L%. &n WLm Je . . . . . 117
23. R: WLm Je . . . . . . . . 118
24. BNH #<< WLm Je . . . . . 118
25. BNH *R WLm Je . . . . . 119
26. 5b^B #<< /| WLm Je 119
27. 8:dR /| WLm Je . . . . . 119
28. (g NW WLm Je . . . . . . 120
29. C:[ WLm Je . . . . . . . 121
© Copyright IBM Corp. 1999b v
vi Trust Authority: C:[ |. H;-
&1e Trust Authority $8
IBM®
SecureWay®
Trust AuthorityB gkZ& NuOm EZ VB kE; 8
eOb 'Q v\L wTGn VB @kANW%; &xUOY.
v 6w8N O)] nO W Nu $%! {s pvP Nu; _` W |.R v
VT UOY.
v X.509k xk 0 ON86 v| 3(PKIX) W CDSA(Common Data Security
Architecture)O#- %X! kQ vx: x^Z s#6[!I:; &xUOY.
v pvP -m 8H ANd]: O*G .#hG; pg NP; NuOB f};
&xUOY.
v jslz W ,sLp. b; nO bI: VkG 6k:; &xUOY.
v O#-H kE W nO $8G 8H ze8N bP:L 8eKOY.
Trust Authority C:[: IBM AIX/6000®
W Microsoft Windows NT-v C
'{!- G`I v V@OY. )b!B Y=z 0: Vd bIL wTKOY.
v EZ Nu b|(CA)B pvP NuG O|Q sLAgL,; |.UOY. Nu
-& 8uOb 'X- CAB pvPN _`OB " Nu-! -mUOY. GQ
CRL(certificate revocation list)! -mO) Nu-! u Ls /?Ov JY
B gG; 8uOb5 UOY. _!N -mQ 0& 8#Ob 'X IBM
SecureWay 4758 PCIO#- ZAN<-M 0: O#- Oe~n& gkR v
V@OY.
v nO GQ(RA)B gkZ nO LDG |. [w; 3.UOY. RAB gkZ
G qnO: 0?; vxOB Nu8 N!^: gkZ!T _`J; 8uUO
Y. |. 8:)B Z?- AN<: GB gw! GQ Gga$; kX 3.R
v V@OY.
v % b; nO NMdL:B jslz, -v GB Y% q{(9& in,
VPN(virtual private network)e!, :6. +e W 8H |Z lm); 'Q
Nu; rb 1T X]OY.
© Copyright IBM Corp. 1999b 1
v O] gkZB Windows @kANW%, Trust Authority ,sLp.& kX %
jslz& gkOv Jm5 Nu; .8Om |.R v V@OY.
v N!^: nOZB % b; |. NMdL:, RA %:)>& kX nO d;
; BN GB ENOm NuL _`H D Nu; |.R v V@OY.
v (g -jC:[: " (g 9Ze! kQ ^Cv Nu Ze(MAC)& hjU
OY. (g %LM! (g %LM#L:! bOH D /fGE* h&Gi, MAC
& kX (T; KbR v V@OY.
v @kANW% 3_ZB $% "C.& kX nO AN<:& 6$R v V@O
Y.
v O#- #x! kQ kUH vx. kE; NuOb 'X YI Trust Authority
8:dR! xe }: 3Nk 0N -mKOY. 8H @j'.(0 W MAC)B
O#-Gn 8# 5* KeyStores! zeKOY.
v IBM SecureWayp:d.! kQ kUH vx. L p:d.B LDAP x@ |
DN kRH /? Nu! |Q $8& zeUOY.
v IBM WebSphere™
Application ServerW IBM HTTP -v! kQ kUH v
x. % -vB RA -vM [wO) ^Cv& O#-Om d;; NuOg N
u; G5Q vEZ!T |[UOY.
v award-winning IBM DB2®
Universal Database! kQ kUH vx.
2 Trust Authority: C:[ |. H;-
&2e 3d
L %!-B Trust Authority C:[; n5Om |.OB % JdQ $8& &
xUOY. L %! p^GB ;k: gkZ! Y=! kQ vDL* fh; !v
m VYm !$Q MTOY.
v AIX GB UNIX n5 C:[
v Windows NT n5 C:[
v C:[ F0X3
v W.v) |.
v %LM#L: |.
v % -v |.
v p:d. |.
5 dLvG :&3e f};!-B Trust Authority C:[G n5 W |. f}!
kQ \h{ $8& &xUOY. C:[ C[ W _v f}, O# /f f}, 8:
DO m}b gk f}, C:[ iw W 9x f}z C:[ 8:dRG |. f
}L L e!- R3I MTOY.
v IBM WebSphere Application Server
v IBM HTTP Server
v CA -v
v RA -v
v (g -jC:[
v IBM DB2 Universal Database (UDB)
v IBM SecureWayp:d.
v 4758 O#- ZAN<-
63 dLvG :&4e $8;!-B " ANC`n! CAvB V<! kX 8Y <
N{N $8& &xUOY.
© Copyright IBM Corp. 1999b 3
81 dLvG :&5e |6gW;!B 8: DO E3/v, mI` /?.< 8. W
(g -jC:[! kQ %|DG $8! *M V@OY.
4 Trust Authority: C:[ |. H;-
&3e f}
; e!-B IBM SecureWay Trust AuthorityW W 8:dR& |.OB f}
! kQ V&& YlOY.
Trust Authority |.
L }!-B Trust Authority C:[; |]{8N |.OB % gkR v VB
58 W AN<:& 3mUOY.
58 W AN<:B Y=z 0@OY.
v Trust Authority O# /f
v -v 8:dR C[ W _v
v 8: DO /f; 'Q IniEditor gk
v Trust Authority 8: NW !K
v Trust Authority IP VR /f
v C:[ iw W 98
Trust Authority O# /f
IBM Trust Authority!B O# /f /?.<! &xGn V@OY. L /?.<
& gkOi C:[ 8: _! 3$Q b; O#& /fR v V@OY. Jb C
:[ 8: D V> gkZ! C:[; gkR v V8Ai W |! VRQ Q x
: O#& /fX_ UOY. L O#i: Y= bIG 8:dR! kQ W<:&
&nUOY.
v 8H C[ ^?Or
&n ANW% O#& kX Xg bhG pg Trust Authority 8:dR& C
:[L Z?8N C[GE* KYnR v Vm, 8H C[ O#- 0! W<:
R v V@OY.
v 4758 CA ANDO
© Copyright IBM Corp. 1999b 5
4758 CA ANDO O#B 4758 O#- ZAN<- CA ANDO! kQ W
<:& &nUOY.
v p:d.
p:d. |.Z O#B p:d.!- /fR v VB dR! kQ W<:& &
nUOY.
v (g -v
(g |.Z O#B (g NW W (g |. 58! kQ W<: GQ; &x
UOY.
O# /f /?.<& gkO) O#& /fOAi Y= \h& {#JC@.
1. Y= fN _ O*& gkO) Trust Authority bin p:d.N !JC@.
v AIX G fl, b; fN*: Y=z 0@OY.
/usr/lpp/iau/bin
v Windows NTG fl, b; fN*: Y=z 0@OY.
c:\Program Files\IBM\Trust Authority\bin
2. gkZ n5 <&! {s Y= mI _ O*& TBOJC@.
v AIX G fl, mInB Y=z 0@OY.
changePWD.sh
v Windows NTG fl, mI fNB Y=z 0@OY.
changePWD.bat
Y= ^:! *83OY.
------------- Change Trust Authority Passwords --------------Enter the option number for the component you want to change.You will be prompted to enter the current password and thenthe new password.--------------------------------------------------------------1) Control Program2) 4758 CA Profile3) Directory Administrator4) Audit Administrator5) QuitEnter Option:
6 Trust Authority: C:[ |. H;-
3. IG TB Je! IG x#& TBO) /fOAB O#G IG; 1COJC
@.
4. ARA.! %CGi 1CQ IGG vg O#& TBOm .NOJC@.
V: 3=8N L 58& gkOB fl vg O#B 8:C O#TOY. &n
ANW%, 4758 CA ANDO W (g |.Z O#! kX Trust Authority
-v O#& vg O#N v$OJC@. p:d. |.Z O#! kX-B
8: _! [:H p:d. |.Z O#& vg O#N v$OJC@.
5. ARA.! %CGi 1CQ IG! gkR u O#& TBOm .NOJC@.
O#B 8Z LOLn_ UOY(4758 CA ANDO O#B $.w 8ZLn_
UOY).
/fL &kN OaGzBv )N& KAVB ^Cv! %CKOY.
AN<:! OaGi V ^:N G9F)OY.
-v 8:dR C[ W _v
IBM Trust AuthorityB Trust Authority &n ANW%Lsm OB H|Q Z?
C[ ^?Or; gkO) Xg bhG pg 8:dR& C[ GB _vUOY.
Trust Authority &n bI(x] bhG fl!B bh6Y O*? V=): Z<
G O#-/O# X6 0& !vm V8g, JdQ fl L 0& gkO) 8:d
R O#& O#-OE* X6UOY.
8:dR C[
Trust Authority 8:dR& C[OAi, Y= \h& {#JC@.
1. C:[; 3!Q gkZN- Trust Authority! NWNOJC@.
2. Y=; TBO) bin p:d.N L?OJC@.
v AIX & G`OB fl, b; fNB /usr/lpp/iau/binTOY.
v Windows NT& G`OB fl, b; fNB c:\Program Files\IBM\Trust
Authority\binTOY.
3. gkZ n5 <&! {s Y= mI _ O*& TBO) C:[; C[OJC
@.
v AIX G fl:
&3e f} 7
Start_TA.sh
v Windows NTG fl:
Start_TA.bat
ANW%L Y=z 0L @dUOY.
&n ANW% O#& TBOJC@. ==>
L &n ANW% O#B Trust Authority &n ANW% KeyStore!- O#
& X6OB % gkGB 0& W<:UOY.
4. &n ANW% O#& TBOJC@.
&n ANW%: 8: DO; Pn C[X_ OB 8:dR& G0UOY.
v C[X_ Og O*G O#& !vB " 8:dRG fl, ANW%L O#
& X6Om 8:dR& C[UOY.
v C[X_ Og O*G O#& !vv JB " 8:dRG fl, ANW%:
\v 8:dR& C[Ob8 UOY.
v 8:dR! LL G` _N fl!B Xg 8:dR& G` _N sBN S
OY.
8:dR _v
Trust Authority 8:dR& _vOAi, Y= \h& {#JC@.
1. C:[; 3!Q gkZN- Trust Authority! NWNOJC@.
2. Y=; TBO) bin p:d.N L?OJC@.
v .IX& G`OB fl, b; fNB /usr/lpp/iau/binTOY.
v Windows NT& G`OB fl, b; fNB c:\Program Files\IBM\Trust
Authority\binTOY.
3. gkZ n5 <&! {s Y= mI _ O*& TBO) C:[; C[OJC
@.
v AIX G fl:
Stop_TA.sh
v Windows NTG fl:
Stop_TA.bat
8 Trust Authority: C:[ |. H;-
ANW%L Y=z 0L @dUOY.
&n ANW% O#& TBOJC@. ==>
&n ANW% O#! kX ANW%L ARA.& %CUOY. L O#B Trust
Authority &n ANW% KeyStore!- O#& X6OB % gkGB 0& W
<:UOY.
4. &n ANW% O#& TBOJC@.
&n ANW%: 8: DO; Pn _vX_ OB 8:dR& G0UOY.
v _vX_ OB " 8:dRG fl, ANW%L 8:dR& _vUOY.
v 8:dR! LL _vH fl!B ANW%L F+1 6!5 kOv J@O
Y.
IniEditor & gkQ 8: DO /f
L }!-B IniEditorsB 8: DO m}b& #bOm gkOB f}! kX 3
mUOY. IniEditor 58& gkOi IBM Trust AuthorityG 8: DON ""
G E3/v W =G; _!, w%L. W h&R v V@OY. L 58G m} J
e!B " E3/v! L'=*G V8N %CGGN gkZ! JdN OB E3
/v& 1T #F- m}R v V@OY. 8: E3/vG 3m W gk! kQ ;
k: 81 dLvG :8: DO;; |mOJC@.
V:
1. IniEditorB 8: DO; w%L.OB % gkOb 'X mHH \xQ m}
bTOY. L 58N %LMG /?: Ku; v`R vB x@OY.
2. DO 8# wx!- 8: DO; /fOb |!B Ws m}R 8: DO; i
wX u8JC@.
m}b G`
m}bB mI`!- C[R v V8g L ' m}OAB DO L': v$R v
5 Vm v$Ov J; v5 V@OY.
DO L'(9: myfile.ini); gkO) m}b& G`OAi Y= mI _ O*&
TBOJC@.
v AIX /fG fl!B mI`!- Y=; TBOJC@.
&3e f} 9
cd /usr/lpp/iau/binrun_IniEditor myfile.ini
v Windows NT /fG fl!B DOS mI`!- Y=; TBOJC@.
cd c:\Program Files\IBM\Trust Athority\binIniEditor myfile.ini
DO L'; gkOv Jm m}b& G`OAi Y= mI _ O*& TBOJC
@.
v AIX /fG fl!B mI`!- Y=; TBOJC@.
run_IniEditor
v Windows NT /fG fl!B DOS mI`!- Y=; TBOJC@.
IniEditor
DO L'; TBOv JB fl!B m}R DOL u DONv b8G DONv
& v$O5O OB ARA.! %CKOY. u DO; v$OB fl!B [:O
AB DOG /|; v$O5O OB ARA.! %CKOY. " DO /|6Y k
@OB .ini DO [C..! V8g L [C..B Xg /|; v$R ' Pn
iLT KOY. Y=: DO /|G IGTOY.
% 1. Trust Authority8: DO
AIX b; DO '! Windows NT b; DO '! 3m
/usr/lpp/iau/etc/TrustAuthority/
johahca.ini
c:\Program Files\IBM\Trust
Authority\etc\TrustAuthority\jonahca.ini
CA -v 8: DO. CA -v
G 8: /v& v$UOY.
b; n5 /! W ,a 3$
*; &nOAi L /v& /
fOi KOY.
/usr/lpp/iau/pkrf/Domains/
YourDomain/etc/johahra.ini
c:\Program Files\IBM\Trust Authority
\pkrf\Domains\YourDomain\etc\
jonahra.ini
RA -v 8: DO. RA -v
G 8: /v& v$UOY.
L /vB b; n5 W ,a
3$*; &xR S8 FOs
RA -vM p:d. -v #
G s#[k f}; &nR v
V5O UOY.
10 Trust Authority: C:[ |. H;-
% 1. Trust Authority8: DO (hS)
AIX b; DO '! Windows NT b; DO '! 3m
/usr/lpp/iau/etc/AuditClient.ini c:\Program Files\IBM\Trust
Authority\etc\AuditClient.ini
(g ,sLp. 8: DO.
(g ,sLp.G 8: /v
& v$UOY. L /vB ,
a 3$*; &xOm, G&N
n2 (g L%.& [ER M
Nv& &nOB (g 6:)
& 6$R v V5O UOY.
/usr/lpp/iau/etc/TrustAuthority/
AuditServer.ini
c:\Program Files\IBM\Trust
Authority\etc\TrustAuthority\
AuditServer.ini
(g -v 8: DO. (g -
vG 8: /v& v$UOY.
(g -vG b; n5 /!
W ,a 3$*; g8:OA
i L /v& /fOi KO
Y. GQ pvW W @y ^C
v& bOOB f}; v$R
v5 V@OY. L /vi:
bOI L%.& &nOb5
UOY.
IniEditorB Trust Authority DOL sVOB p:d.& KvO) [C.. D
O; #@OY.
m}b gk
IniEditor& 8: DON NeOi b8G E3/v! -i ^J! .. 86N *
83OY. L 86!B DOG =Gz 0! wTKOY. =G; 1COAi =G L
'; )#JC@. =G; .eOAi uOb(+) b#& )#JC@. =G! 0! w
TGn VB fl!B E3/v L'=*G VL -i @%JG m} Je! *8
3OY.
E3/v m}: Y=G m} 8:)& v`R v V@OY.
v E3/v *; /fOAi m} JeG X:. '! Xg ;k; TBOJC@.
v /fgW; G`kROAi, m} → G`kR& 1COJC@.
v E3/v* =G; h&OAi h&R Wq; 1CQ D m} → h&& 1C
OJC@.
=G _!: .ini DO! =G; _!OAi Y= \h& {#JC@.
1. @j'. → u =G; 1COJC@.
&3e f} 11
u =G _! k-sZ! *83OY.
2. k-sZ!- =GG L'; v$OJC@.
3. .N; )#JC@.
.. 86G G F!! u =GL *83OY.
E3/v _!: .ini DOG =G! E3/v& _!OAi Y= \h& {#J
C@.
1. @j'. → u E3/v& 1COJC@.
u E3/v [: k-sZ! *83OY. )b!B eSYn ^:! wTGn
V8g, L ^:!- E3/v& _!OAB ks =G; 1CR v V@OY.
2. E3/v Je!- E3/vG L'; v$OJC@.
3. * Je!- E3/vG *; v$OJC@.
4. .N; )#JC@.
1CQ =G F!G .. 86M " @%JG m} Je! u E3/v! *
83OY.
DO ze: IniEditor!-B vgG .ini DO; zeOE* Y% L'; !x D
ON zeOE* ANW%; >aR v V@OY. DOL /fH fl!B /fg
WG ze )N& /B ARA.! %CKOY. ze IGz *((ze wT) IG
pN vg DO; .save& .eZN .B iw8N zeOm u DO; vg DO
L'8N bOUOY.
Trust Authority IP VR /f
Trust Authority C:[L \O #:.m; gkOB \O bh! 3!Gn 8:
H fl, Y= }w& gkO) Xg bhG IP VR& /fR v V@OY.
1. Trust Authority C:[; _vOJC@.
2. gkZ 6wG $%! {s bhG IP VR& /fOJC@.
3. bh& KYnQ D gC[OJC@.
4. Trust Authority C:[; C[OJC@.
12 Trust Authority: C:[ |. H;-
L .-B Y_ bh GB Y_ #:.m IP VR* #:.m /fgW; wTO
B Y% C*.@! kX-B 3mOv J@OY. kNPG vg ANCz! kX
-B IBM SecureWay Trust Authority% gL.G sLj/. dLv& |6
OJC@.
C:[ iw W 9x
L }!-B IBM SecureWay Trust AuthorityG iw W 9x .&& YlOY.
L e: /w Y= .&& YlOY.
v Trust Authority %LM#L:G iw W 98& 'Q v'
v AIX W Windows NT n5 <& iw W 98
v IBM 4758 O#- ZAN<- 9&
AIX W Windows NT !-G iw W 9x
AIX & gkOg Windows NT& gkOg |hxL &kN Trust Authority&
iwOAi, Uz Y= x-N pg Trust Authority AN<:& C:[ >aX_
UOY.
1. Trust Authority
2. DB2 %LM#L:
LB gkOAB iw! |hxL v`X_ UOY. p:d. -vM DB2B q?
b 2b& gkOg L/Q AN<:! O|OT C:[ >aGv J: fl!B
^p. v[G %LM! C:[ iwC p:)! bOHYm 8eR v x@OY.
C:[L \O gkZ /v8v pe! !novO iw; u _ v`KOY. Trust
AuthorityG _v W C[! kQ Z<Q ;k: 7 dLvG :-v 8:dR C
[ W _v;& |6OJC@. %LM#L: _v W C[! kX-B IBM DB2
Universal DatabasemIn |6-, v| 5.2& |6OJC@.
iw /?.<! kX- IBM: Y=; GeUOY.
v AIX G fl, ;e iw /?.< mksysbM savevg GB ADSM(Y% IBM
&0); gkOJC@. mksysbW savevg/?.<& gkOB fl CY% A
NCz! kX AIX .-& |6OJC@. ADSM; gkOB fl!B L .
-& mksysbM T2 gkOJC@.
&3e f} 13
v Windows NTG fl, C:[ |<& 98R v VB C:[ LLv& [:O
B aftermarket/?.<& gkOJC@. ADSM; gkOB fl!B C:[
LLv /?.<M T2 gkOJC@.
gkZ! 1CQ iw /?.<! {}Q 9x ANCz! {#JC@.
4758 O#- ZAN<- 9&
4758 O#- ZAN<-& iwOAi, Trust Authority C:[; 3!Q bhG
6:M 0& 05G bh! 9&X_ UOY. Y= '!! VB IBM SecureWay
Trust Authority % gL.G sLj/. dLv!- L& v`OB ANCz& #
; v V@OY.
http://www.ibm.com/software/security/trust/library
WebSphere Application Server |.
IBM WebSphereB 6wG m:I % gL. 3_ W |.& =b 'Q RA.
~n &0:TOY. WebSphere Application ServerM IBM HTTP ServerB Trust
Authority!- % -v! bIOb 'Q ON86& &xUOY.
WebSphere Application Server sB !K
gkZ /f! {s, Y=z 0: ANCz <. _ O*& v`O) WebSphere
Application ServerG sB& !KR v V@OY.
v AIX G fl:
1. rootN AIX ! NWNOJC@.
2. AN<: %& !KOm Y=; #8JC@.
OutofProcEngine
L AN<:& |6OB fl, 3 \hN !JC@ L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
3. WebSphere|. dLv! W<:Om -vG sB& G0OB f}! k
X-B WebSphere.-& |6OJC@.
v Windows NTG fl:
1. C:[ |.ZN Windows NT!- NWNOJC@.
14 Trust Authority: C:[ |. H;-
2. Ctrl , Alt W Delete 0& -/ [w |.Z& C[OJC@.
3. AN<: G; 1COJC@.
4. {n5 Q3 LsG java.exeAN<: N:O:& #8JC@.
L AN<:& |6OB fl, 5 \hN !JC@. L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
5. WebSphere|. dLv! W<:Om -vG sB& G0OB f}! k
X-B WebSphere.-& |6OJC@.
WebSphere Application Server NW !K
18 dLvG %5! %CH '!!- IBM Trust Authority 3$ 6}g#G .#
hG; bOQ NW& !KR v V@OY.
% 2. 3$ 6}gM |CH .#hGG WebSphere Application ServerNW
AIX b; DO '! Windows NT b; DO '! V.
/usr/lpp/iau/etc/logs/jvm_stderr.log c:\Program Files\IBM\Trust
Authority\etc\logs\jvm_stderr.log
Java !s bh(JVM)G
%X @y bB
/usr/lpp/iau/etc/logs/jvm_stdout.log c:\Program Files\IBM\Trust
Authority\etc\logs\jvm_stdout.log
JVMG %X bB
%3! %CH '!!- WebSphere Application ServerM gkZ nO @kAN
W%#G .#hG; bOQ NW& !KR v V@OY.
% 3. nO @kANW%z |CH .#hGG WebSphere Application ServerNW
AIX b; DO '! Windows NT b; DO '! V.
/usr/lpp/iau/pkrf/Domains/YourDomain
/etc/logs/jvm_stderr.log
c:\Program Files\IBM\Trust
Authority\pkrf\Domains\YourDomain\
etc\logs\jvm_stderr.log
Java !s bh(JVM)G
%X @y bB
/usr/lpp/iau/pkrf/Domains/YourDomain
/etc/logs/jvm_stdout.log
c:\Program Files\IBM\Trust
Authority\pkrf\Domains\YourDomain\
etc\logs\jvm_stdout.log
JVMG %X bB
/usr/lpp/iau/pkrf/Domains/YourDomain
/logs/hostname_ssl-port-ssl-error.log
c:\Program Files\IBM\Trust
Authority\pkrf\Domains\YourDomain
\logs\hostname_ssl-port-ssl-error.log
8H HTTP ,a; k
Q .#hG8NNMG
@y ^Cv. ,sLp.
Nu W q,sLp.
Nu _ O*TOY.
&3e f} 15
% 3. nO @kANW%z |CH .#hGG WebSphere Application ServerNW (hS)
AIX b; DO '! Windows NT b; DO '! V.
/usr/lpp/iau/pkrf/Domains/YourDomain
/logs/hostnameerror.log
c:\Program Files\IBM\Trust
Authority\pkrf\Domains\YourDomain
\logs\hostname_public-porterror.log
xk HTTP ,a; k
Q .#hG8NNMG
@y ^Cv.
HTTP Server |.
IBM HTTP ServerB jslz W Y% ANW%z T2 % b] kE; 3.O
B % -v &0TOY. HTTPD(HTTP pU)B HTTP ServerG __{ *R;
OB 5S{ AN<:TOY. Trust AuthorityB )/ HTTP pU; |3UOY.
L/Q HTTP pU N:O:B xkG O#-H ,sLp. Nu W O#- ,a
; 3.UOY. )/ Y% /|G .#hG; 3.Ob 'X Trust Authority! g
kGB )/ /|G ,az % -v! kX Z<w KAi 76 dLvG :% -v;
;k; |6OJC@.
HTTP Server sB !K
gkZ /f! {s, Y=z 0: ANCz <. _ O*& v`O) HTTP -v
G sB& !KR v V@OY.
v AIX G fl:
1. rootN AIX ! NWNOJC@.
2. AN<: %& !KOm Li AN<: N:O:& #8JC@.
– 1 of sidd
– 2 of httpd
L/Q < 3G AN<: pN& 8TGi 3 ;k8N !JC@. L/Q <
3G N:O: pN! x8i 122 dLvG :.&! Xa;! *M VB v
'; |6OJC@.
3. Y= b; fN! VB bin p:d.N !JC@.
/usr/lpp/iau/bin
4. " w.! kX L mI; TBO) w.& !KOJC@.
checkSrvPortStatus -p port -s server -r1 -w1
16 Trust Authority: C:[ |. H;-
)b- portB !KOAB w.G x#Lm serverB WM ,|H HTTP -
vG L'TOY. 77 dLvG %13! Trust Authority b; HTTP -v
M w. 8:G d`L *M V@OY.
!K _N w.! $:{8N @dOB fl C:[: Y= ^Cv& %C
UOY.
w.:-v! VB w.! YNeKOY.
)b- portB !K _N w.Lm serverB Xg -vG L'TOY.
v Windows NTG fl:
1. C:[ |.ZN Windows NT!- NWNOJC@.
2. Ctrl , Alt W Delete 0& -/ [w |.Z& C[OJC@.
3. AN<: G; 1COJC@.
4. Apache.exeAN<:G N !v N:O:& #8JC@.
Li N AN<:& 8TGi 5 ;k8N !JC@. L/Q N 3G N:O
: pN! x8i 122 dLvG :.&! Xa;! *M VB v'; |6O
JC@.
5. MS DOS ARA.!- Y= b; fN& .B bin p:d.N !JC@.
c:\Program Files\IBM\Trust Authority\bin
6. " w.! kX L mI; TBO) w.& !KOJC@.
checkSrvPortStatus -p port -s server -r1 -w1
)b- portB !KOAB w.G x#Lm serverB WM ,|H HTTP -
vG L'TOY. 77 dLvG %13! Trust Authority b; HTTP -v
M w. 8:G d`L *M V@OY.
!K _N w.! $:{8N @dOB fl C:[: Y= ^Cv& %C
UOY.
w.:-v! VB w.! YNeKOY.
)b- portB !K _N w.Lm serverB Xg -vG L'TOY.
&3e f} 17
HTTP Server NW !K
%4! %CH '!!- IBM HTTP -vM Trust Authority 3$ 6}g#G .
#hG; bOQ NW& !KR v V@OY.
% 4. 3$ 6}g |C .#hGG HTTP -v NW
AIX b; DO '! Windows NT b; DO '! V.
/usr/lpp/iau/logs/oop_native.log.ERROR c:\Program Files\IBM\Trust
Authority\logs\oop_native.log.ERROR
AN<: \N #xG
xC Ze NP!- *
B @y ^Cv
/usr/lpp/iau/logs/ oop_native.log.INFORM c:\Program Files\IBM\Trust
Authority\logs\ oop_native.log.INFORM
AN<: \N #xG
xC Ze NP!- *
B $8 ^Cv
/usr/lpp/iau/logs/ oop_native.log.
WARNING
c:\Program Files\IBM\Trust
Authority\logs\ oop_native.log.WARNING
AN<: \N #xG
xC Ze NP!- *
B fm ^Cv
%5! %CH '!!- IBM HTTP -vM nO @kANW%#G .#hG; b
OQ NW& !KR v V@OY.
% 5. nO @kANW%z |CH .#hGG HTTP serverNW
AIX b; DO '! Windows NT b; DO '! V.
usr/lpp/iau/pkrf/Domain/YourDomain
/logs/apache.log.ERROR.PID
c:\Program Files\IBM\Trust
Authority\Domains\YourDomain
\logs\apache.log.ERROR.PID
IBM HTTP Server @
y ^Cv.
usr/lpp/iau/pkrf/Domain/YourDomain
/logs/apache.log.INFORM.PID
c:\Program Files\IBM\Trust
Authority\Domains\YourDomain
\logs\apache.log.INFORM.PID
IBM HTTP Server $
8 ^Cv.
usr/lpp/iau/pkrf/Domain/YourDomain
/logs/apache.log.TRACE.PID
c:\Program Files\IBM\Trust
Authority\Domains\YourDomain
\logs\apache.log.TRACE.PID
IBM HTTP Server!
GX _{ NW.
CA -v |.
L }!-B Trust Authority CA -vG n5 W |. ANC`n& 3mUOY.
CA -vB Trust Authority CAG -vx 8:)& 3.UOY. L -vB DB2
%LM#L: N:O:M T2 NC GB x] bh _ O*! sVUOY.
Y=: CA -v& |.Ob 'X v`X_ OB 8:)TOY.
18 Trust Authority: C:[ |. H;-
v IniEditor& gkO) jonahca.ini 8: DO; /fOJC@.
– CA! ;kOB TCP w.& /fOJC@.
– PKIX ^Cv! kQ z5 #]; /fOJC@.
– CRL 3$; /fOJC@.
v s# Nu W CA h~! kX CA Nu /?.<& gkOJC@.
v CA -v NW& !KOJC@.
v CA -v sB& !KOJC@.
CA -v ;kZ w. /f
CA -v .:J w.B CA! PKIX ^Cv& ;kOB '!TOY. L w.G
*; /fOAi Y= \h& {sJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8
:dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6
OJC@.
3. IniEditor& C[Om jonahca.ini 8: DO; NeOJC@. JdR fl 9
dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor C[
W gk! kQ v'; |6OJC@. AIX W Windows NT DO '!! k
X-B 10 dLvG %1; |6OJC@.
4. |[ =G; 1CO) .eOm TCPPort E3/v& 1COJC@.
5. %CH m} Je!- w. x#G *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
7. IniEditor& gC[Om jonahra.ini 8: DO; NeOJC@(L DO: g
kZ 3!! {s NC GB x] bh! V; v V@OY).
8. URL =G; 1COJC@.
9. %CH m} Je!- w. x#G *; /fOJC@.
10. O] =G; 1CO) .eOm Issuer1URL1 E3/v& 1COJC@.
11. %CH m} Je!- w. x#G *; /fOJC@.
12. DO; zeOm ANW%; >aOJC@.
&3e f} 19
13. Trust Authority C:[; C[OJC@.
CA z5 #] /f
CA z5 #]: CA -v! GQ [we' %G z. gL #](J(s), P(m) G
B C(h) \')TOY. [wv$ C#L fzH %G dRi: 3.& 'X [wv
$KOY. z5 #]; /fOAi, Y= \h& {#JC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Om jonahca.ini8: DO; NeOJC@. JdR fl 9 d
LvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor C[ W
gk! kQ v'; |6OJC@. AIX W Windows NT DO '!! kX
-B 10 dLvG %1; |6OJC@.
4. |[ =G; 1CO) .eOm PollInterval E3/v& 1COJC@.
5. %CH m} Je!- z5 #]G *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
CRL 3$ /f
CRL(Nu kR qO)Lu CA! kRQ NuG qO8N- pvP -m W C#
RNL {kH qO; ;UOY. CRL 3. f}! 5b; L!b 'X CA -v
8: DO!- Y= *; /fR v V@OY.
v :IYH CRL [: gLG C#
v CRLG vm
CRL [: gL! ckGB C# /f
:IYH CRL _} gL! ckGB C#! kX Nu W s# Nu $%; /
fOAi Y= \h& v`OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
20 Trust Authority: C:[ |. H;-
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Om jonahca.ini8: DO; NeOJC@. JdR fl 9 d
LvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor C[ W
gk! kQ v'; |6OJC@. AIX W Windows NT DO '!! kX
-B 10 dLvG %1; |6OJC@.
4. CertPolicy =G; 1CO) .eOm TimeBetweenCRLs E3/v& 1C
OJC@.
5. %CH m} Je!- uNn CRL [: gLG C# *; /fOJC@.
L *: P(m), C(h) GB O(d) \'G #]L KOY. 9& in, 1d. L
*: CRL vSb# *8Y [F_ UOY.
6. CrossCertPolicy =G; 1CO) .eOm TimeBetweenCRLs E3/v&
1COJC@.
7. %CH m} Je!- uNn CRL [: gLG C# *; /fOJC@.
L *: P(m), C(h) GB O(d) \'G #]L KOY. 9& in, 1d. L
*: CRL vSb# *8Y [F_ UOY.
8. DO; zeOm ANW%; >aOJC@.
9. Trust Authority C:[; C[OJC@.
CRL vm /f
CRLG vSb# GB sLAgL,! kX Nu W s# Nu $%; /fOA
i Y= \h& v`OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Om jonahca.ini8: DO; NeOJC@. JdR fl 9 d
LvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor C[ W
gk! kQ v'; |6OJC@. AIX W Windows NT DO '!! kX
-B 10 dLvG %1; |6OJC@.
&3e f} 21
4. CertPolicy =G; 1CO) .eOm CRLDuration E3/v& 1COJC
@.
5. %CH m} Je!- CRLG /? b# *; /fOJC@. L *: P(m),
C(h) GB O(d) \'G #]L KOY. 9& in, 2d.
6. CrossCertPolicy =G; 1CO) .eOm CRLDuration E3/v& 1C
OJC@.
7. %CH m} Je!- CRLG /? b# *; /fOJC@. L *: C, P
GB O \'G #]L KOY. 9& in, 2d.
8. DO; zeOm ANW%; >aOJC@.
9. Trust Authority C:[; C[OJC@.
s# Nu; gkQ CA Nu d;
s# Nu EZ p(; gkO) Trust Authority CA& kEOB Y% CA!-
CA Nu; d;R v V@OY. s# Nu: Y% Nu; Nu uEN vkO5
O ?GOb 'X -N EZOB CA& ckUOY. s# Nu: CAi gL!-
gfb8N Lgnz v VB ]i, Trust Authority!-B \fb s# Nu d
;8 vxKOY.
Trust Authority CA Nu /?.<& gkO) Y% CAM s# Nu; v`U
OY. L /?.<B mI` 58TOY. L 58& C[R 'B %X L' &`
Nu .e; YA8N Q IG; v$X_ UOY. R.Z IG: ckH -j.
. qO! wTGB gW; v$UOY. k.Z IG: &\H -j.. qO! w
TGB gW; v$UOY. O]{8N &\H -j..B ckGB -j.. qO
5 v$GB VR /|! kX-8 v$KOY.
Y= }!B s# Nu p(; gkOB CA Nu; .8Ob 'X v`X_ O
B \hM 9&! *M V@OY.
s# Nu \h
s# Nu p(; gkOB CA Nu; d;OAi Y= \h& {#JC@.
1. s# Nu; d;OB CA kE, gkZ H;-!- %; gkO) nOOB
% kQ v'! {s Y= \h& v`OJC@.
a. Xg d;L CA! kQ MS; v$O) g|nO; v`OJC@.
22 Trust Authority: C:[ |. H;-
b. nO d; sB& !KOJC@.
c. ; }G !! VB V! {s g|nO DO; zeOJC@.
2. g|nO DO; s# Nu; d;OB CA! VB bhN |[OJC@.
3. s# Nu; d;OB CA! VB bh! C:[; 3!Q gkZN- Trust
Authority! NWNOJC@.
4. AIXG fl mI`!- CaCertRqmI; G`Om Windows NTG fl DOS
ARA.!- G`OJC@.
CaCertRqmI; v`R ', g|nO DOG }k fNM L'; &xX_
UOY. mI 8. W mIG E3/v 3m! kQ ;k: 107 dLvG :CA
Nu /?.<;& |mOJC@.
IP VR 6:) v$
NuG /?:; gkZ 8g!- gkOB IP VR |'N &QOB s# NuH
CA Nu; d;R v V@OY.
Y=G 9!-, n5 C:[L AIX N fl, gkZG 8g! gkOB IP VRG
|'B 9.0.0.0NM 9.255.255.254nvLg, g|nO fN W DO L':
/tmp/ccprereg.regLm O#B Secure99TOY. L mI: v$H VR |'& c
kH -j.. qO! '!C5OY.
CaCertRq -i 9.0.0.0/255.0.0.0 -r /tmp/ccprereg.reg -P 1835 Secure99
DNS VR v$
NuG /?: Ku; DNS VR Wl8N &QOB s# 8u CA Nu; d;
R v V@OY.
Y= 9&!-B Windows NT& G` _Lm Trust Authority CA #:.B
.companyA.com8N !*B DNS VR& !}OY. L mI: v$H DNS V
R& ckH -j.. qO! '!C5OY.
CaCertRq -d .companyA.com -r c:\temp\ccprereg.reg -P 1835 Secure99
V: DNS VR! 6'%N C[OB fl!B Xg NS .Z-(″.″ wT)N !*
B pg #:.! -j.. qO! '!UOY. DNS VR! 6'%N C[O
v JB fl!B Xg .Z-z O!OB #:.8; *8;B MTOY.
&3e f} 23
9 & i n , & Q 6 G ″ . companyA.com″ : us .companyA.com,
vnet.companyA.comW w3.software.companyA.comzB O!O*
companyA.com(kidcompanyA.com)Z<MB O!Ov J@OY. &Q6G
companyA.com: companyA.comzB O!O* us.companyA.comzB O
!Ov J@OY. L/Q -j..(″.″N C[Ov JB -j..)B O*G !
IQ ke8; *8@OY. ″.″N C[Ov JB m<B &\GB -j..!
VN /kUOY.
|Z lm VR v$
NuG /?: Ku; |Z lm VR Wl8N &QOB s# 8u CA Nu;
d;R v V@OY.
Y= 9&!-B Windows NT& G` _Lm pg Trust Authority CA #:.
! .us.companyA.com8N !*B |Z lm VR& !vg g|nO fNM D
O L': a:\ccprereg.regLm O#B Secure99TOY. L mI: v$H |Z l
m VR& ckH -j.. qO! '!C5OY.
CaCertRq -m .us.companyA.com -r a:\ccprereg.reg -P 1835 Secure99
NuG /?: Ku; |Z lm VR Wl;G O*& &\Q pg VRN &Q
OB s# NuH CA Nu; d;R v V@OY.
Y= 9&!-B Windows NT& G` _Lm Trust Authority CA #:.! |
Z lm VR outCA.us.companyA.com; !vg g|nO fN W DO L':
a:\ccprereg.regLm O#B Secure99TOY. L mI: v$H |Z lm VR&
&\H -j.. qO! '!C5OY.
CaCertRq -m .us.companyA.com -M outCA.us.companyA.com -r a:\ccprereg.reg -P 1835Secure99
URI v$
NuG /?: Ku; UO Zx D0Z(URI, URLL !e O]{N O'}UN
D0Z |V) Wl8N &QOB s# NuH CA Nu; d;R v V@OY.
24 Trust Authority: C:[ |. H;-
Y= 9&!-B AIX & G` _Lm pg Trust Authority CA #:.! .xyz.com
8N !*B #:. L'; !vg g|nO fNM DO L': /tmp/ccprereg.reg
Lm O#B Secure99TOY. L mI: v$H URI& ckH -j.. qO!
'!C5OY.
CaCertRq -u .xyz.com -r /tmp/ccprereg.reg -P 1835 Secure99
V: URIG ke NP(.. 86!- %LMG O' WqG Yxv): IP VR!
wTGn Vv JB Q 23 dLvG :DNS VR v$;!- 3mQ Mz ?O
Q T"; {s_ UOY. L fl $.w O!X_ UOY.
p:d. Wq v$
NuG /?: Ku; ?OQ RDN(sk{ 80 L'); !vB p:d. Wq W
l8N &QOB s# NuH CA Nu; d;R v V@OY.
Y= 9&!-B AIX & G` _Lm pg Trust Authority CA #:.! &xH
RDNz O!OB RDN, /C=US/O=companyA/OU=departmentB& !vg g|
nO fNM DO L': /tmp/ccprereg.regLm O#B Secure99TOY. L mI
: v$H RDN& ckH -j.. qO! '!C5OY.
CaCertRq -n "/C=US/O=companyA/OU=departmentB" -r /tmp/ccprereg.reg -P 1835Secure99
h~ p(; gkQ CA Nu d;
h~ EZ p(; gkO) Y% CANNM CA Nu; d;R v V@OY. L
B 9& in gkZ gL.G )/ w! Trust Authority! 3!Gn Vm CA
#! EZ h~; 3$OAB fl v`R v V@OY. CAB h~!- W '!
VB CA& EZOm NuG uEN- Xg CAG Nu; vkUOY.
CA h~; 3$OAi Trust Authority CA Nu mI` /?.<& gkOJC
@. L 58& gkR 'B %X L' &Q6G Nu .e! kX VRQ O*G
IG; v$X_ UOY(Nu .e! kX-B 65 dLvG :Nu .e; |6). R
.Z IG: ckH -j.. qO! wTGB gW; v$UOY. k.Z IG:
&\H -j.. qO! wTGB gW; v$UOY. O]{8N &\H -j..
B ckGB -j.. qO5 v$GB VR /|! kX-8 v$KOY.
&3e f} 25
Y= }!B h~ p(; gkOB CA Nu; .8Ob 'X v`X_ OB \
hM 9&! *M V@OY.
h~; gkQ CA Nu d; \h
h~ p(; gkQ CA Nu; d;OAi Y= \h& {#JC@.
1. s# Nu; d;OB CA kE, gkZ H;-!- %; gkO) nOOB
% kQ v'! {s Y= \h& v`OJC@.
a. Xg d;L CA! kQ MS; v$O) g|nO; v`OJC@.
b. nO d; sB& !KOJC@.
c. ; }G !! VB V! {s g|nO DO; zeOJC@.
2. g|nO DO; h~ b; CA Nu; d;OB CA! bhN |[OJC@.
3. Nu; d;OB CA! VB bh! C:[; 3!Q gkZN- Trust
Authority! NWNOJC@.
4. AIXG fl mI`!- CaCertRqmI; G`Om Windows NTG fl DOS
ARA.!- G`OJC@.
CaCertRqmI; v`R ', g|nO DOG }k fNM L'; &xX_
UOY. mI 8. W mIG E3/v 3m! kQ ;k: 107 dLvG :CA
Nu /?.<;& |mOJC@.
IP VR 6:) v$
Y% CAG CA h~; hBOm NuG /?: Ku; gkZG 8g! gkO
B IP VR Wl8N &QOB CA Nu; d;R v V@OY.
Y=G 9!- n5 C:[L AIX N fl, gkZG 8g! gkOB IP VRG
|'B 9.0.0.0NM 9.255.255.254nvLg, g|nO fN W DO L':
/tmp/ccprereg.regLm O#B Secure99TOY. L mI: v$H VR |'& c
kH -j.. qO! '!C5OY.
CaCertRq -i 9.0.0.0/255.0.0.0 -h -r /tmp/ccprereg.reg -P 1835 Secure99
DNS VR v$
Y% CAG CA h~; hBOm NuG /?: Ku; DNS VRG Wl8N &
QOB CA Nu; d;R v V@OY.
26 Trust Authority: C:[ |. H;-
Y= 9&!-B Windows NT& G` _Lm pg Trust Authority CA #:.
! .companyA.com8N !*B DNS VR& !vg g|nO fNM DO L'
: a:\ccprereg.regLm O#B Secure99TOY. L mI: v$H DNS VR& c
kH -j.. qO! '!C5OY.
CaCertRq -d .companyA.com -h -r a:\ccprereg.reg -P 1835 Secure99
V: DNS VR! 6'%N C[OB fl!B Xg NS .Z-(″.″ wT)N !*
B pg #:.! -j.. qO! '!UOY. DNS VR! 6'%N C[O
v JB fl!B Xg .Z-z O!OB #:.8; *8;B MTOY.
9 & i n , & Q 6 G ″ . companyA.com″ : us .companyA.com,
vnet.companyA.comW w3.software.companyA.comzB O!O*
companyA.com(kidcompanyA.com)Z<MB O!Ov J@OY. &Q6G
companyA.com: companyA.comzB O!O* us.companyA.comzB O
!Ov J@OY. L/Q -j..(″.″N C[Ov JB -j..)B O*G !
IQ ke8; *8@OY. ″.″N C[Ov JB m<B &\GB -j..!
VN /kUOY.
|Z lm VR v$
Y% CAG CA h~; hBOm NuG /?: Ku; |Z lm VR WlG p
g VR! {kOB CA Nu; d;R v V@OY.
Y= 9&!-B AIX & G` _Lm pg Trust Authority CA #:.!
.us.companyA.com8N !*B |Z lm VR& !vg g|nO fNM DO L
': /tmp/ccprereg.regLm O#B Secure99TOY. L mI: v$H |Z lm
VR& ckH -j.. qO! '!C5OY.
CaCertRq -m .us.companyA.com -h -r /tmp/ccprereg.reg -P 1835 Secure99
Y% CAG CA h~; hBOm NuG /?: Ku; |Z lm VR WlG p
g VR! {kOG O*G VR8 &\OB CA Nu; d;R v V@OY. Y
= 9&!-B Trust Authority CA #:.! |Z lm VR outCA.us.
companyA.com; !vm g|nO fN W DO L': /tmp/ccprereg.regLg
O#B Secure99TOY. L mI: v$H |Z lm VR& &\H -j.. q
O! '!C5OY.
&3e f} 27
CaCertRq -m .us.companyA.com -M outCA.us.companyA.com -h -r /tmp/ccprereg.reg -P 1835Secure99
URI v$
Y% CAG CA h~; hBOm NuG /?: Ku; UO Zx D0Z(URI,
D0Z |VN- L _ URL: !e O]{N O' }US) Wl8N &QOB CA
Nu; d;R v V@OY. Y= 9&!-B Windows NT& G` _Lm pg
Trust Authority CA #:.! .xyz.com8N !*B URI VR& !vg g|n
O fNM DO L': a:\ccprereg.regLm O#B Secure99TOY. L mI: v
$H URI& ckH -j.. qO! '!C5OY.
CaCertRq -u .xyz.com -h -r a:\ccprereg.reg -P 1835 Secure99
V: URIG ke NP: IP VR! wTGn Vv JB Q 23 dLvG :DNS V
R v$;!- 3mQ Mz ?OQ T"; {s_ UOY. L fl $.w O
!X_ UOY.
p:d. Wq v$
Y% CAG CA h~; hBOm NuG /?: Ku; ?OQ RDN(sk{ 8
P L'); !vB p:d. Wq Wl8N &QOB CA Nu; d;R v V@
OY. Y= 9&!-B AIX & G` _Lm pg Trust Authority CA #:.!
&xH RDNz O!OB RDN, /C=US/O=companyA/OU=departmentB& !v
g g|nO fNM DO L': /tmp/ccprereg.regLm O#B Secure99TOY.
L mI: v$H RDN& ckH -j.. qO! '!C5OY.
CaCertRq -n "/C=US/O=companyA/OU=departmentB" -h -r /tmp/ccprereg.reg -P 1835 Secure99
V: Trust Authority!-B Y= |DL DN! gkKOY.
/C=country/O=organization/OU=organizational_unit/CN=common_name
CA -v NW !K
CA -v NWB CA -vM |CH pg .#hG; bOUOY. CA -v NW
B Y= '!!- !KR v V@OY.
28 Trust Authority: C:[ |. H;-
% 6. CA -v NW
AIX b; DO '! Windows NT b; DO '! 3m
/usr/lpp/iau/etc/TrustAuthority/logs/
caSS.log.xnnnnnn
c:\Program Files\IBM\Trust
Authority\etc\TrustAuthority\
logs\caSS.log.xnnnnnn
)b!B caSS.logsB O*G NW
DO L' :[L V@OY. u NW
! [:I '6Y xnnnnnn.eZ!
O*? u!UOY.
CA -v sB !K
gkZ /f! {s, Y=z 0: ANCz <. _ O*& v`O) CA -vG
sB& !KR v V@OY.
v AIX G fl:
1. rootN AIX ! NWNOJC@.
2. AN<: %& !KOm L AN<:& #8JC@.
iauAutoCa
L AN<:& |6OB fl, 3 \hN !JC@. L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
3. Y= b; fN! VB bin p:d.N !JC@.
/usr/lpp/iau/bin
4. L mI; TBO) 1835 w.! $s{8N @dO4Bv !KOJC@.
ServerControl -i -c -k CA -n server -p 1835 -l"logfile"
)b- serverB w. 1835M ,|H CA -vG L'Lm logfile:
ServerControlmIG az& bOOAB NW DOG L'TOY.
w.! :x{8N @dQ fl, C:[! Y= ^Cv! %CKOY.
[CA] -q:! -v!- G` _S; [email protected], w.: 1835.
)b- -vB w. 1835M ,|H -vTOY.
v Windows NTG fl:
1. C:[ |.ZN Windows NT!- NWNOJC@.
2. Ctrl , Alt W Delete 0& -/ [w |.Z& C[OJC@.
&3e f} 29
3. AN<: G; 1COJC@.
4. iauAutoCA.exeAN<:& #8JC@.
L AN<:& |6OB fl, 5 \hN !JC@ L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
5. MS DOS ARA.!- Y= b; fN& .B bin p:d.N !JC@.
c:\Program Files\IBM\Trust Authority\bin
6. L mI; TBO) 1835 w.! $s{8N @dO4Bv !KOJC@.
ServerControl -i -c -k CA -n server -p 1835 -l"logfile"
)b- serverB w. 1835M ,|H CA -vG L'Lm logfile:
ServerControlmIG az& bOOAB NW DOG L'TOY.
w.! :x{8N @dQ fl, C:[! Y= ^Cv! %CKOY.
[CA] -q:! -v!- G` _S; [email protected], w.: 1835.
)b- -vB w. 1835M ,|H -vTOY.
RA -v |.
L }!-B Trust Authority RA -vG n5 W |. ANC`n& 3mUOY.
RA -vB RA %:)>z CA -v gLG kE; 3.UOY. L -vB DB2
%LM#L: N:O:M T2 NC bh! sVUOY.
Y=: RA -v& |.Ob 'X v`X_ OB 8:)TOY.
v RA gkZ _! /?.<& gkO) gkZ& RA |.ZN- C:[! _!
OJC@.
v IniEditor& gkO) jonahra.ini 8: DO; /fOJC@.
– RA -v ;kZ w. /f.
– RA z5 #] /f.
– RA gC5 #] /f.
30 Trust Authority: C:[ |. H;-
– p:d.MG kE; 'X RA 3$; /fOJC@.
v RA -v NW !K.
v RA -v sB !K.
RA |.Z _!
uNn RA |.Z& C:[! _!OB M: gkZG %STOY. RA |.Z
sBN GQN)H gkZB Trust Authority nO @kANW% 8: DO! v
$H RA ANDO _ O*! $GH bI; v`Om &QH Zx! W<:R v
V@OY.
uNn RA |.Z& _!OAi, 8:)& v`OB % JdQ $8& rb 'X
gkZ ::N RA |.Z! Gn_ UOY. Y=; v`X_ UOY.
v SSL jslz Nu; d;Om _}X_ UOY.
v DB2 %LM#L:& 68O) jslz NuG d; 9Ze!- $8& Kv
X_ UOY. gkZ ::N& RA |.ZN _!OB % L $8! JdUO
Y.
v Y% gkZ& _!R v V5O gkZ ::N& RA |.ZN- Trust
Authority C:[! _!X_ UOY.
L }!B Uz RA Z] um-& r: Y= RA |.Z& _!Ob 'Q AN
Cz! *M V@OY.
9x0 RA |.ZN- MO& _!
gkZ ::N& RA |.ZN- Trust Authority C:[! _!OAi Y= \
h& v`OJC@.
1. Fw _!Ov JRYi jslz Nu; {kOm .8OJC@. nO [w!
kQ Z<Q ;k: gkZ H;-& |mOJC@.
2. DB2 mI` k-D <G; C[OJC@. gkZ n5 <&! {s Y= A
NCz <. _ O*& gkOJC@.
v AIX G fl:
a. mI ARA.!- su mI; TBO) Trust Authority& 3!Q gk
ZG |. h$8N |/OJC@.
&3e f} 31
b. Trust Authority gkZ! kQ O#& TBOJC@.
c. db2& TBO) DB2 <G; C[OJC@.
d. DB2 mI ARA.!- Y=; TBO) %LM#L:N ,aOJC@.
pkrfdb! ,a
L fl!-B b; nO %L8#L: pkrfdbN #VKOY.
v Windows NTG fl:
a. Windows 58p=!- C[ → ANW% → Windows NTk DB2 →
mI` AN<-& 1COJC@.
b. ARA.!- DB2& TBOJC@.
c. connect to pkrfdb& TBOJC@.
L fl!-B b; nO %L8#L: pkrfdbN #VKOY.
3. DB2 mI ARA.!- Y=z 0: SQL mI; TBOJC@.
select last_name, first_name, credential_uuid, created_on from requests wherelast_name = 'yourlastname' and first_name = 'yourfirstname' and profile_namelike '%BrowserCert%'
:xR fl, C:[: O!OB pg 9Ze! kQ d;H :, L', Z] u
m- UUID W C#RN; .OUOY. L fl .OH $8B jslz Nu
! kQ d; 9ZeNNM IOY.
4. gkZ ::N& RA |.ZN- _!R ' gkI Z] um- UUID& b
OOJC@.
5. quit& TBO) DB2 <G; >aOJC@.
6. 33 dLvG 3 \h!-NM :RA |.Z _!;G v'; v`O) gkZ :
:N& RA |.ZN C:[! _!OB [w; 6!JC@.
RA |.Z _!
gkZ 6w!- 3$Q ANCz! {s, RA |.Z _! d;: qxD{N |
- #b!- 8Y xD{N @kANW% AN<:! L#bnv YgQ f}8N
&CKOY. RA |.Z! {UO5O Uz gkZ!T SSL jslz NuL _
`Gn_ UOY. gkZB Trust Authority gkZ H;-! *M VB %X j
slz b; nO ANCz& v`O) jslz Nu; d;R v V@OY.
32 Trust Authority: C:[ |. H;-
Trust AuthorityB RA |.Z _!& 'Q mI` /?.< add_rauser& &x
UOY. L mI! gkGB 8.: 109 dLvG :RA gkZ /?.< _!;!
-G |D; kUOY.
d;; vEQ D!B Y= \h& v`O) RA |.Z& C:[! _!OJC
@.
1. RA |.ZG SSL jslz Nu d; sB& !KOJC@.
L& v`OAi, RA %:)>! W<:Om nO GQ %:)> H;-! *
M VB 68 &b W 68 az -w ANCz& v`OJC@.
2. NuL _`H fl, L Nuz ,|H m/ gkZ D0(UUID); 8OJC
@.
L& v`OAi, BNH Nuz ,|H %LM#L: 9Ze& #F 9Ze S
:; 8JC@. E3/v _ O*& add_rausermI! gkR Z] um-
UUID S:; #B _TOY.
3. gkZ /f! {s Y= _ O*& v`OJC@.
v AIX G fl:
a. 3! root p:d.N !JC@. b; 3! root& gkOAi, mInB
Y=z 0@OY.
cd /usr/lpp/iau/pkrf/bin
b. Y=z 0L mIn& TBOJC@.
./add_rauser /usr/lpp/iau/pkrf/etc/domain.cfgYourDomain aBcpDqXyZ==
RAUser
'!:
– /usr/lpp/iau/pkrf/etc/domain.cfgB Trust Authority b; 3
! g. fN W 5^N 8: DOTOY.
– YourDomain: b; nO 5^NTOY.
– aBcpDqXyZ==B Z] um- UUIDG Q 9TOY.
– RAUserB W<: ANDOTOY.
v Windows NTG fl:
&3e f} 33
a. 3! root p:d.N !JC@. b; 3! root& gkOAi, mInB
Y=z 0@OY.
cd c:\Program Files\IBM\Trust Authority\pkrf\bin
b. Y=z 0L mIn& TBOJC@.
add_rauser c:\Program Files\IBM\Trust Authority\pkrf\etc\domain.cfgYourDomain aBcpDqXyZ== RAUser
'!:
– c:\Program Files\IBM\Trust Authority\pkrf\etc\domain.cfg
B Trust Authority b; 3! g. fN W 5^N 8: DOTO
Y.
– YourDomain: b; nO 5^NTOY.
– aBcpDqXyZ==B Nu UUIDG Q 9TOY.
– RAUserB W<: ANDOTOY.
mIL OaGi C:[L :x GB GP ^Cv& %CUOY.
RA -v ;kZ w. /f
RA -v .:J w.B RA! PKIX ^Cv& ;kOB '!TOY. L w.G
*; /fOAi Y= \h& {sJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8
:dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6
OJC@.
3. IniEditor& C[Q D jonahra.ini 8: DO; NeOJC@. JdR fl 9
dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor C[
W gk! kQ v'; |6OJC@. AIX W Windows NT DO '!! k
X-B 10 dLvG %1; |6OJC@.
4. |[ =G; 1CO) .eOm TCPPort E3/v& 1COJC@.
5. %CH m} Je!- w. x#G *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
34 Trust Authority: C:[ |. H;-
7. IniEditor& gC[Om jonahca.ini 8: DO; NeOJC@(L DO: g
kZ 3!! {s NC GB x] bh! V; v V@OY).
8. URL =G; 1COJC@.
9. %CH m} Je!- w. x#G *; /fOJC@.
10. DO; zeOm ANW%; >aOJC@.
11. Trust Authority C:[; C[OJC@.
RA z5 #] /f
RA z5 #]: RA -v! GQ [we' %G z. gL #](J(s), P(m) G
B C(h) \')TOY. [wv$ C#L fzH %G dRi: 3.& 'X [wv
$KOY. z5 #]; /fOAi, Y= \h& {#JC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D jonahra.ini 8: DO; NeOJC@. JdR fl 9
dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor C[ W
gk! kQ v'; |6OJC@. AIX W Windows NT DO '!! kX
-B 10 dLvG %1; |6OJC@.
4. |[ =G; 1CO) .eOm PollInterval E3/v& 1COJC@.
5. %CH m} Je!- z5 #]G *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
RA gC5 #] /f
RA gC5 #]: CA!- RAN |[H z C#L RAG vg Ch C#8Y
L% fl RA! GQ CAG z. gL #](J(s), P(m) GB C(h) \')TO
Y. RA gC5 #]; /fOAi, Y= \T& {#JC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
&3e f} 35
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D jonahra.ini 8: DO; NeOJC@. JdR fl 9
dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor C[ W
gk! kQ v'; |6OJC@. AIX W Windows NT DO '!! kX
-B 10 dLvG %1; |6OJC@.
4. |[ =G; 1CO) .eOm RetryInterval E3/v& 1COJC@.
5. %CH m} Je!- gC5 #]G *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
RA -v NW !K
%7! %CH '!!- RA -v NW& !KR v V@OY.
% 7. RA -v NW
AIX b; DO '! Windows NT b; DO '! 3m
/usr/lpp/iau/pkrf/Domains/ YourDomain/logs/ c:\Program Files\IBM\Trust
Authority\pkrf\Domains
\YourDomain\logs\
NW DO!B
.log.random_numbers
B .eZ! V@OY.
RA -v sB !K
gkZ /f! {s, Y=z 0: ANCz <. _ O*& v`O) RA -vG
sB& !KR v V@OY.
v AIX G fl:
1. rootN AIX ! NWNOJC@.
2. AN<: %& !KOm Y= AN<:& #8JC@.
iaurasvr
L AN<:& |6OB fl, 3 \hN !JC@. L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
3. Y= b; fN! VB bin p:d.N !JC@.
/usr/lpp/iau/bin
36 Trust Authority: C:[ |. H;-
4. 29783 w.! L mI; TBO) :x{8N @dO4Bv !KOJC@.
ServerControl -i -c -k RA -n server -p 29783 -l"logfile"
)b- serverB w. 29783z ,|H RA -vG L'Lm logfile:
ServerControlANW%G az& bOOAB NW DOG L'TOY.
w.! :x{8N @dQ fl, C:[! Y= ^Cv! %CKOY.
[RA] -q:! -v!- G` _S; [email protected], w.: 29783.
)b- -vB w. 29783z ,|H -vTOY.
v Windows NTG fl:
1. C:[ |.ZN Windows NT!- NWNOJC@.
2. Ctrl , Alt W Delete 0& -/ [w |.Z& C[OJC@.
3. AN<: G; 1COJC@.
4. iaurasvr.exeAN<:& #8JC@.
L AN<:& |6OB fl, 5 \hN !JC@ L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
5. MS DOS ARA.!- Y= b; fN& .B bin p:d.N !JC@.
c:\Program Files\IBM\Trust Authority\bin
6. 29783 w.! L mI; TBO) :x{8N @dO4Bv !KOJC@.
ServerControl -i -c -k CA -n server -p 29783 -l"logfile"
)b- serverB w. 29783z ,|H RA -vG L'Lm logfile:
ServerControlmIG az& bOOAB NW DOG L'TOY.
w.! :x{8N @dQ fl, C:[! Y= ^Cv! %CKOY.
[RA] -q:! -v!- G` _S; [email protected], w.: 29783.
)b- -vB w. 29783z ,|H -vTOY.
&3e f} 37
p:d.MG kE; 'Q RA 3$ /f
RA -vB IBM SecureWayp:d. -vM kEO) nO AN<: |.& =
@OY. RA! p:d.M kEOB f}! 5b; L!b 'X RA -v 8: D
O!- Y= *; /fR v V@OY.
v p:d. -vG #:. L' W w.
v p:d. |.ZG DN W O#
v w:. #]
p:d. -vG #:.mz w.& ]5Ob 'Q RA 3$ /f
?z{8N p:d.M kEOb 'X-B p:d.! ;kOB $.Q w.M $
.Q #:.mL RA! JdUOY. RA! p:d. kE! gkOAB #:.m
z w.& /fOAi Y= \h& v`OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D jonahra.ini 8: DO; NeOJC@. JdR fl 9
dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor C[ W
gk! kQ v'; |6OJC@. AIX W Windows NT DO '!! kX
-B 10 dLvG %1; |6OJC@.
4. LDAP =G; 1CO) .eOm Server1 E3/v& 1COJC@.
5. %CH m} Je!- #:. L' W w. x#G *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
p:d. -v w:. #]; ]5Ob 'Q RA 3$ /f
w:. #]: uNn gkZ Nu GB uNn CRLz 0L p:d.N |[I
$8! VBv& 8b 'Q RA !K gLG C# #]TOY.
RAG w:. #]; /fOAi Y= \h& v`OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
38 Trust Authority: C:[ |. H;-
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D jonahra.ini 8: DO; NeOJC@. JdR fl 9
dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor C[ W
gk! kQ v'; |6OJC@. AIX W Windows NT DO '!! kX
-B 10 dLvG %1; |6OJC@.
4. LDAP =G; 1CO) .eOm PostInterval E3/v& 1COJC@.
5. %CH m} Je!- PostIntervalE3/vG *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
(g -jC:[ |.
(g -jC:[; |.OAi (g |.ZG *R; v`Om Vn_ UOY. O
N (g |. 8:)& v`OAi O#! Vn_ UOY. (g |.Z O#& /
fX_ OB fl!B 5 dLvG :Trust Authority O# /f;; |mOJC@.
(g -vB Trust AuthorityG 5S{ AN<:N- Trust Authority 8:dRN
NM (g L%.& vEOm L& (g NW! bOUOY. L -vB DB2 %L
M#L:M T2 NC GB x] bh _ O*! 3!KOY. (g -vB CA -
vM ?OQ bh! '!X_ UOY.
Y=: (g -jC:[; |.Ob 'X v`X_ OB 8:)TOY.
v N 3G Trust Authority %LM#L: 8b& gkO) (g %LM#L:!
VB (g 9Ze& 8JC@.
v DB2 UDB 58& gkO) (g 9Ze& =vOm (g 8m-& }:OJ
C@.
v IniEditor& gkO) AuditClient.ini 8: DO; /fOJC@.
– (g -v! kQ #:. L' W w.& /fOJC@.
– (g ,sLp.NNMG L%. |[ f}; /fOJC@.
v IniEditor& gkO) AuditServer.ini 8: DO; /fOJC@.
&3e f} 39
– (g -v! ;k! gkOB w.& /fOJC@.
– (g -vN YNeOB (g ,sLp.! kQ gC5& /fOJC@.
– YNy C5 gLG C#; /fOJC@.
– L%., (g, _{ W @y NW! kQ NW 3$; /fOJC@.
v (g 88 W -m /?.<& gkO) (g NW DO; 88Om -mOJ
C@.
v (g -v %LM#L: W 88 DOG +a:; !KOAi (g +a: !K
/?.<& gkOJC@.
v (g -vG sB& !KOJC@.
v (g -v NW& !KOJC@.
(g 9Ze 8b
N 3G Trust Authority 8b& gkO) (g DB2 %LM#L:! VB (g
9Ze& < v V@OY. L %LM#L: 8b& gkOi vg %LM#L:!
zeH pg (g 9Ze& < v V@OY. (g 9ZeB audit_logsB %LM
#L: WLm! zeKOY. L WLmG 9: -: Y% WLm; |6OB *
: $v ZeN Lgn. V@OY. |6GB Y% WLm!B 9Ze! in V
B Je(%LM#L:!- WLmG -! Xg)G |< X:. 3mL* L'L w
TGn V@OY. (g %LM#L: :06! VB pg WLmG Je L' W
3m! kQ ;k: 116 dLvG :(g %LM#L: %LM;& |mOJC@.
Y= N 3G 8b& gkO) (g 9Ze& < v V@OY.
v viewar
pg X:. 3m; _.v J: sBN < v VB b; 8bTOY.
v viewar_t
L 8bB pg X:. -L 40Z \'N wnxYB !; &\OmB viewarM
?OUOY.
8b!B 41 dLvG %8! %CH - L'L wTGn V@OY.
40 Trust Authority: C:[ |. H;-
% 8. Trust Authority(g %LM#L: 8bG - 3m
- L' 3m %LM /|
serial_num (g 9ZeG OC x# $v
sourcetime ,sLp.! (g L%.& }
:Q C#G C# RN
C# RN
createtime (g 9Ze! [:H C#G
C# RN
C# RN
L%. L%. L' varchar
source (g L%.& }:Q (g ,
sLp.
varchar
component (g L%.& }:Q (g ,
sLp.G 8:dR /|
varchar
auth_entity (g L%.& c!Q #<< varchar
auth_role (g L%.& c!Q #<<G
*R
varchar
affected_entity (g L%.! 5b; ^B #
<<G EP
varchar
affected_entity_type 5b; ^B #<<G /| varchar
storage_media (g L%.M ,|H ze5*
E<
varchar
extra_info (g L%.M ,|H _! $
8
varchar
Trust Authority (g %LM#L: 9Ze& 8Ai Y= \h& {#JC@.
1. Trust Authority gkZ(Trust Authority& 3!Q gkZ)N NWNOJC@.
2. Y= mI; TBO) (g %LM#L:! ,aOJC@.
db2 connect to your_audit_database_name
9& in, %LM#L:G L'L adtdbN fl!B Y=; TBOJC@.
db2 connect to adtdb
3. Y=z 0L Trust Authority 8b _ O*& gkO) %LM#L:& 68
OJC@.
v viewvar 8b& 68OAi Y= mI; TBOJC@.
db2 "select * from viewvar"
v viewvar_t 8b& 68OAi Y= mI; TBOJC@.
&3e f} 41
db2 "select * from viewvar_t"
(g %LM#L:G pg 9Ze! kX 41 dLvG %8!- 3mQ p
g -L %CKOY.
4. (g 9ZeG 8b& JMOAi SQL where.; gkOJC@. 9& in,
Vnx /% |'G 9Ze& 68OAi Y= mI; TBOJC@.
db2 "select * from viewar where sourcetime between '1999-07-01-08.00.00' and'1999-07-02-08.00.00'"
SQL 1C.! kQ Z<Q ;k: IBM DB2 Universal Database SQL|
6-, v| 5.2& |mOJC@. db2 mI! kQ Z<Q ;k: IBM DB2
Universal DatabasemIn |6-, v| 5.2& |mOJC@.
(g 9Ze =v
(g 9Ze& =vOb 'Q Z<Q ;k: IBM DB2 Universal Database SQL
|6-, v| 5.2; |mOJC@.
(g ,sLp.!- (g -v #:. L' W w. /f
(g -v w.B (g -v! (g ,sLp.NNM uNn ,a; ;kOB '
!TOY. (g ,sLp.! (g -vM ?z{8N kER v V5O (g ,
sLp.B (g -v! kQ $.Q #:.mz w.& !._ UOY. (g ,
sLp. 8: DO!- (g -vG #:.m W w. *; /fOAi Y= \
h& v`OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D AuditClient.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. ,a =G; 1CO) .eOm HostName E3/v& 1COJC@.
42 Trust Authority: C:[ |. H;-
5. w. E3/v& 1COJC@.
6. %CH m} Je!- (g -v! kQ w.G *; /fOJC@.
7. DO; zeOm ANW%; >aOJC@.
8. Trust Authority C:[; C[OJC@.
9. v$Q w. *: (g -v! VB AuditServer.ini DOG acceptor.argE
3/vG w. *z O!X_ UOY.
(g ,sLp.NNMG L%. |[ f} ]f
(g ,sLp.B (g L%.& (g -vN 8@OY. AuditClient.ini DO!
- (g 6:)& 3$O) ON L%.! (g -vN |[GB M; 7; v V
@OY. W/i ON L%.B JvTOY. 113 dLvG :(g L%.;! Jv L
%. G0! kX *M V@OY. GQ (g ,sLp.! (g -vN L%.&
8;AB 9x0 C5 LDG C5 =v& 3$R v V@OY.
L%. |[; 'Q gC5 =v /f
(g ,sLp.! Jb C5 LD! (g -vN L%.& 8;AB C5 =v&
/fOAi Y= \h& v`OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D AuditClient.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. ,a =G; 1CO) .eOm Retries E3/v& 1COJC@.
5. %CH m} Je!- gC5 E3/vG *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
&3e f} 43
(g 6:) v$
(g 6:)& v$OAi Y= \h& {#JC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D AuditClient.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. CA =G; 1CO) .eOm ExcludedEvents E3/v& 1COJC@.
5. %CH m} Je!- (g ,sLp.! 8yOT OAB CA }: (g L
%.G L'; _!OJC@. (g L%. L': 0%N 8PX_ UOY. 1
C L%.8 v$O4Bv .NOJC@.
6. RA =G; 1CO) .eOm ExcludedEvents E3/v& 1COJC@.
7. %CH m} Je!- (g ,sLp.! 8yOT OAB RA }: (g L
%.G L'; _!OJC@. (g L%. L': 0%N 8PX_ UOY. 1
C L%.8 v$O4Bv .NOJC@. (g L%.G L'! kX 113 d
LvG :(g L%.;& |6OJC@.
8. DO; zeOm ANW%; >aOJC@.
9. Trust Authority C:[; C[OJC@.
(g -v! ;k! gkOB w. /f
(g -v w.B (g -v! (g ,sLp.NNM uNn ,a; ;kOB '
!TOY. (g -v 8: DO!- (g -vG w. *; /fOAi Y= \h
& v`OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
44 Trust Authority: C:[ |. H;-
3. IniEditor& C[Q D AuditServer.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. -v w. =G; 1CO) .eOm acceptor.arg E3/v& 1COJC@.
5. %CH m} Je!- w. x#G *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
8. v$Q -v w. *: pg NC W x] AuditClient.ini DON |DGn_
UOY. $8! kX 42 dLvG :(g ,sLp.!- (g -v #:. L
' W w. /f;; |6OJC@.
(g ,sLp.!- (g -vNG YNy C5 /f
(g ,sLp.! (g -vN YNeOAB C5 =v& /fOAi Y= \h
& v`OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D AuditServer.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. -v w. =G; 1CO) .eOm acceptor.init.retries E3/v& 1CO
JC@.
5. %CH m} Je!- binding E3/vG *; /fOJC@. b;*: 3TO
Y.
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
&3e f} 45
YNy C5 gLG #] /f
(g ,sLp.! (g -vN YNeOAB C5 gLG #]; /fOAi Y
= \h& v`OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D AuditServer.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. -v w. =G; 1CO) .eOm acceptor.init.delay E3/v& 1CO
JC@.
5. %CH m} Je!- YNy C5 gLG C# *(J \'); /fOJC@.
b;*; 3TOY(J \' hj).
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
NW 3$ /f
Y=z 0: NW /|! kX AuditServer.ini 8: DOG 3$*; /fR v
V@OY.
v L%. NW — (g L%. v}zek
v (g NW — %LM#L:! +a: 8# (g L%. zek
v _{ NW — ANW% 0? _{k
v @y NW — @y ^Cvk
DO! (g L%.& v}zeOB f} /f
L%. NWB L%. v}ze! gkGB DOTOY. Y=! kQ 8: E3/
v *; /fR v V@OY.
v DO L' W L%. NW fN
46 Trust Authority: C:[ |. H;-
v L%. NW& _!R MNv GB cD5 MNvG )N
v NW -q:! 3.OB L%.G VR I"5 9'
v NW -q:! 3.OB L%.G Vk I"5 9'
L%.G v}ze f}! 5b; L!B 3$*; /fOAi Y= \h& v`
OJC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D AuditServer.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. L%. NW =G; 1CO) .eOJC@. W1 Y=
v L%. NWG fN W DO L'; /fOAi, Y=; v`OJC@.
a. event.log.filenameE3/v& 1COJC@.
b. %CH m} Je!- fN W DO L'G *; /fOJC@.
v L%. NW& _!R MNv GB cD5 MNv )N& *8;B C!W
& /fOAi Y=z 0L OJC@.
a. event.log.appendE3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. _!G fl true
GB cD2bG fl false! KOY.
v L%. NW -q:! vxOB L%.G VR I"5 9'; /fOAi Y
=z 0L OJC@.
a. event.log.severity.min E3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. 100 dLvG :L
%. I"5 9';! I"5 9'! v$R v VB * qOL *M V
@OY.
&3e f} 47
v L%. NW -q:! vxOB L%.G Vk I"5 9'; /fOAi Y
=z 0L OJC@.
a. event.log.severity.maxE3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. 100 dLvG :L
%. I"5 9';! I"5 9'! v$R v VB * qOL *M V
@OY.
5. DO; zeOm ANW%; >aOJC@.
6. Trust Authority C:[; C[OJC@.
%LM#L:! (g L%.& bOOB f} /f
(g NWB (g L%.& zeOB % gkGB +a: 8# %LM#L: WL
m <.TOY. (g NW!B (g L%.6Y O*?G 9Ze! wTGn V@
OY. Y=! kQ 8: E3/v *; /fR v V@OY.
v (g NW %LM#L:NG ,a; 'Q gC5 ck =v
v (g NW %LM#L: ;E; 'Q gC5 ck =v
v +a: !K 0:- GB q0:- )N
v (g NW ;E! ckGB C#>a *(J).
(g L%. bO f}! 5b; L!B 3$*; /fOAi Y= \h& v`O
JC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D AuditServer.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. (g =G; 1CQ D .eOJC@. W1 Y=
v (g NW! ,aOb 'Q gC5 ck =v& /fOAi Y=z 0L O
JC@.
48 Trust Authority: C:[ |. H;-
a. audit.log.connect.retries E3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. ]eC $v)_
UOY.
v (g NW& w%L.Ob 'Q gC5 ck =v& /fOAi,
a. audit.log.update.retries E3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. ]eC $v)_
UOY.
v +a: !K; 0:- GB q0:-OAi Y=z 0L OJC@.
a. audit.log.integrity E3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. 0:-G fl .
Z- true W q0:-G fl false! KOY.
v (g NW& ;EOb 'Q C#>a *; /fOAi Y=z 0L OJC
@.
a. audit.log.timeout E3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. L *: #]L K
OY.
5. DO; zeOm ANW%; >aOJC@.
6. Trust Authority C:[; C[OJC@.
_{ NW 3$ /f
_{ NWB D;M ANW%G G` 9Ze& &xUOY. v'L G`GB x-
& 8)]OY. VN pvk q{8N gkKOY. Y=! kQ8: E3/v *;
/fR v V@OY.
v _{ 0:- GB q0:- )N
v _{ 9'
v _{ NW DO L' W fN
v _{ DO; _!R MNv GB cD5 MNvG )N
_{ NW 3$; /fOAi L \h& {#JC@.
1. C:[ |.ZN- n5 C:[G NWNOJC@.
&3e f} 49
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D AuditServer.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. _{ =G; 1CQ D .eOJC@. W1 Y=
v _{; 0:- GB q0:-OAi,
a. trace.enable E3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. 0:-G fl true
W q0:-G fl false! KOY.
v _{ 9'; /fOAi,
a. trace.level.nameE3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. L *: .Z-L
KOY. 100 dLvG :_{ 9';! _{ 9' qOL *M V@OY.
v _{ NW DO L' GB fN& /fOAi, Y=; v`OJC@.
a. trace.log.filename E3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. L *: .Z-L
KOY.
v _{ DO; _! GB cD5 MNvG )N& /fOJC@.
a. trace.log.append E3/v& 1COJC@.
b. %CH m} Je!- E3/vG *; /fOJC@. _!G fl true
GB cD2bG fl false! KOY.
5. DO; zeOm ANW%; >aOJC@.
6. Trust Authority C:[; C[OJC@.
@y NW DO L' W fN /f
@y NW!B (g -jC:[z |CH @y ^Cv! wTKOY. @y NWG
DO L'z fN& /fOAi Y= \h& v`OJC@.
50 Trust Authority: C:[ |. H;-
1. C:[ |.ZN- n5 C:[G NWNOJC@.
2. Trust Authority C:[; _vOJC@. JdR fl 7 dLvG :-v 8:
dR C[ W _v;! *M VB C:[ _v W C[! kQ v'; |6O
JC@.
3. IniEditor& C[Q D AuditClient.ini 8: DO; NeOJC@. JdR f
l 9 dLvG :IniEditor& gkQ 8: DO /f;! *M VB IniEditor
C[ W gk! kQ v'; |6OJC@. AIX W Windows NT 8: DO
'!! kX-B 10 dLvG %1; |6OJC@.
4. @y =G; 1CO) .eOm error.log.filename E3/v& 1COJC@.
5. %CH m} Je!- error.log.filenameE3/vG *; /fOJC@.
6. DO; zeOm ANW%; >aOJC@.
7. Trust Authority C:[; C[OJC@.
(g 8m- }:
(g 8m- }:! kQ Z<Q ;k: IBM DB2 Universal Database SQL|
6-, v| 5.2& |mOJC@.
(g NW DO 88 W -m
Trust Authority (g 88 W -m 58& gkO) (g NW 9Ze& 88O
m -mR v V@OY. L 58B (g 9Ze& wTOB (g -v %LM#L
: WLm; 88UOY. DB2 ]b /?.<& gkO) DO! 88UOY. -
mUOY. -n IG; v$Ov J: fl! QX-, (g 9Ze! &kN 88H
D!B pg (g 9Ze! %LM#L:!- h&KOY.
V: L /?.<& G`Ob |! Trust Authority C:[; >aR JdB x@
OY.
9& in, b; Trust Authority 3! fN& gkOm VYm !$UCY. vg
G (g -v %LM#L: (g 9Ze& my.file! 88Om 88H (g NW
DO! -mOG, (g 9Ze& %LM#L:!- h&OvB J8A UOY. L
\h& {#JC@.
1. gkZ /f! kX mI `! Y=; TBOJC@.
&3e f} 51
v AIX G fl:
AuditArchiveAndSign -c /usr/lpp/iau/etc/TrustAuthority/AuditServer.ini -n/usr/lpp/iau/arc/my.file
v Windows NTG fl:
AuditArchiveAndSign -c d:\Program Files\IBM\Trust Authority\etc\TrustAuthority\AuditServer.ini -n d:\Program Files\IBM\Trust Authority\arc\my.file
2. C:[L ARA.& %COi (g |.Z O#& TBOJC@.
azB %X bB fDkN %CKOY. F+Lj DO: .ixf .eZ& !}
OY.
mI 8. W mIG E3/v 3m! kQ ;k: 110 dLvG :(g 88 W
-m /?.<;& |mOJC@.
(g -v %LM#L: W 88 DOG +a: !K
Trust AuthorityB (g -v %LM#L: W (g 88 DO! kQ /6& (
vOb 'Q mI` /?.<& &xUOY. L 58B (g +a: !K /?.<
sm UOY. +a: !K: 8: !IQ IGTOY. L bI; gkOb 'X-
B audit.log.integrity=true& 3$O) AuditServer.ini 8: DO!- L bI;
0:-X_ UOY.
V: L /?.<& G`Ob |! Trust Authority C:[; >aR JdB x@
OY.
L /?.<& gkO) Y=z 0: %LM zeR 2k; KbR v V@OY.
L fl, (g |.Z O#& d8OB ARA.! %CKOY.
v (g -v %LM#L:
v Q3 LsG (g -v F+Lj DO
v v$H p:d. F!! VB pg F+Lj DO
9& in, AIX & G` _Lm 8: DO! kX b; Trust Authority 3! f
N& gkOm VYm !$UCY. Y=z 0: f} _ O*N 2k )N& !K
R v V@OY.
v (g -v %LM#L:& !KOAi,
1. AIX mI`! L mI; TBOJC@.
52 Trust Authority: C:[ |. H;-
AuditIntegrityCheck -c /usr/lpp/iau/etc/TrustAuthority/AuditServer.ini -d
(g |.Z O#& d8OB ARA.! %CKOY.
2. O#& TBOJC@.
azB %X bB fDkN %CKOY.
v Q3 LsG (g -v F+Lj DO; !KOAi, Y=; v`OJC@.
1. AIX mI`! L mI; TBOJC@.
AuditIntegrityCheck -c /usr/lpp/iau/etc/TrustAuthority/AuditServer.ini-a /usr/lpp/iau/arc/archive1_my.file
(g |.Z O#& d8OB ARA.! %CKOY.
2. O#& TBOJC@.
L mI: fNm "Nn /usr/lpp/iau/arc/archive1_my.fileW .eZ .ixfM
.sig& .B DO; !KUOY. .ixf .eZB DB2 }: ]b |D DO;
*8@OY. .sig .eZB (g -jC:[L }:OB -m DO; *8@
OY.
v v$H p:d., L fl!B /usr/lpp/iau/arc/OG pg 88 DO; !KOA
i Y=z 0L OJC@.
1. AIX mI`! L mI; TBOJC@.
AuditIntegrityCheck -c /usr/lpp/iau/etc/TrustAuthority/AuditServer.ini-A /usr/lpp/iau/arc/
(g |.Z O#& d8OB ARA.! %CKOY.
2. O#& TBOJC@.
L mI: .eZ! .ixfN 88 DO p:d.;G pg DO; !KUO
Y.
Windows& G` _Lm 8: DO! kX b; Trust Authority DO fN& g
kOm VYm !$UCY. Y=z 0: f} _ O*N 2k )N& !KR v
V@OY.
v (g -v %LM#L:& !KOAi,
1. DOS ARA.!- Y= mI; TBOJC@(L fl!B c:).
&3e f} 53
AuditIntegrityCheck -c c:\Program Files\IBM\Trust Authority\etc\TrustAuthority\AuditServer.ini -d
(g |.Z O#& d8OB ARA.! %CKOY.
2. O#& TBOJC@.
azB %X bB fDkN %CKOY.
v Q3 LsG (g -v F+Lj DO; !KOAi, Y=; v`OJC@.
1. DOS ARA.!- Y= mI; TBOJC@(L fl!B c:).
AuditIntegrityCheck -c c:\Program Files\IBM\Trust Authority\etc\TrustAuthority\AuditServer.ini -a c:\Program Files\IBM\Trust Authority\arc\archive1_my.file
(g |.Z O#& d8OB ARA.! %CKOY.
2. O#& TBOJC@.
L m I : f N m " N n!!! \P rog ram F i l es \ IBM\T rus t
Authority\arc\archive1_my.fileW .eZ .ixfM .sig& .B DO; !K
UOY. .ixf .eZB DB2 }: ]b |D DO; *8@OY. .sig .e
ZB (g -jC:[L }:OB -m DO; *8@OY. YC ;X-, ]
b |D DO! -mGm ]b |D DOG -m: .sig DO! zeKOY.
v v$H p:d., L fl!B c:\Program Files\IBM\Trust Authority\arc\OG
pg 88 DO; !KOAi Y=z 0L OJC@.
1. DOS ARA.!- Y= mI; TBOJC@(L fl!B c:).
AuditIntegrityCheck -c c:\Program Files\IBM\Trust Authority\etc\TrustAuthority\AuditServer.ini -A c:\Program Files\IBM\Trust Authority\arc\
(g |.Z O#& d8OB ARA.! %CKOY.
2. O#& TBOJC@.
L mI: .eZ! .ixf W .sigN DO; qTO) 88 DO p:d.;
G pg DO; !KUOY.
mI 8. W mIG E3/v 3m! kQ ;k: 111 dLvG :(g +a: !
K /?.<;& |mOJC@.
54 Trust Authority: C:[ |. H;-
(g -vG sB !K
gkZ /f! {s, Y=z 0: ANCz <. _ O*& v`O) (g -vG
sB& !KR v V@OY.
v AIX G fl:
1. rootN AIX ! NWNOJC@.
2. AN<: %& !KOm Y= AN<:& #8JC@.
java
L AN<:& |6OB fl, 3 \hN !JC@ L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
3. Y= b; fN! VB bin p:d.N !JC@.
/usr/lpp/iau/bin
4. 59998 w.! L mI; TBO) :x{8N @dO4Bv !KOJC@.
ServerControl -i -c -k AUDIT -n server -p 59998 -l"logfile"
)b- serverB w. 59998z ,|H (g -vG L'Lm logfile:
ServerControlmIG az& bOOAB NW DOG L'TOY.
w.! :x{8N @dQ fl, C:[! Y= ^Cv! %CKOY.
(g -v! vg G`_TOY.
)b- -vB w. 59998z ,|H -vTOY.
v Windows NTG fl:
1. C:[ |.ZN Windows NT!- NWNOJC@.
2. Ctrl , Alt W Delete 0& -/ [w |.Z& C[OJC@.
3. AN<: G; 1COJC@.
4. java.exeAN<:& #8JC@.
L AN<:& |6OB fl, 5 \hN !JC@. L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
5. MS DOS ARA.!- Y= b; fN& .B bin p:d.N !JC@.
&3e f} 55
c:\Program Files\IBM\Trust Authority\bin
6. 59998 w.! L mI; TBO) :x{8N @dO4Bv !KOJC@.
ServerControl -i -c -k AUDIT -n server -p 59998 -l"logfile"
)b- serverB w. 59998z ,|H (g -vG L'Lm logfile:
ServerControlmIG az& bOOAB NW DOG L'TOY.
w.! :x{8N @dQ fl, C:[! Y= ^Cv! %CKOY.
(g -v! vg G`_TOY.
)b- -vB w. 59998z ,|H -vTOY.
(g -v NW !K
(g -v NWB (g -vM |CH pg .#hG; bOUOY. (g -v N
WB Y= '!!- !KR v V@OY.
% 9. (g -v NW
AIX b; DO '! Windows NT b; DO '! 3m
/usr/lpp/iau/logs/smevents.log c:\Program Files\IBM\Trust
Authority\logs\smevents.log
(g L%.& v}zeOB % gk
GB (g -v L%. NW.
/usr/lpp/iau/logs/iausmd.log c:\Program Files\IBM\Trust
Authority\logs\iausmd.log
ANW% 0?; _{OB % gkG
B (g -v _{ NW.
/usr/lpp/iau/logs/iausmd.err c:\Program Files\IBM\Trust
Authority\logs\iausmd.err
@y ^Cv& zeOB % gkGB
(g -v @y NW.
DB2 %LM#L: |.Z
L }!-B DB2 %LM#L:G b; n5 W |. ANC`n& 3mUOY. Z
<Q $8& r8Ai DB2 UDB .-& |6OJC@.
Trust AuthorityB %10! *-H %LM#L:& gkUOY.
% 10. %LM#L: '!
N:O: %LM#L: L' 3m
cfgusr cfgdb b; Trust Authority 8: %LM#L:
cfgusr ibmdb b; CA %LM#L:
56 Trust Authority: C:[ |. H;-
% 10. %LM#L: '! (hS)
N:O: %LM#L: L' 3m
cfgusr pkrfdb b; nO %LM#L:
cfgusr adtdb b; (g %LM#L:
ldapInst ldapdb Trust AuthorityM T2 3!H b; p:d.
%LM#L:. b8G p:d.& gk _Ls
i gkZ 6w!- '!& a$UOY.
DB2 %LM#L: sB !K
gkZ /f! {s, Y=z 0: ANCz <. _ O*& v`O) DB2 %L
M#L:G sB& !KR v V@OY.
v AIX G fl:
1. C:[ |.ZN AIX !- NWNOJC@.
2. mI ARA.!- su mI; TBO) Trust Authority& 3!Q gkZ
G |. h$8N |/OJC@.
3. Trust Authority gkZ! kQ O#& TBOJC@.
4. Y= mI; TBOJC@.
set DB2INSTANCE=TrustAuthority_instance
)b- TrustAuthority_instanceB Trust Authority& 3!Q gkZG g
kZ IDTOY.
5. b; 8: %LM#L:sm !$Om db2 connect to cfgdb& TBO
JC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = cfgdb
6. b; CA %LM#L:sm !$Om db2 connect to ibmdb& TBO
JC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = ibmdb
&3e f} 57
7. b; nO %L8#L:sm !$Om db2 connect to pkrfdb& TB
OJC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = pkrfdb
8. b; (g %LM#L:sm !$Om db2 connect to adtdb& TBO
JC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = adtdb
9. rootN G9F!- >aOJC@.
10. su mI; gkO) p:d. %LM#L: |.ZG h$8N |/OJC
@.
11. &0z T2 3!H b; p:d. %LM#L:sm !$Om db2 connect
to ldapdb& TBOJC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = ldapdb
12. rootN G9F!- >aOJC@.
v Windows NTG fl:
1. C:[ |.ZN Windows NT!- NWNOJC@.
2. DB2 mI "; C[OJC@.
3. Y= mI; TBOJC@.
setDB2INSTANCE=TrustAuthority_instance
)b- TrustAuthority_instanceB Trust Authority& 3!Q gkZG g
kZ IDTOY.
58 Trust Authority: C:[ |. H;-
4. b; 8: %LM#L:sm !$Om db2 connect to cfgdb& TBO
JC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = cfgdb
5. b; CA %LM#L:sm !$Om db2 connect to ibmdb& TBO
JC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = ibmdb
6. b; nO %L8#L:sm !$Om db2 connect to pkrfdb& TB
OJC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = pkrfdb
7. b; (g %LM#L:sm !$Om db2 connect to adtdb& TBO
JC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = adtdb
8. Y= mI; TBOJC@.
setDB2INSTANCE=ldap_Instance
)b- ldap_InstanceB &0z T2 p:d.& 3!Q fl ldapInstT
OY.
9. &0z T2 3!H b; p:d. %LM#L:sm !$Om db2 connect
to ldapInst& TBOJC@.
,aL :x{N fl, C:[: Y=z 0: ^Cv& .OUOY.
&3e f} 59
%LM#L: -v = DB2/NT 5.2.0SQL GQN) ID = TrustAuthority_instanceNC %LM#L: 0m = ldapInst
10. DB2 mI "; >aOJC@.
DB2 NW !K
DB2 NWB 6[C Trust Authority! GX gkGv J@OY. NW! |Q b
8 $8B IBM DB2 .-& |6OJC@.
p:d. -v |.
L }!-B IBM SecureWayp:d.G b; n5 W |. ANC`n& 3m
UOY. ON p:d. |. 8:)& v`Ob 'X-B O#& KF_ UOY.
p:d. |.Z O#& /fX_ OB fl!B 5 dLvG :Trust Authority O
# /f;; |mOJC@.
L p:d.B LDAP(f. p:d. W<: ANd]) p:d. %X; vxUO
Y. DB2 %LM#L:& kUOm NC GB x] bh _ O*! V; v V@
OY. b8G -v! 8gR v5 Vm Trust Authorityk8N /0w 3!Gm 8
:H MO v5 V@OY.
IBM SecureWay Trust Authority! p:d.M s#[kOB f}! kX Z<
w KAi Trust Authority! VB SecureWayp:d. gk; |6OJC@. L
.-B IBM SecureWay Trust Authority% gL.G sLj/. dLv!- g
k!IUOY.
p:d. -v sB !K
gkZ /f! {s, Y=z 0: ANCz <. _ O*& v`O) p:d. -
vG sB& !KR v V@OY.
v AIX G fl:
1. rootN AIX ! NWNOJC@.
2. AN<: %& !KOm Y= AN<:& #8JC@.
slapd
60 Trust Authority: C:[ |. H;-
L AN<:& |6OB fl, 3 \hN !JC@ L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
3. Y= b; fN! VB bin p:d.N !JC@.
/usr/lpp/iau/bin
4. p:d.! L mI; TBO) :x{8N @dO4Bv !KOJC@.
isdirup -h server -a port -p default_installation_path_of_Directory -t1
)b- serverB p:d.! G` _N bhG L'Lm portB p:d. -
v! ;kOB w.TOY.
p:d.! :x{8N @dQ fl, C:[! Y= ^Cv! %CKOY.
isdirup: returning: 0
v Windows NTG fl:
1. C:[ |.ZN Windows NT!- NWNOJC@.
2. Ctrl , Alt W Delete 0& -/ [w |.Z& C[OJC@.
3. AN<: G; 1COJC@.
4. slapd.exeAN<:& #8JC@.
L AN<:& |6OB fl, 5 \hN !JC@ L AN<:! x8i 1
22 dLvG :.&! Xa;! *M VB v'; |6OJC@.
5. MS DOS ARA.!- Y= b; fN& .B bin p:d.N !JC@.
c:\Program Files\IBM\Trust Authority\bin
6. p:d.! L mI; TBO) :x{8N @dO4Bv !KOJC@.
isdirup -h server -aport -p default_installation_path_of_Directory -t1
)b- serverB p:d.! G` _N bhG L'Lm portB p:d. -
v! ;kOB w.TOY.
p:d.! :x{8N @dQ fl, C:[! Y= ^Cv! %CKOY.
isdirup: returning: 0
&3e f} 61
p:d. -v NW !K
%11! %CH '!!- p:d. -v NW& !KR v V@OY.
% 11. p:d. -v NW
AIX b; DO '! Windows NT b; DO '! 3m
/usr/lpp/iau/tmp/slapd.errors c:\p:d. 3! fN\tmp\slapd.errors\ p:d.! kQ @y
NW
4758 O#- ZAN<- |.
4758 O#- ZAN<-B Trust AuthorityG 1C{N 8:dRN-, m:IG
DES W RSA O#- AN<:& &xOB ANW!VL !IQ /6 (v bI
G O#- PCI v: +eTOY. Trust AuthorityG 4758 vx bI: AIX !-
8 gkR v V@OY.
csufcnm /?.& gkO) 4758G sB& !KR v V@OY.
4758 O#- ZAN<-B NW& }:Ov J@OY. W/*, 4758! .&! V
B fl!B Xg eV! {% .O Ze W xN Ze! Ws v]KOY. .O
Ze W xN ZeM W! kQ 3mL in VB w}{ qO: IBM 4758 CCA
b; -q: |6- W H;-!- < v V@OY. k3B L Ze& gkO)
9q .& Xa; v`R v V@OY.
Z<Q ;k: IBM 4758 O#- ZAN<-! kQ H;-& |mOJC@.
62 Trust Authority: C:[ |. H;-
&4e $8
L e!-B Trust Authority C:[; 8Y ?2{8N |.OB % 5rL G
B 3m $8& &xUOY. L e!- YgB V&!B O]{N Trust Authority
8H .&S FOs, Trust Authority Nu b|(CA), nO b|(RA) W (g -
j C:[! |Q $8! wTKOY.
Trust Authority 8H
IBM Trust AuthorityG 8H W EZ p(G /!: Y=z 0@OY.
v Trust AuthorityB 0 b] n5; v`OB pg RA.~nG Ze -m; g
kUOY.
v Trust AuthorityB 8:dR Z] um-(0 W Nu n)G ze W W<:!
KeyStores& gkUOY. 8:dR KeyStores! zeH Z] um-B &xH
O#NNM 5bH 0& gkO) O#-KOY.
v Nu q{; 'X 8:dR# kE; -mUOY. 9& ii RAM CA #G
PKIX ^Cv! -mKOY.
v AIX C:[G fl, Trust AuthorityB -m 0! kQ 4758 Oe~n b]
8# bI; v`UOY.
W<: &n qO
ACL(W<: &n qO): /$ ZxG gk; GQL VB gkZN &QOb '
Q ^?Or; &xUOY. ACL; gkOB Trust Authority 8:dRB CA, RA
W p:d.TOY.
CAB ACL; gkO) Nu [:z 0: CA bI! kQ W<:& &QUOY.
RAB ACL; gkO) d; BNz 0: RA bI! kQ W<:& &QUOY.
p:d.B ACL; gkO) N(Q $8& wTR v5 VB p:d.G YgQ
NP! kQ W<:& &QUOY.
© Copyright IBM Corp. 1999b 63
Nu b|
CA(Nu b|)u 6wG 8H $%; XvOm Nu |DG 8H |Z EP; v
$R %SL VB #<<& ;UOY. CA Z<G 3Nk 0N -mH Nu!B N
u 8/Z! kQ EP W b8 $8! wTGn V@OY.
IBM Trust Authority CAB Y= [w; v`UOY.
v CAB RANNMG Nu _`, ;E W kR d;; 3.UOY.
v BNH RA W |. cg gkZG DNL in VB W<: &n qO; DO
c! /GG 8#& ^8g |.UOY.
v Nu sB, OC x# W CRL $8 n; &xOB CA %LM#L:! _`H
Nu(ICL) qO; /vUOY.
CA! ICL $8& Trust Authority RA! |^Oi RAB Nu W CRL; p
:d.! x%UOY.
CA %LM#L:! zeH 9ZeB 8#& 'X MAC(^Cv Nu Ze)&
gkUOY. L 9ZeG Ku: +a: KuLsm OB Trust Authority I
GTOY.
v Z<G 0 W Nu; Trust Authority KeyStore! zeUOY.
v 8H |C L%.! kQ (g 9Ze& }:O) (g -v! |[UOY.
v s# Nu W CA h~; vxUOY.
v gkZ $G W gkZ 1C Nu .eL wTH NuG }: W /?: Ku
; vxUOY.
CA h~
CA h~Lu O*G CA! 86G G '! '!Om W F!! W 3 LOG >
S CA ~L '!OB EZ 86& ;UOY. CA& kX nOH gkZ* -v
B Xg CA! -mQ Nu; ^T Gg s' vXG Nu h~; hBUOY.
Trust Authority!-B CA& h~G ONN 8:R v V8g, L fl Xg CAG
Nu: Y% CA! -mUOY.
CA! Z< -m Nu; vxO5O 8:R v V@OY. L flG CAB CA h
~! |)Ov J@OY.
64 Trust Authority: C:[ |. H;-
Nu .e
X.509v3 Nu .e: gkZ GB xk 0! _! S:; ,|C0m CA h~
; |.Ob 'Q v\; &xUOY. X.509v3 |D; kX gkZ }\: Xg
}\! m/Q $8& |^Ob 'Q 3Nk GB xk .e; $GR v V@O
Y.
NuG " .e: El _dOE* _dOv J: M8N v$R v V@OY.
X.509v3 |DG Nu; gkOB C:[: C:[L NDOv xOB _dQ .
eL _}R fl Nu; E}X_ UOY. W/* _dOv J: .e; NDO
v xOB fl!B L& +CR v V@OY.
Nu .e!B < !v /|L V@OY. Y=: Nu .eG /|TOY.
v %X .e
v xk .e
v 3Nk .e
%X .e
%X Nu .e: ITU %X RFC 2459! W GLM 8.L $GGn VB Nu
.eTOY. Li: GQ O*& &\Oo pN! X.509v3! $GGn V@OY.
Li _ 9: v! CA Nu ;!-8 $GKOY. %12! *M VB T" O!
-, Trust AuthorityB kNPG %X .eL Nu! _!I v V5O UOY.
% 12. Nu .e
.e 3m
0 gk L .e: 8uGB xk 0G gk q{; %CUOY.
3$*: VN Nu [C..! GX $GKOY.
V< 3< L' L .e!B CA& kX 8uGB xk 0! ,aH #<
<G 3< L'(YgQ L' gD; gk)L O* Ls w
TGn V@OY. Nu [C..B VN Li gD _ X
g [C..& gkOB Nu! gkI v VB gD;
$GUOY.
&4e $8 65
% 12. Nu .e (hS)
.e 3m
V< 0 D0Z L .e: /$ Nu! GX NuGB xk 0& D0UO
Y. 1w{N k5B ?OQ #<<! kX )/ 3G 0!
NuGE* NuGn V; ' 0& 80OB MTOY.
IBM SecureWay Trust Authority!-, W *: Ws
CA! GX 3$KOY.
GQ 0 D0Z L .e: Nu _`Z! -mR ' gkQ xk 0& D
0UOY. 1w{N k5B ?OQ _`Z! kX )/ 3
G 0! NuI ' 0& 80OB MTOY. W *: Ws
CA! GX 3$KOY.
3Nk 0 gk b# L .e: Nu /?: Ku b#G ON! XgOB 3N
k 0G gk; &QUOY. vg PKIX Nu ANDO
RFC 2459B L .eG gkL uLs GeGv J=;
v$UOY.
Nu $% .e L .e!B OCG $% %Cb! wTKOY. $% %C
bB GL& x3X_ OB @j'. D0ZN8 8:I
v V@OY. 1C{8N, LM: @j'. D0ZM G5
H $%G 8.8N 8:I v5 V@OY. $% 8.;
KvR v VB URLL* Nu! wTH #+Q X:.
8.L $% 8.; &xR v5 V@OY.
_`Z 3< L' L .e!B YgQ L' gD _ O*& gkOB Nu
_`Z& 'Q O* LsG 3< L'L in V@OY.
W *: Ws CA! GX 3$KOY.
V< p:d. S: L .e!B 8P L'G ON! FQ, Xg V<M |C
Q OCG _! p:d. S:L in V@OY. _dOv
JF_ UOY.
.e 0 gk L .e: 8uGB xk 0G gk q{; vCOB OC
G @j'. D0Z& wTUOY. 3$*: VN Nu [
C..! GX $GKOY. L .eG *: gkZ xk<
! GX $GGE* RFC 2459!- D}I v V@OY.
b; &QgW L .e: CA Nu!8 /kOg, IBM SecureWay
Trust Authority! GX }:H pg CA Nu! 8gU
OY. Y% NuG fl LM: Ws 8gOv JE* q
n V8g, RFC 2459!-B s sB8YB 8gOv J
B J; GeUOY. NuL CA NuS; vCOB M \
!5, _!N Nu !IQ CA 9' v& v$OB Vk
Nu fL fN& wTR v5 V@OY. L .e: El
_dX_ UOY.
66 Trust Authority: C:[ |. H;-
% 12. Nu .e (hS)
.e 3m
L' &QgW L .e: CA Nu!-8 gkKOY. L Nu; wTO
B CA* Xg CA! NuQ CA! GX _`H Nu ;
G pg V< L' W V< 3< L'L '!X_ OB
L' x#; v$UOY. L .eG q{: L NuG f
N!- Nu! GX gkI v VB L'; &QOB M
TOY. &`: ckGE* &\GB L' -j..! |
CO) $GKOY. ckGB -j.. qO! *8*B
$8M +|OT, &\GB -j.. qOG &`z O!
OB L': /?Ov J@OY. L .e: El _dX_
UOY.
$% JN L .e: CA Nu!-8 gkKOY. Trust AuthorityB
VJG d;; }:Q Nu!-B L .e; 3$Ov J
@OY.
$% &QgW CA Nu!-8 gkGB L .e: N !v q{! gk
I v V@OY. Nu fN! VB Nu!-G $% JN
; 7E*, W/Q Nu!- /$ $%; d8R v V@
OY.
CRL Ph wN. L .e: L NuG kR $8& wTOB NP{ CRL
L VB eR& vCUOY. LM: vg Trust Authority
! GX [:H Nu!-B 3$Gv J@OY.
GQ $8 W<: L .e: .eL *8*B NuG _`Z! |Q /$
$8& W<:R v VB eRM f}; vCUOY. LM
: vg IBM SecureWay Trust Authority! GX [:
H Nu!-B 3$Gv J@OY.
xk .e
Trust AuthorityB \O q%X .e; xk .e8N $GOg, L/Q xk .
e: Trust Authority& G`OB pg 6w! GX gkI v V@OY. LM:
#:. EP JN .eTOY. L .e: Nu V<& #:. C:[G Xg EP
z ,|C5OY.
3Nk .e
Trust Authority& gkOb 'X [:H ,sLp. #<< @kANW%: EP
W 8.L Xg @kANW%!8 {kGE* gkZ x?< ;!- x/GB .
e; $GR v V@OY. L/Q .e: _dOv JF_ UOY. .e; 3=8
&4e $8 67
N $GR fl, .e! @j'. D0Z& RgOm ITU %X X.660 W ISO %
X 9834-1! VB 6W! {s .e; nOX_ Og, Xg 8.5 *C nOX
_ UOY.
.e d; e'
.e: gkZ! GX d;I v V8*, CA GB CA& kEOB RA! .eG
/?:; KuX_ UOY. AN<: e': Y=z 0@OY.
1. gkZ! .e; d;Om .e! JdQ $8(m/Q .e D0Z W * w
T)& &xOm .eL _dQv )N& v$UOY.
2. .e d; W $8! RAN |[GB Nu d;G ON! KOY.
3. Nu d;; 3.OB ?H RA GB CA! 6wG Nu $%! kX .e;
/?-Om .e d;; /fOE* +CUOY. .eL /?-Gi CA! W
M; 8uUOY.
Nu kR qO
CRL(Nu kR qO)Lu CA! kRQ NuG qO8N- pvP -m W C#
RNL {kH qO; ;UOY. L qOG Nui: ck R!N #VKOY.
Nu: /? b#L !*E* UsH M8N )\z ' kRI v V@OY. Nu
sBB ICL!- /fKOY. :IYH C#! CAB Xg OC x#& wTOm
kRH NuG CA DN; _`OB CRL; [:UOY. NuL kRI ' ICL!
- Nuz Xg $8! /fGus5, CRLL _`Gn p:d.! x%I 'nv
kRB V${N ML FUOY.
Trust Authority!- x%H CRLG vmz CRL x% #]: CA 8: DON
jonahca.ini!- 3$OE* v$R v V@OY.
s# Nu
s# Nu: Nu _`! gkGB 3Nk CA -m 0M ,|H xk CA 0&
wTOB NuL Q CA! GX Y% CAN _`GB EZ p(TOY. O]{8
68 Trust Authority: C:[ |. H;-
N s# Nu; gkO) O*G nO 5^N! wTH ,sLp. C:[L* #
e #<<! Y% nO 5^N! wTH ,sLp. C:[L* #e #<<M H
|OT kER v V@OY.
s# Nu: CAi gL!- gfb8N Lgnz v VB ]i, Trust Authority
!-B \fb s# Nu d;8 vxKOY. " CA! skf8NNM s# Nu
; 9fOT T8Na gfb s# Nu; v`R v V@OY.
Nu
Nu: #<<* 3N! kQ pvP Nu; [:OB MTOY. Trust Authority
G fl, RA! GQ Nu d;G r! W BN D!8 NuL _}UOY. nO
G azN-, CAB Nu; _`UOY.
pvP Nu
pvP NuLu EZR v VB & 3Z! 3NL* #<<! kX _`Q |Z
Z] um-& ;UOY. " Nu-B CA 3Nk 0& gkO) -mL Lgn}
OY. 3N, qvO:, 6w<G Ex; 8uUOY.
CA *R! {s-B NuL NM]s!- e-business& v`Ob 'Q RvZG
GQ; umUOY. n2 GL!-B pvP NuL n| icuL* Gk 9w u
m-M 0: *R; UOY. o, L pvP Nu: Xg 3Nk 0G RvZ! /
$ e-business0?; v`R v VB GQL V=; umUOY.
Nu!B NuQ #<<! 3NNv bhNv GB D;M ANW%Nv! |Q $
8! in V@OY. o, Xg #<<! NuH xk 0! V@OY.
Trust AuthorityG fl, _`GB Nu /|: 6wG qnO: $%z O|KO
Y.
8P L'
DN(8P L')Lu p:d.! zeH %LM WqG m/ L'; ;UOY. DN:
DIT(p:d. $8 ..)sm OB p:d.G h~ 86!- Q WqG '!&
%CUOY.
&4e $8 69
L 86!B O*G g.M, g.!- PbGB v9:(&Q x=) ke! wTG
n V@OY. " keB S:8N D0GB O*G p:d. Wq; *8@OY.
p:d. Wq! kQ DN %v}: p:d. ,sLp. W p:d. -v W<
: ANd]G 8. d8gW! {s Y(OY.
IBM SecureWayp:d.& gkOB Trust AuthorityG fl, p:d. WqG
DN: Y=z 0: |D; !}OY.
/C=US/O=IBM/OU=Trust Authority/[email protected],CN=Chris Smith
)b- USB 9!(C)& *8;g, IBM: 6w(O), Trust AuthorityB 6w ;
G N-, [email protected]: |Z lm VR(MAIL), Chris SmithB 8k
L'(CN); *8@OY.
_`H Nu qO
ICL(_`H Nu qO)Lu CA! _`Q Nuz NuG vg sB! kQ O|
Q qO; ;UOY. Nu: OC x#M sB0N vN-Gn V@OY. ICL: CA
! |.Og CA %LM#L:! zeKOY. L qO: CRL(Nu kR qO)!
x%X_ R Nu; G0OB % gkKOY. Trust Authority ICL!B Y=G b
IL wTGn V@OY.
v ODBC(Open database connectivity)8v(Trust Authority!-B DB2& k
X)
v +a:; 'Q %LM#L: 9ZeG 1C{ MAC gk(ODBC |k)
v O#- 0 W MAC 0G 18S %u
v b; Vk*! GX &QGB Y_ ,a(:9eg) vx
v (g NW bI! kQ W<:
-m W -m /?: Ku
-mLu 3Nk pvP 0& gkO) -m; [:OB MLm, KuLu Xg x
k 0& gkO) -m; KuOB M; ;UOY.
Trust AuthorityB -m /?: Ku! PKIX b] O#- #x; gkUOY. L
&0: @kANW%L $8& O#-Om X6R v V5O UOY. L &0; g
kOi @kANW%L pvP -m; KuOm, p:d.G Nu; KvOm, N
70 Trust Authority: C:[ |. H;-
u; EZR v VBv )N& G0R v V@OY. L O#- #x: GQ Oe
~n b] O#-& xROT vxUOY. L &0: GQ IBM 4758 PCI O#
- ZAN<- 0: Oe~n b] O#- e!* PKCS #11NMdL:& vx
OB Oe~n d+; O.OT vxUOY.
O#- W KeyStore n5; v`OB pg Trust Authority RA.~nB O#
- #xL -mUOY.
nO GQ
RA(nO GQ)u pvP NuG |.{ bI; 3.OB -v AN<:& ;UO
Y. Trust Authority!-, RAB d;; BN GB ENR v V8g, Nu; k
RR v V@OY. Xg 6wG qnO: W Nu $%L {kG5O 8eUOY.
RA |.Z
RA |.ZB Trust Authority RA %:)>; gkO) nO d;! kQ |.
8:)& v`UOY. RA |.Z! L/Q 8:)& v`R v V8Ai Xg |
.Z& RA |.ZN nOX_ UOY. nO [w! kQ Z<Q ;k: 32 dL
vG :RA |.Z _!;& |mOJC@.
RA %:)>; gkO) RA |.ZB Nu d;G sB& 68R v V@OY
(vEJ, 8y _, BNJ, E}J W OaJ). RA %:)>G b8 68 Je!B
:m, w%L.H /%, [:O W Nu 8bOL wTGn V@OY. RA %:)
>L WLm! 68N NX KvH 9Ze& %CR ', RA |.ZB az! k
X 6!& kR v V@OY(9& ii, nO d; BN GB E}, Nu ;E s
BG kR GB /f).
nO 5^N
nO 5^NLu Zx, $%, /$ Nu nO AN<:M |CH 8: IGG }U
; ;UOY. 5^N L': nO [w; #bOB % gkGg @kANW%; m
/OT D0OB URLG O' }UTOY. Trust AuthorityB Trust Authority 3
!g O*G nO 5^N; vxUOY.
&4e $8 71
4758 O#- ZAN<-
IBM 4758 O#- ZAN<-B ANW!V !IQ /6 ]@ bIG O#- PCI
v: +eN- 6wL gkOB -m 0G bP:z +a:; 8eUOY. L Z
AN<-B IBM CCA(xk O#- F0X3) API& gkO) DES W RSA O
#-& wTQ O#- -q:G w}{N }U; &xUOY. DES W RSAB s
w{ O#- C:[!- !e N. gkGB Km.rTOY. W/* L O#-B
J+ -X- 6wL gkOB 0 |. f}L C:[!- @wA u k`Q NP
L Gb5 UOY. 0! UsGi Xg 0N O#-H %LM! O|w kbI v
5 Vb '.TOY. IBM 4758: Y=G bI; kX W/Q 0! kQ w}{
N 8#& .eUOY.
v |k Oe~n ;! zeH /v 0& gkQ 0G 3_ O#-
v >\# %LM kEG 8#
v /fR v VB *R W ANDOG ANW%{N 3$
v 9x R!IQ 0 [:; 8eOb 'Q Oe~n b] -v }:b gk
O#- AN<:B +e! ;eH 8H e!!- Lgn}OY. +e 3h fD:
FIPS PUB 140-19' 4 %XG v]Q d8gW; XvUOY. RA.~nB ;
eH 8H e!!- G`KOY.
Trust Authority!- 4758: CA -m 0 }: bI; &xUOY. 4758L }:
Q 0B 4758 6:M 0& gkQ 0 O#-& kX L +e! 8#UOY. CA
0B 0 zeR* 4758! zeI v V@OY.
4758: 1CgWLv8 AIX C'{!-8 gkR v VB Trust AuthorityG G
e 8:dRLb5 UOY.
72 Trust Authority: C:[ |. H;-
:6. +e
:6. +eu k3 Ek+e )bG ^kk O#- e!& ;UOY. L +eB
Nu W 0& zeOB % gkI S8 FOs +e!- 3Nk 0& X&Ov J
m O#- 6[(/w -m); v`OB %!5 gkKOY. pg gkZ! :6.
+e Oe~n& W<:R v VB M: FOGN, Trust AuthorityB G& :6
. +e! gkGm VB M33 bIOB !s :6. +e& &xUOY.
Trust Authority ,sLp. gkZB !s W G& :6. +e! Nu; ze
R v V@OY. Trust Authority ,sLp. @kANW%G gkZ! Nu d;
; &bOi, 3Nk 0! gkZG !s GB G& :6. +e! zeKOY. N
uL BNGi L 0B gkZ!T G9A}OY. :6. +e! zeGB Nu:
+e! zeH 3Nk 0M ?OQ 0 D0Z& gkO) Xg 3Nk 0M ,|
I v V@OY.
CA W RA "": 3Nk 0M W! k@OB Z< -m Nu; Xg :6. +
e! zeUOY. LN NX, 3Nk 0& :6. +e \NN kbC0v Jm5
RAB ^Cv! -mR v Vm CAB CRL W Nu! -mR v V@OY.
Trust AuthorityB :6. +e ze5*! kQ PKCS #11 NMdL:& 8v
UOY.
(g
Trust Authority (g -jC:[: ]6 jw %X X9.57!- bzQ GegW
; b]8N Q 6! |C 8H NW& vxUOY. LB (g NW& 88 W |
.Om (g 9ZeG +a: !K; v`R v V5O UOY.
(g -jC:[: ,sLp. sLj/.M (g -vN Lgn. V@OY. (
g -vB BNH ,sLp.NNM (g L%.& vEOm +a: 8# (g N
W! L%.& bOUOY. pg (g 9ZeB DB2 %LM#L:! zeKOY.
(g L%. *C DO! bOKOY. (g 68 W 8m 58B DB2 UDB! &
xGn V@OY.
&4e $8 73
(g 9Ze
(g 9ZeB (g NW DB2 %LM#L:! zeKOY. (g NW!B (g
L%.6Y O*?G 9Ze! wTGn V@OY. (g NW %LM#L:B ]
6 jw %X X9.57!- d8OB /6 (v bI; vxOb 'X 3hH MT
OY. " (g 9ZeB OC x#N m/OT D0KOY.
(g L%.
Trust Authority (g L%.B 8H |C 8:)! _kQ gWL _}OB f
l! L& %COB 9ZeTOY. (g -vB ,sLp.NNM (g L%.&
vEO) +a: 8# (g NW! bOUOY.
Trust Authority (g L%.B Y= |VN PyKOY.
v 0 |. L%.
0G 8H |.M |CH L%.N-, Xg L%.! JdQ eR W C#! g
kZ!T &xKOY.
v Nu |. L%.
pvP NuG |.M p:d.G Nu W CRL! kQ $8& /v8vOB z
$!- }:H L%.TOY.
v 8H (v L%.
+a: !K, Nu W Nu /?: Ku nG 8H (v 8:)G v` z$!
- }:H L%.TOY.
v (g |.Z 6! L%.
(g |.ZG *Rz |CH 6! z$!- }:H L%.TOY. (g |.Z
G *R: 6wL gkOB 8H $%; 8vOB MTOY.
v RA L%.
RA! v`Q 6! z$!- }:H L%.
(g L%.! kQ Z<Q |m $8B 113 dLvG :(g L%. Je;& |
mOJC@.
74 Trust Authority: C:[ |. H;-
(g L%. 6:)
Trust Authority!- (g L%. 6:)B (g -v! G&N |[GB (g L
%.& &nOb 'Q bI; &xUOY. 6:) v$! 5b ^v JB (g L
%.G 'S O' }UL V=; VGOJC@.
(g 6:) v$! kQ Z<Q ;k: 44 dLvG :(g 6:) v$;; |m
OJC@.
'S k 1C{ (g L%.
Jv{N (g L%. O' }UL V@OY. L }U: (g ,sLp. 8: D
OG 6:) v$! 5b; ^v J@OY. Jv W 1C{ (g L%.& G0O
Ai 113 dLvG %19& |6OJC@.
+a: !K
Trust AuthorityB (g 9Ze! qc!H v$L `Xvv JR=; .NOB 5
8& &xUOY. L 58& (g +a: !K 58sm UOY. +a: !K: q
c!H )3; fvOB %LM bP: 8#MB Y% bITOY.
(g -vB " 9Ze! -mOv J@OY. W kE, " 9Ze sG ^Cv N
u Ze(MAC)& hjOm |< %LM#L:! kQ MAC& /v8vUOY.
+ a : ! K : 8 : ! I Q I G T O Y . L b I ; g k O b ' X - B ,
AuditServer.ini 8: DO!- audit.log.integrity=true3$8N L bI; 0:
-X_ UOY. L E3/v /f! kQ Z<Q ;k: 48 dLvG :%LM#L
:! (g L%.& bOOB f} /f;; |mOJC@.
+a: @N
Trust Authority!- +a: @NLu 88H (g NW %LM#L:G -m; ;
UOY. L DO! kQ -m: Trust Authority (g 88 W -m mI` 58
& kX v`KOY.
&4e $8 75
(g NW 88
Trust AuthorityB (g 88 W -m mI` 58& kX 8inx 88 DO!
kX vg (g NWG 88; vxUOY.
DB2 %LM#L:
IBM DB2 Universal Database(DB2 UDB)B |h| %LM#L: |. C:[
8N- Java vx bI; wTQ % gk !I C:[TOY. Trust Authority!
- L C:[: Y= 8:)& v`UOY.
v pvP NuG nO AN<:! kQ $8& |.UOY.
v pvP Nu! kQ d;; BNOE* E}Ob 'X v`H RA 6!! kQ
$8& zeUOY. L $8B (g q{8N gkKOY.
v Trust Authority nO @kANW%G |]{N [w NO! kQ n5 kh&
&xUOY.
v Trust Authority CA, RA, (g -jC:[, p:d. W Trust Authority 8
: %LM& 'Q %LM#L:& &xUOY.
% -v
% -vB jslz ANW%8NNMG $8 Zx d;! @dOB -v ANW
%TOY. Trust AuthorityB L/Q W.v) .#hG; 'Q EZR v VB b
]; &xOb 'X IBM WebSphere<.G RA.~n &0; gkUOY.
WebSphere Application ServerW IBM HTTP -v 5r; : Trust Authority
!- % -v! bIOb 'X ON86& &xUOY.
Trust Authority C:[!-, % -v RA.~nB RAM ?OQ bh! V@O
Y. LM: 8#GB ANW%z Li; W<:OAm OB gkZ #! H|Q f
h& &xUOY. OL[X:. |[ ANd](HTTP W HTTPS)z SSL(Secure
Sockets Layer)bz; gkT8Na, % -v &0: ,sLp.M -v #G k
E; O#-R v V@OY. GQ, ,sLp. Nu; v`O) qc!H W<:*
%LM F[5; 7; v V@OY.
76 Trust Authority: C:[ |. H;-
IBM WebSphere Application Server
IBM WebSphere Application Server(WAS)B % @kANW%G |.M |3
& kLOT Ob 'X pZNH Java @kANW% -vTOY. WASB jsl
zNNMG HTTP d;; 3.Om HTTP ANd]; gkO) HTML; YC
jslzN |^OB #:. % -v! 3!X_ UOY. WebSphere! 3!I ',
WebSphereB Xg #:. % -vG 8:; v$O) % -v! /$ d;; 3
.O5O OB kE Li d;L 3.& 'X WebSphereN fNgv$G5O U
OY. WASB #:. bh!- Java 3_ W 18S /f; LkUOY. L Java
/f: WebSphere! Trust Authority nO @kANW%L gkOB Java AN
W%; G`R v V5O UOY.
IBM HTTP Server
Trust Authority -vB 3--v, 3-w. p(; gkO) ,sLp. d;; 3.
UOY. gkZ 6w: IBM HTTP -vG \O N:O:& 3!Om YgQ !
s #:. L'z w.& 8:O) YgQ d; /|; 3.ObN 1C_; v5
V@OY.
L p(; gkO) Trust AuthorityB Y= /|G d;; 3.UOY.
v O#-* Nu; JdN Ov JB d;.
v O#- W -v Nu; JdN OB d;.
v O#-, -v Nu W ,sLp. Nu; JdN OB d;.
%13!-B L/Q 8: kHi; d`UOY.
% 13. IBM HTTP -vk 3--v, 3-w. p(
ANd] SSL -v Nu ,sLp. Nu \O IPG y
C w. x#
Y_ IPG y
C w. x#
HTTP R!I R!I R!I 80 80
HTTPS !I !I R!I 443 443
HTTPS !I !I !I 1443 443
IP 0m v$
NM] bz!-, 0m: -v! RgGn #:. bhG L'z -v& 8POB
L'TOY. 0m: C:[G 5^N L' C:[(DNS)! $GGn_ UOY.
&4e $8 77
p:d. -v
Trust AuthorityB IBM SecureWayp:d.& gkO) X.509 pvP Nu,
CRL(Nu kR qO), CA $%z nOGB -v W gkZ! kQ b8 $8&
zeUOY. L p:d. -vB p:d.!- /$ N0 GB -vG m/ DNL
* b8 |C $8& =vO) Xg N0L* -vG xk 0 Nu; #B % g
kKOY.
L -vB LDAP(f. p:d. W<: ANd]) %X; vxOg DB2 UDB&
b]8N gkUOY. 63| pU8N G`GB L -vB ,sLp./-v p(
; gkO) Trust Authority! -v! W<:R v VT Om, % b] NMdL
:& gkO) p:d.& 3$ W /v8vOE* p:d.G %LM& < v V
@OY. p:d.B b8 -vO v5 Vm Trust Authority& 'X /0w 3!
Om 8:Q -vO v5 V@OY. IBM SecureWay Trust Authority% gL.
G sLj/. dLv! VB Using the SecureWay Directory With Trust
Authority& |6OJC@.
http://www.ibm.com/software/security/trust/library
@j'. D0Z
@j'. D0Z(OID)B @j'.M ,|H *8N Y% *iz 80 !IQ *
TOY. " ASN.1 $G OIDB Q ..G ke& |:UOY(DITM /g). @j
'. D0Z ..B Xg g.! ITU Ge X.680! GX RgH Mz O!OB
..TOY. $!i: Xg $!(F)G !!L* F)G 3w!)!- F)& Rg
R %SL VB |. b|(administrative authority)! XgUOY(N $!; ,
aOB <WU.).
..G " F)B }Z*N @j'. D0Z 8:dR! GX 9LmL Y)}O
Y. D0GB " @j'.!B $.OT Q 3G $!(O]{8N .A)L RgG
g, ?OQ $!! Y% @j'.(?OQ GB Y% /|G)! RgGv J@OY.
{s-, g.!- @j'.! RgH $!nv Q fN ;G pg F)! 9Lm
; YLB OCG }Z*(@j'. D0Z 8:dR)! GX, @j'.! m/Om
m.OT D0KOY.
78 Trust Authority: C:[ |. H;-
g. YN F!!B vg < 3G *L $GGn V@OY. Li: 0, 1 W 2TO
Y.
v 0: CCITT GegW! RgKOY.
v 1: ISO GegW! RgKOY.
v 2B N 6w! x?8N RgKOY.
9& in, p:d. %Xk8N 9`H pg OIDB 6N. CCITT/ISO * 2 F
!! @g, @j'. D0Z 8:dR 5! RgGz@OY. {s-, p:d. %X
@j'.G pg OIDB "Nn 2.5N C[KOY.
&4e $8 79
80 Trust Authority: C:[ |. H;-
&5e |6gW
L e!-B Y=! kQ |6 $8! &xKOY.
v 8: DO
E3/v L', 3m W |D! kQ $8! wTKOY. Xg E3/v! Jv
Nv 1C{Nv )NM g8: !I )N& v$UOY.
v mI
L $8!-B Trust Authority mI` /?.<! gkGB 8. W E3/v
! kX 3mUOY.
v (g L%. Je
L }!-B Trust Authority (g L%.! wTGn VB $8& *-Om 3
mUOY.
v (g L%.
L }!-B (g L%.& *- W 3mOm L%.! JvNv GB 1C{
Nv& v$UOY.
v (g %LM#L: %LM
L }!-B (g L%. 9Ze! |h| %LM#L: WLm! zeGB f
}; 3mUOY. GQ, %LM! zeGB 9ZeG Je L'(GB WLm ;
G - L')z Je 3m W %LM |D; &xUOY.
8: DO
L }!-B Y= 8: DO! gkGB E3/v! kX 3mUOY.
v CA -v 8: DO jonahca.ini
v RA -v 8: DO jonahra.ini
v (g -v 8: DO AuditServer.ini
v (g ,sLp. 8: DO AuditClient.ini
© Copyright IBM Corp. 1999b 81
DO 3m
8: DO; n 3G =G8N *)n. V@OY. " =G: k}# S! in
VB S.[(9: [section])N C[UOY. =G H!B, L'z * VG |D8N
H O* LsG vC.L V; v V@OY(9: parameter=value).
)b! %CH WLm: C:[ |.& 'X m}GB Trust Authority 8: DO
; 8:OB pg =Gz E3/v& D0UOY. Y=G -L %! gkGz@O
Y.
v E3/v
v 3m
v b; 8: DG *
L -: b;*; %CUOY(VB fl). b;*L VB fl!B Xg E3/
v! 1C{N MLg W8v J: fl!B JvTOY.
v b; 8: DG /f H| )N?
L -: v$H *G /f )N! |Q H;gW; &xUOY.
L C:[: xi; +CUOY. &CGB \' v$ZB CY% x-N *8*_
UOY.
CA -v 8: DO
83 dLvG %14!-B CA -v 8: DO jonahca.ini E3/v! kX 3m
UOY.
82 Trust Authority: C:[ |. H;-
% 14. CA -v 8: DO
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
[OID] m/OT Wq; D0OB %X b] ^+Or
C= 9!! kQ OID 2.5.4.6 R!I
O= 6w! kQ OID 2.5.4.10 R!I
OU= 6w! kQ OID 2.5.4.11 R!I
CN= xk L'! kQ OID 2.5.4.3 R!I
L= v*! kQ OID 2.5.4.7 R!I
ST= sB! kQ OID 2.5.4.8 R!I
T= &q! kQ OID 2.5.4.12 R!I
id-dsa= DSA! kQ OID 1.2.840.10040.4.1 R!I
id-dsa-with-sha1= SHA-1!- DSA! kQ OID 1.2.840.10040.4.3 R!I
rsaEncryption= RSAO#-! kQ OID 1.2.840.113549.1.1.1 R!I
sha-1WithRSAEncryption= RSAO#-& wTOB SHA-1
! kQ OID
1.2.840.113549.1.1.5 R!I
sha1= SHA-1! kQ OID 1.3.14.3.2.26 R!I
hmac-sha1= SHA-1XCH ^Cv Nu Ze
! kQ OID
1.3.6.1.5.5.8.1.2 R!I
pkcs7-data= PKCS #7! kQ OID 1.2.840.113549.1.7.1 R!I
pkcs12-certbag= Nu i! kQ OID 1.2.840.113549.1.12.10.1.3 R!I
pkcs12-keybag= 0 i! kQ OID 1.2.840.113549.1.12.10.1.1 R!I
X509-Certificate= X.509Nu! kQ OID 1.2.840.113549.1.9.22.1 R!I
PasswordBasedMAC= O# b] MAC! kQ OID 1.2.840.113533.7.66.13 R!I
MyPolicy= CertPolicy =G!-
PolicyName1! kQ OID Wq
9
1.34.67.7 R!I
&5e
|6
gW
83
% 14. CA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
My Lite Policy= CertPolicy =G!-
PolicyName2! kQ OID Wq
9
2.4.1.0 R!I
[AsymmetricKeyAlgs]
DSA= DSA 0 Km.rG $G id-dsa R!I
RSA= RSA 0 Km.rG $G rsaEncryption R!I
[AsymmetricEncAlgs]
DSA= DSA O#- Km.r $G. id-dsa R!I
[AsymmetricSigAlgs]]
DSAwithSHA1= SHA-1 -m Km.r; wTO
B DSAG $G. GUI GB -v
& kQ %C W Km.r 1C!
gkKOY.
id-dsa-with-sha1 R!I
RSAwithSHA1= SHA-1 -m Km.r; wTO
B RSAG $G. GUI GB -v
& kQ %C W Km.r 1C!
gkKOY.
sha-1WithRSAEncryption R!I
[ObjectStore]
Name= CA %LM DO! gkGB DO
:[(.eZ x=)
caObjectStore R!I
Path= IBM SecureWay Trust
Authority CA DOL VB }k
fN
Windows NTG fl: c:\Program
Files\IBM\Trust Authority\etc\TrustAuthority\
AIX G fl: /usr/lpp/iau/etc/TrustAuthority/
R!I
[CertPolicy] " -m Km.r!B OID =G! 1pH Xg OID! Vn_ UOY. " $% L'!B OID =G! k@OB OID! Vn_ UOY.
84T
rustA
uthority:C
:[
|.
H;
-
% 14. CA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
SigAlg1= 9x0 -m Km.rG $G.
OID =G! k@OB WqL V
n_ UOY.
sha-1WithRSAEncryption R!I
StartTimeSpecifiable= d;Z(RA! kQ ,sLp. #
<< GB CA! kQ RA)! C
[ C#; v$R v VBvG )
N.
T R!I
MaxLifeTime= NuG Vk vm(C#). 8760h R!I
LifeTimeDef= b; Nu vm(/%). 180d R!I
KeySpecifiable= d;Z(,sLp. GB #<<)!
V<G xk 0& v$R v VB
v )N
T R!I
KeyUsageSupported= 0 gk .eL vxGBvG )
N.
T R!I
KeyUsageRequired= 0 gk .eL JdQvG )N. F R!I
PolicyCritical= $%L _dX_ OBv )N. F R!I
PolicyRequired= $%L JvNv )N F R!I
PolicyName1= Ow $%G L'. OID =G!
k@OB OID! Vn_ UOY.
MyPolicy R!I
Policy1Org= Xg $%; JdN OB 6wG
L'
gkZG 6w R!I
Policy1Notice1= Policy1z ,|H Notice1 3 R!I
Policy1Notice2= Policy1z ,|H Notice2 17 R!I
UserNoticeText1= EZ ksL P; }{ km. G
B VGgWz Gga$ bX
}{ km. GB VGgW R!I
&5e
|6
gW
85
% 14. CA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
CPS1= policy1G vC.; P; v VB
URL
http://localhost/index.html R!I
PolicyName2= Lw $% L'. L E3/v!
&CGB fl!B OID =G!
k@OB OID! Vn_ UOY.
My Lite Policy R!I
CPS2= policy2G vC.; P; v VB
URL
http://localhost/index.html R!I
TimeBetweenCRLs= :IYH CRL x% gLG b;
C#
1d !I
CRLDuration= CRL vm 2d !I
[CrossCertPolicy]
SigAlg1= 9x0 -m Km.rG $G.
OID =G! k@OB WqL V
n_ UOY.
sha-1WithRSAEncryption R!I
StartTimeSpecifiable= d;Z(,sLp. GB #<<)!
C[ C#; v$R v VBv )
N
T R!I
MaxLifeTime NuG Vk vm 8760h R!I
LifeTimeDef NuG b; vm. 180d R!I
KeySpecifiable= d;Z(,sLp. GB #<<)!
V<G xk 0& v$R v VB
v )N
T R!I
KeyUsageSupported= 0 gk .eL vxGBvG )
N.
T R!I
KeyUsageRequired= 0 gk .eL JdQvG )N. F R!I
PolicyCritical= $%L _dX_ OBv )N F R!I
86T
rustA
uthority:C
:[
|.
H;
-
% 14. CA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
PolicyRequired= $%L JvNv )N F R!I
PolicyName1= Ow $%G L'. OID =G!
k@OB OID! Vn_ UOY.
MyPolicy R!I
Policy1Org= Xg $%; JdN OB 6wG
L'
gkZG 6w R!I
Policy1Notice1= Policy1z ,|H Notice1 3 R!I
Policy1Notice2= Policy1z ,|H Notice2 17 R!I
UserNoticeText1= EZ ksL P; }{ km. G
B VGgWz Gga$ bX
}{ km. GB VGgW R!I
CPS1= policy1G vC.; P; v VB
URL.
http://localhost/index.html R!I
PolicyName2= Lw $% L'. My Lite Policy R!I
CPS2= Policy2vC.; P; v VB
URL.
http://localhost/index.html R!I
TimeBetweenCRLs= :IYH CRL x% gLG b;
C#
1d !I
CRLDuration= CRL vm 2d !I
[General]
MyName= ,sLp. #<<G DN /C=US/O=Your Organization/OU=Trust
Authority/CN=Trust Authority CA
R!I
DefaultRA= b; RA 1 R!I
PreferredCryptoProvider= O#- &xZ! kQ GUID($
* m/ D0Z).
dda0c1e0-7b73-11d0-8e0c-0004ac602b18 R!I
CertperDP= Pj v! g Nu v 0 R!I
&5e
|6
gW
87
% 14. CA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
CRLDistName= Nu! pTGB Pj v!G L
'
MyCRLDistName%d R!I
TempPath= SC DO ze5*G fN. Windows NTG fl: c:\Program
Files\IBM\Trust Authority\etc\TrustAuthority\
AIX G fl: /usr/lpp/iau/etc/TrustAuthority/
R!I
PathToDLLs= PKIX sLj/.! zeGB f
N.
Windows NTG fl: c:\pkix\
AIX G fl: /usr/pkix/
R!I
RA1= Xg CA! kQ RAG DN. /C=US/O=Your Organization/OU=Trust
Authority/CN=Trust Authority RA
R!I
[Transport]
TCPPort= CA! ;kOB TCP w.. 1830 !I
TCPHost= CA! VB bhG #:. L'. gkZG #:. L' R!I
PollInterval= z5 #] 10s !I
[KeyStore]
CurKeyStore= gk _N KeyStore VSC R!I
[VSC] L E3/vB CurKeyStoreE3/v! VSC *L VB fl! JvTOY.
Model= gkGB ze5* /| PKCS11_STORAGE_MODEL R!I
Guid= $* m/ D0Z 7F529C80-C942-11D1-8FB0-0004AC61389A R!I
InitialSOpw= (g |.ZG Jb O# SOPIN R!I
TokenDir= !s :6. +e! kQ |< f
N W DO L'.
Windows NTG fN: c:\Program
Files\IBM\Trust
Authority\etc\TrustAuthority\caKS.fil
AIX G fl: /usr/lpp/iau/etc/TrustAuthority/caKS.
fil
R!I
88T
rustA
uthority:C
:[
|.
H;
-
% 14. CA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
4758GUID= 4758+e! kQ GUID. 474d0880-b44c-11d1-b1cf-002035680b00 R!I
Use4758= CA! 4758; gkOBvG )N
! kQ %Cb.
false R!I
4758ProfileUserid= 4758ANDOG gkZ ID.
Use4758=trueO fl!8 gk!
I.
IBMCA001 R!I
4758ProfilePassPhrase= 4758ANDO! kQ O#.
Use4758=trueO fl!8 gk!
I.
Secure99 R!I
4758Retain= CA! 4758RetainIG; gkO
BvG )N. Use4758=trueO f
l!8gk!I.
false(RETAIN IG(GeGv J=)! kX-8
true)
R!I
4758KeyLength= 47580G fL. gk!IQ *:
512, 1024W 2048.
Use4758=trueO fl!8 gk!
I.
512 R!I
[TrustPolicy]
UseCRLs= CRLW ARL; /?: Ku A
N<:! gkX_ OBv )N
T R!I
AllowExpiredCRLs= 8bH CRLG /? )N F R!I
AllowFutureCRLs= L!G /%& !vB CRLL /
?Qv )N
F R!I
AllowExpiredCertificates= 8bH NuG /? )N F R!I
AllowFutureCertificates= L!G NuL /?Qv )N F R!I
&5e
|6
gW
89
% 14. CA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
AllowCRLSearchToFail= Xg _`Z! kX- CRL GB
ARL; #v xOB fl! @y
Nv )N
F R!I
MaximumChainSearchDepth= x/{ !N l1 <N 8: _
ckGB Vk <N mL
15 R!I
[RemoteServer]
MaxSessions= 6$ E3/v 16 R!I
EncryptionPolicy= iWsne -vM Xg x] |
.Z! pN ?OQ C:[! 8
gOB fl, Q gL!- O#-
$%; gkR MNv )N
F R!I
NumAdmins= 8uGB |.Z v 0 R!I
Admin1DN= Administrator1G DN. gkGv J= R!I
[ICL]
IclOdbcProvider ODBC! kQ &xZ /|. UDB R!I
IclOdbcDriverConnect ICL! kQ %LM#L: L'. DSN=ibmdb R!I
MACLabel 0 zeR! VB MAC 0! k
Q 9Lm.
CA_MAC_Key R!I
[URLs]
/C%EQ%US/O%EQ%Your
Organization/OU%EQ%Trust
Authority/CN%EQ%Trust Authority
RA=pkix://localhost:829
L Wq: 8: C RAG URL
W DNz T2 3$KOY.
RA DN !I
90T
rustA
uthority:C
:[
|.
H;
-
RA -v 8: DO
92 dLvG %15!-B RA -v 8: DO jonahra.ini E3/v! kX 3mU
OY.
&5e |6gW 91
% 15. RA -v 8: DO
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
[OID]
C= 9!! kQ OID 2.5.4.6 R!I
O= 6w! kQ OID 2.5.4.10 R!I
OU= 6w \'! kQ OID 2.5.4.11 R!I
CN= xk L'! kQ OID. 2.5.4.3 R!I
L= v*! kQ OID. 2.5.4.7 R!I
ST= sB! kQ OID. 2.5.4.8 R!I
T= &q! kQ OID 2.5.4.12 R!I
id-dsa= DSA! kQ OID 1.2.840.10040.4.1 R!I
id-dsa-with-sha1= SHA-1!- DSA! kQ OID 1.2.840.10040.4.3 R!I
rsaEncryption= RSAO#-! kQ OID 1.2.840.113549.1.1.1 R!I
sha-1WithRSAEncryption= RSAO#-& wTOB SHA-1
! kQ OID
1.2.840.113549.1.1.5 R!I
sha1= SHA-1! kQ OID 1.3.14.3.2.26 R!I
hmac-sha1= SHA-1XCH ^Cv Nu Ze
! kQ OID
1.3.6.1.5.5.8.1.2 R!I
pkcs7-data= PKCS #7! kQ OID 1.2.840.113549.1.7.1 R!I
pkcs12-certbag= PKCS #12Nu i! kQ OID 1.2.840.113549.1.12.10.1.3 R!I
pkcs12-keybag= PKCS #120 i! kQ OID 1.2.840.113549.1.12.10.1.1 R!I
X509-Certificate= X.509Nu! kQ OID 1.2.840.113549.1.9.22.1 R!I
PasswordBasedMAC= O# b] MAC! kQ OID. 1.2.840.113533.7.66.13 R!I
MyPolicy= CertPolicy =G!-
PolicyName1! kQ OID Wq
9/
1.34.67.7 R!I
92T
rustA
uthority:C
:[
|.
H;
-
% 15. RA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
My Lite Policy= CertPolicy =G!-
PolicyName1! kQ OID Wq
9.
2.4.1.0 R!I
[AsymmetricKeyAlgs]
DSA= DSA 0 Km.rG $G id-dsa R!I
RSA= RSA 0 Km.rG $G rsaEncryption R!I
[AsymmetricEncAlgs]
DSA= DSA O#- Km.r $G. id-dsa R!I
[AsymmetricSigAlgs]]
DSAwithSHA1= SHA-1 -m Km.r; wTO
B DSAG $G. GUI GB -v
& kQ %C W Km.r 1C!
gkKOY.
id-dsa-with-sha1 R!I
RSAwithSHA1= SHA-1 -m Km.r; wTO
B RSAG $G. GUI GB -v
& kQ %C W Km.r 1C!
gkKOY.
sha-1WithRSAEncryption R!I
[ObjectStore]
Name= RA %LM DO! gkGB DO
L'(.eZ x=).
raObjectStore R!I
Path= IBM SecureWay Trust
Authority RA %LM DOL V
B }k fN.
Windows NTG fl: c:\Program Files\IBM\Trust
Authority\pkrf\Domains\YourDomain\etc\
AIX G fl: /usr/lpp/iau/pkrf/Domains/
YourDomain/etc/
R!I
[IssuerCertPolicy]" -m Km.r!B OID =G! 1pH Xg OID! Vn_ UOY. " $% L'!B OID =G! k@OB OID! Vn_ U
OY.
&5e
|6
gW
93
% 15. RA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
SigAlg1= -m Km.rG $G. OID =G
! k@OB WqL Vn_ UO
Y.
sha-1WithRSAEncryption R!I
StartTimeSpecifiable= d;Z(RA! kQ ,sLp. #
<< GB CA! kQ RA)! N
u C[ C#; v$R v VBv
G )N.
T R!I
MaxLifeTime= NuG Vk vm 8760h R!I
LifeTimeDef= b; Nu vm 180d R!I
KeySpecifiable= d;Z(,sLp. GB #<<)!
V<G xk 0& v$R v VB
v )N
T R!I
KeyUsageSupported= 0 gk .eL vxGBvG )
N.
T R!I
KeyUsageRequired= 0 gk .eL JdQvG )N. F R!I
PolicyCritical= $%L _dX_ OBv )N. F R!I
PolicyRequired= $%L JvNv )N F R!I
PolicyName1= Ow $%G L'. OID =G!
k@OB OID! Vn_ UOY.
MyPolicy R!I
Policy1Org= 1w $%; JdN OB 6wG
L'
gkZG 6w R!I
Policy1Notice1= Policy1z ,|H Notice1. 3 R!I
Policy1Notice2= Policy2M ,|H Notice2. 17 R!I
UserNoticeText1= EZ ksL P; }{ km. G
B VGgWz Gga$ bX
}{ km. GB VGgW R!I
94T
rustA
uthority:C
:[
|.
H;
-
% 15. RA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
CPS1 policy1G vC.; P; v VB
URL
http://localhost/index.html R!I
PolicyName2= Lw $% L'. L E3/v!
&CGB fl!B OID =G!
k@OB OID! Vn_ UOY.
My Lite Policy R!I
CPS2= Policy2vC.; P; v VB
URL.
http://localhost/index.html R!I
EERevokeRequests= ,sLp. #<<! Nu kR&
d;R v VBvG )N. ANY
B ,sLp. #<<! ZEL
d;Q NuG kR& d;R v
V=; GLUOY. NONE: ,
sLp. #<<! Nu kR&
d;R v x=; GLUOY.
SG R!I
[IssuerCrossCertPolicy]
SigAlg1= 9x0 -m Km.rG L'.
OID =G! k@OB WqL V
n_ UOY.
sha-1WithRSAEncryption R!I
StartTimeSpecifiable= d;Z(,sLp. GB #<<)!
C[ C#; v$R v VBv )
N
T R!I
KeySpecifiable= d;Z(,sLp. GB #<<)!
V<G xk 0& v$R v VB
v )N
T R!I
KeyUsageSupported= 0 gk .eL vxGBvG )
N.
T R!I
KeyUsageRequired= 0 gk .eL JdQvG )N. F R!I
&5e
|6
gW
95
% 15. RA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
PolicyCritical= $%L _dX_ OBv )N. F R!I
PolicyRequired= $%L JvNv )N F R!I
PolicyName1= Ow $%G L'. OID =G!
k@OB OID! Vn_ UOY.
MyPolicy R!I
Policy1Org= 1w $%; JdN OB 6wG
L'
gkZG 6w R!I
Policy1Notice1= Policy1z ,|H Notice1. 3 R!I
Policy1Notice2= Policy1z ,|H Notice2. 17 R!I
UserNoticeText1= EZ ksL P; }{ km. G
B VGgWz Gga$ bX
}{ km. GB VGgW R!I
CSP1 Policy1vC.; P; v VB
URL.
http://localhost/index.html R!I
PolicyName2= Lw $% L'. My Lite Policy R!I
CPS2= Policy2vC.; P; v VB
URL.
http://localhost/index.html R!I
EERevokeRequests= ,sLp. #<<! Nu kR&
d;R v VBvG )N. ANY
B ,sLp. #<<! n0Q
NuLg NuG kR& d;R
v V=; GLUOY. SELFB
,sLp. #<<! ZEL d;
Q NuG kR& d;R v V=
; GLUOY. NONE: ,sL
p. #<<! Nu kR& d;
R v x=; GLUOY.
ANY R!I
[General]
96T
rustA
uthority:C
:[
|.
H;
-
% 15. RA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
MyName #<<G 8P L'. /C=US/O=Your Organization/OU=Trust
Authority/CN=Trust Authority RA
R!I
Issuer1 L RAG CA! kQ 8P L'. /C=US/O=Your Organization/OU=Trust
Authority/CN=Trust Authority CA
R!I
Issuer1URL1 L RAG CA! kQ URL. pkix://servername:1830 !I
TempPath= SC DO ze5*G fN. Windows NTG fl: c:\Program Files\IBM\Trust
Authority\pkrf\Domains\YourDomain\etc\
AIX G fl: /usr/lpp/iau/pkrf/
Domains\YourDomain/etc/
R!I
PathToDLLs= PKIX sLj/.! 3!H fN. Windows NTG fl: c:\pkix\
AIX G fl: /usr/pkix/
R!I
[Transport]
TCPPort= RA! ;kOB TCP w.. 829 !I
TCPHost= RA! VB bhG TCP/IP #:
. L'.
gkZG #:. L' R!I
PollInterval= z5 #] 30s !I
RetryInterval= CA!- RAN |[GB z C#
L RAG vg Ch C#8Y L
& fl, RA! GQ CAG z.
#G C#.
1m !I
[KeyStore]
CurKeyStore= gk _N KeyStore VSC R!I
[VSC] L E3/vB CurKeyStoreE3/v! VSC *L VB fl! JvTOY.
Model= gkGB ze5* /| PKCS11_STORAGE_MODEL R!I
&5e
|6
gW
97
% 15. RA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
GUID= $* m/ D0Z 7F529C80-C942-11D1-8FB0-0004AC61389A R!I
InitialSOpw= (g |.ZG Jb O# SOPIN R!I
TokenDir= !s :6. +e! kQ |< f
N W DO L'.
Windows NTG fl: c:\Public Files\IBM\Trust
Authority\pkrf\Domains\YourDomain\etc\raKS.fil
AIX G fl: /usr/lpp/iau/pkrf/Domains/
YourDomain/etc/raKS.fil
R!I
[TrustPolicy]
UseCRLs= CRLW ARL; /?: Ku A
N<:! gkX_ OBv )N
T R!I
AllowExpiredCRLs= 8bH CRLG /? )N F R!I
AllowFutureCRLs= L!G /%& !vB CRLL /
?Qv )N
F R!I
AllowExpiredCertificates= 8bH NuG /? )N F R!I
AllowFutureCertificates= L!G NuL /?Qv )N F R!I
ApplyNameConstraintsToEEOnly= <NG pg Nu! L' &`;
{kR MNv GB 6v7 Nu
!8 {kR MNv )N
F R!I
AllowCRLSearchToFail= Xg _`Z! kX- CRL GB
ARL; #v xOB fl! @y
Nv )N
F R!I
MaximumChainSearchDepth= x/{ !N l1 <N 8: _
ckGB Vk <N mL
15 R!I
[LDAP]
NumServers= LDAP-vG v 1 R!I
98T
rustA
uthority:C
:[
|.
H;
-
% 15. RA -v 8: DO (hS)
E3/v 3m b; 8: DG * 8: DG /f
H| )N?
Server1= LDAP-vG #:. L' W w
. x#
hostname:port !I
PostInterval= p:d.! %CR $8! VBv
.NOb 'Q !K #].
5m !I
[RemoteServer]
MaxSessions= 6$ E3/v 16 R!I
EncryptionPolicy= iWsne -vM Xg x] |
.Z! pN ?OQ C:[! 8
gOB fl, Q gL!- O#-
$%; gkR MNv )N
F R!I
NumAdmins= 8uGB |.Z v 0 R!I
Admin1DN= Administrator1G DN. gkGv J= R!I
CurrentAdminPort vg |. w.. gkGv J= R!I
[ICL]
IclOdbcProvider ODBC&xZ /| UDB R!I
IclOdbcDriverConnect ICL! kQ %LM#L: L'. DSN=pkrfdb R!I
[URLs]
/C%EQ%US/O%EQ%Your
Organization/OU%EQ%Trust Authority/
CN%EQ%Trust Authority
CA=pkix://localhost:1830
L Wq: 8: C CAG URL
W DNz T2 3$KOY.
CA DN !I
&5e
|6
gW
99
(g -v 8: DO
(g -v 8: DON AuditServer.iniB (g -vG 8: /v& v$UOY. L
/vi: -vG b; n5 /!; 8:Om pvW W @y ^Cv! kQ NW
f}; v$UOY. L /vi: NWI L%.& &nOb5 UOY. Y= }!-
B 102 dLvG %16G Wq! kQ _! $8& &xUOY.
v O] -q: Zi/ E3/v
v L%. I"5 9'
v _{ 9'
O] -q: Zi/ E3/v
Y= -q: Zi/ E3/vB " -q:! kX gkR v V@OY.
v service.count -gk !IQ -q:G v
v service.x.name --q:G L'
v service.x.classname --q:G ,!: L'
v service.x.dpolicy -|^ $%G ,!: L'
v service.default.count -b; -q:G v
v service.default.x.name -b; -q:G L'
L%. I"5 9'
@kANW% L%.G I"5 9': Y=z 0@OY.
v 1 - PP s2 %C. C:[ gk R!I
v 2 - oC 3$Gn_ OB s2 %C(9: %LM#L: Us)
v 3 - El _dQ s2 %C(9: Oe e! @y)
v 4 - @y s2 %C
v 5 - fm ^Cv %C
v 6 - /0Q 3.& JdN OB s2 %C. @y s2: FT
v 7 - O]{N $8 ^Cv %C
_{ 9'
_{ 9': Y=z 0@OY.
v pN - @y, fm, $8 W L%. _{ ^Cv bO
100 Trust Authority: C:[ |. H;-
v @y - @y ^Cv bO
v fm - @y ^CvM fm ^Cv bO
v L%. $8 - @y ^CvM L%. _{ ^Cv bO
v x= - F+ ^Cv5 bOOv J=
&5e |6gW 101
% 16. (g -v 8: DO
E3/v 3m b;* 8: DG /f
H| )N?
-v w.
acceptor.classname= vkb ,!:G L' com.ibm.irg.sysmgmt.daemon.acceptors.SMSocketAcceptorR!I
acceptor.arg= (g -v! ;k! gkOB w. 7222 !I
acceptor.init.retries= -v RO! kQ ,a C5 =v 3 !I
acceptor.init.delay= ,a C5 gLG kb C#(J) (A
NW%: J& gkUOY.)
3 !I
-q: Zi/
service.count= gk !IQ -q:G v 2 R!I
NW -q:
service.1.name= NW -q:G L' log R!I
service.1.classname= NW -q:G ,!: L' com.ibm.irg.sysmgmt.daemon.services.log.SMLogService R!I
service.1.dpolicy= NW -q: |^ $%G ,!: L
'
com.ibm.irg.sysmgmt.daemon.services.log.
SMLogDeliveryPolicy
R!I
(g -q:
service.2.name= (g -q:G L' audit R!I
service.2.classname= (g -q:G ,!: L' com.ibm.irg.sysmgmt.daemon.services.audit.SMAuditServiceR!I
service.2.dpolicy= (g -q: |^ $%G ,!: L
'
com.ibm.irg.sysmgmt.daemon.services.audit.
SMAuditDeliveryPolicy
R!I
b; -q:
service.default.count= gk !IQ b; -q:G v 2 R!I
service.default.1.name= b; -q:G L' log R!I
service.default.2.name= b; -q:G L' audit R!I
L%. 8:
irgsmd.event.config= L%. 8: DO smevents.conf R!I
102T
rustA
uthority:C
:[
|.
H;
-
% 16. (g -v 8: DO (hS)
E3/v 3m b;* 8: DG /f
H| )N?
L%. NW
event.log.filename= L%. 83k DO Windows NTG fl: c:\\Program Files\\IBM\\Trust
Authority\\logs\\smevents.log
AIX G fl: /usr/lpp/iau/logs/smevents.log
!I
event.log.append= L%. NW& _!R MNv GB
cD5 MNv )N& %COB C!
W
true !I
event.log.severity.min= L%. NW -q:! vxOB L%
.G VR I"5
1 !I
event.log.severity.max= L%. NW -q:! vxOB L%
.G Vk I"5
7 !I
(g
audit.ksfile= (g KeyStore DO. L DO: (
g O#- 0& zeOB % gkK
OY.
R!I
audit.catalog NLS+;NW DOG DO L' Windows NTG fl: c:\\Program Files\\IBM\\Trust
Authority\\catalog\\IRGVDS.DLL
AIX G fl: /usr/lpp/iau/catalog/IRGVDS.cat
R!I
audit.db.instance= (g DB2 N:O:G L' R!I
audit.db.name= (g %LM#L:G L' R!I
audit.db.connection= %LM#L: ,a |.& 'Q Km
.r
single R!I
audit.log.connect.retries= %LM#L:/NW DO! ,aOb
'Q gC5 ck =v
3 !I
&5e
|6
gW
103
% 16. (g -v 8: DO (hS)
E3/v 3m b;* 8: DG /f
H| )N?
audit.log.update.retries= (g NW& w%L.Ob 'Q gC
5 ck =v
3 !I
audit.log.timeout (g NW& w%L.Ob 'Q C#
>a *.
60s !I
audit.log.integrity= +a: !K 0:- GB q0:- true !I
_{
trace.enable= _{; 0:- GB q0:-Ob '
Q C!W
true !I
trace.level.name= _{ 9'; *8;B L' all !I
trace.event.enable= L%. _{ 0:- GB q0:- true R!I
trace.log.filename= _{ NW DO L' Windows NTG fl: c:\\Program Files\\IBM\\Trust
Authority\\logs\\iausmd.log
AIX G fl: /usr/lpp/iau/logs/iausmd.log
!I
trace.log.append= b8G _{ DO! _!R MNv
)N& %COB C!W
true !I
@y
error.log.filename= @y DOG L' Windows NTG fl: c:\\Program Files\\IBM\\Trust
Authority\\logs\\iausmd.err
AIX G fl: /usr/lpp/iau/logs/iausmd.err
!I
104T
rustA
uthority:C
:[
|.
H;
-
(g ,sLp. 8: DO AuditClient.ini
(g ,sLp. 8: DON AuditClient.iniB (g ,sLLp.G 8: /v&
v$UOY.
&5e |6gW 105
% 17. (g ,sLp. 8: DO
E3/v 3m b;* 8: DG /f H| )
N?
,a 3$
GLOBAL noname
EnableAudit= (g L%. 0:- GB q0:- true R!I
HostName= (g -v #:. gkZG #:. L' !I
Port= (g -v w. 59998 !I
AuthType= Nu ^?Or x= R!I
UseSSL= ,sLp./-v <G! SSL; gkX_
UOn? wD gk; 'X.
R!I R!I
SSLKeyDB= SSL0 %LM#L:. wD gk; '
X.
AIX G fl: /usr/lpp/iau/audit/client/ssl.kdb
Windows NTG fl: c:\Program
Files\IBM\Trust Authority\audit\client\ssl.kdb
R!I
SSLv2Token= SSL0 %LM#L: d+. wD gk;
'X.
d+ R!I
Retries= L%. |[ C5 =v 1 !I
8:dR 6:) =G
[CA]
ExcludedEvents= |[Gv J; CA L%. !I
[RA]
ExcludedEvents= |[Gv J; RA L%. ReceiptOfCertRequest !I
106T
rustA
uthority:C
:[
|.
H;
-
mI` /?.<
L }!-B Y=G mI` /?.<! gkGB 8. W E3/v& 3mUOY.
v CA Nu /?.<
v RA gkZ /?.< _!
v (g 88 W -m /?.<
v (g +a: !K /?.<
CA Nu /?.<
CA Nu /?.<B s# NuL* h~{ EZ p( _ O*& gkO) Trust
Authority CA(Nu b|) kE Y% CANNM Nu; d;R v V5O UOY.
8.
L /?.<!B Y= 8.L gkKOY.
CaCertRq[-i ipAddressMask [-I ipAddressMask]][-d dns [-D dns]][-m emailAddress [-M emailAddress]][-u uri [-U uri]][-n directoryName [-N directoryName]][-p inhibitPolMap][-h ]-r preregistrationpath-P 1835password
E3/v
O#
g|nO DOL }:I ' TBH O#
C!W:
[-i ipAddressMask[-I ipAddressMask]]
CDIF |D8N v$H IP(NM] ANd]) VR 6:). R.Z E3/v(-i)B
v$H VR IP VR 6:)& ckH -j.. qO! _!UOY. k.Z E
3/v(-I)B v$H IP VR 6:)& &\H -j.. qO! _!QYB !
; &\Om R.Z E3/vM ?OUOY.
&5e |6gW 107
9& ii, 6w XG 6:)B 9.0.0.0/255.0.0.0L Gm 6w X! VB N-
YG vg 6:)B 9.210.134.0/255.255.254.0L GB DTOY.
[-d dns [-D dns]]
DNS(5^N L' -v) VR. R.Z E3/v(-d)B v$H DNS VR& c
kH -j.. qO! _!UOY. k.Z E3/v(-D)B v$H DNS VR
& &\H -j.. qO! _!QYB !; &\Om R.Z E3/vM ?
OUOY.
VR! 6'%N C[OB fl!B Xg NS .Z-(″.″ wT)N !*B p
g #:.& *8;B MLg, DNS VR! 6'%N C[Ov JB fl!
B Xg .Z-z O!OB #:.8; *8;B MTOY.
9& in ″.orga.com″LsB &`: us.orga.com, vneto.orga.com,
w3.software.orga.comn: wTOv8, orga.com(GB kidorga.com)Z<B
wTOv J@OY. orga.comLsB &`: orga.com; wTOG us.orga.com
n: wTOv J@OY. ″.″N C[Ov JB, ckH -j..B O*G !
IQ ke8; *8@OY.
[-m emailAddress[-M emailAddress]]
|Z lm VR. R.Z E3/v(-m)B v$H |Z lm VR& ckH -
j.. qO! _!UOY. k.Z E3/v(-M)B v$H |Z lm VR&
&\H -j.. qO! _!QYB !; &\Om R.Z E3/vM ?OU
OY.
|Z lm VRB %X |D(MOe+e x=)8N 8:GE* DNS VRM ?
OR v V@OY. DNS VR& v$OB fl! gkGB T": -d IG!
- *-Q Mz ?OUOY. %X |Z lm VR& wTQ ckH -j..
B O*G !IQ gkZ8; *8@OY.
[-u uri [-U uri]]
URI. R.Z E3/v(-u)B v$H URI& ckH -j.. qO! _!UO
Y. k.Z E3/v(-U)B v$H URI& &\H -j.. qO! _!QY
B !; &\Om R.Z E3/vM ?OUOY.
108 Trust Authority: C:[ |. H;-
URI(UO Zx D0Z)G ke NP: IP VR! wTGn Vv J: Q -d
IG!- *-Q Mz ?OQ T"; {s_ Og, IP VR! wTGn VB
fl!B WM $.w O!OB M8N k^KOY.
[-n directoryName[-N directoryName]]
p:d. L'. R.Z E3/v(-n)B v$H p:d. L'; ckH -j.
. qO! _!UOY. k.Z E3/v(-N)B p:d. L'; &\H -j
.. qO! _!QYB !; &\Om R.Z E3/vM ?OUOY.
L L': %X LDAP |D! {s_ UOY. &`!- &xH RDN(sk{
8P L') ""z O!OB L': n2 Y% RDNL &CH fls5 Xg
&`z O!OB M8N #VKOY.
-r preregistrationpath
_` C:[! GX }:H g|nO DOG fN L'.
-P 1835
1835N CAG |. w. x#.
-p inhibitPolMap
inhibitPolicyMapping .e JeG *.
L IGL &CGv JB fl L JeG b;*: 1TOY.
-h Nu d;L h~ EZ p(; gkO5O v$UOY.
RA gkZ /?.< _!
RA gkZ _! /?.<B v$H Trust Authority nO 5^N! RA |. g
kZ(GB RA |.Z)& _!R v V5O UOY.
8.
add_rauser domainconfigfile yourdomain credentialUUID accessProfile
E3/v
domainconfigfile
domain.cfg DONG }k fN. L DO!B C:[! 8:H " nO 5^
N! kQ =GL in V@OY. v$H nO 5^NG !s g. p:d.
& #B % gkKOY.
&5e |6gW 109
yourdomain
_!H RA |.Z! |.OB nO 5^N.
credentialUUID
/$ Nu d;z ,|H m/ D0Z. O]{N UUIDG \|: Y=z 0@
OY.
sp0ApHvpzvCicr1Ts8ssKw==
accessProfile
C:[! _!R RA |.ZM ,|H W<: ANDO. LM: Trust Authority
nO |. 8: DO _ O*! v$H /?Q ANDOLn_ UOY. L A
NDO: ,|H RA |.Z! v`R v VB 68, 6! nG /|; *-
UOY.
(g 88 W -m /?.<
(g 88 W -m /?.<& kX (g NW DO; 88Om -mR v V@O
Y.
8.
AuditArchiveAndSign [-c ConfigFile Path] [-n]ArchiveFileName
E3/v
-c ConfigFilePath
(g -v 8: DOG }k fN L'
v AIX !-G b; fN: /usr/lpp/iau/etc/TrustAuthority/AuditServer.ini
v Windows NT!-G b; fN : c: \Program Files\IBM\Trust
Athority\etc\TrustAuthority\AuditServer.ini
-n (g 9Ze! %LM#L:!- h&Gv J5O v$UOY.
ArchiveFileName
(g NW! bOGB DO L'G "Nn. /?.<B 88 W -m DO!
"" .ixf W .sig .eZ& _!UOY.
110 Trust Authority: C:[ |. H;-
(g +a: !K /?.<
(g +a: !K /?.<B 88H (g 9Ze W (g -v %LM#L:! k
X +a: !K; v`UOY. L 58B Xg C:[!- +a: !KL 0:-G
n VB fl!8 ?z{TOY. L mI! gkGB 8.: Y=G |D; kU
OY.
v |D 1
L |D: (g -v %LM#L:G +a:; !KOm (g |.Z O#& d
8OB ARA.& %CUOY.
v |D 2
L |D: O* LsG (g -v 88 DO! kQ +a:; !KOm (g |
.Z O#& d8OB ARA.& %CUOY.
v |D 3
L |D: v$H p:d. F!! VB pg 88 DOG +a:; !KOm
(g |.Z O#& d8OB ARA.& %CUOY.
8.
|D 1:
AuditIntegrityCheck [-c ConfigFilePath] -d
|D 2:
AuditIntegrityCheck [-c ConfigFilePath] -aArchiveFileName1 ArchiveFileName2ArchiveFileName3
|D 3:
AuditIntegrityCheck [-c ConfigFilePath] -AArchiveFileDirectory
E3/v
-c ConfigFilePath
(g -v 8: DOG }k fN L'
v AIX !-G b; fN: /usr/lpp/iau/etc/TrustAuthority/AuditServer.ini
&5e |6gW 111
v Windows NT!-G b; fN : c: \Program Files\IBM\Trust
Authority\etc\TrustAuthority\AuditServer.ini
-a ArchiveFileName1 ArchiveFileName2 ArchiveFileName3
+a: !K ksN 88 DOG fN L' "Nn. "NnB 88z ,|H
DO <.& *8@OY.
9& in, mI -a /local/archive/archive1-1067: Y=z 0L fN L' "
Nn! /local/archive/archive1-1067N )/ DOi; AN<:UOY.
/local/archive/archive1-1067_audit_log.ixf/local/archive/archive1-1067_audit_log.sig
-A ArchiveFileDirectory
+ a : ! K k s N 8 8 D O L i n V B p : d . G f N L ' .
_audit_log.ixf W _audit_log.sig& wTOB pg DOL 3.KOY.
112 Trust Authority: C:[ |. H;-
(g L%. Je
%18B Trust Authority (g L%.! wTGn VB $8& *-Om 3mUO
Y.
% 18. (g L%. Je
Je L' 3m
L%. L' (g ,sLp.! d+8N v$Q L%. D
0Z
5b^B #<< (g L%.! |[GB q{ 6!! 5b^B
#<<. (g ,sLp.! v$UOY.
5b^B #<< /| 5b; ^B #<<G /|. (g ,sLp.!
v$UOY.
BNH #<< n5 GQL N)H #<<. (g ,sLp.!
v$UOY.
BNH #<< *R BNH #<<G *R
ze E< {k !IQ fl, n5! |CGB ze E<.
(g ,sLp.! v$UOY.
_! $8 n5! |CH _! $8. (g ,sLp.!
v$UOY.
(g L%.
%19!-B Trust Authority (g L%.& *- W 3mOm LiL JvNv G
B 1C{Nv& vCUOY.
% 19. (g L%.
L%. 3m Jv GB 1C
0 |.
KeyGeneration O#- 0! }:Gz=; vCUOY. Mandatory
KeyImport O#- 0! IBM SecureWay Trust
AuthorityN ]TGz=; vCUOY.
1C
KeyExport O#- 0! IBM SecureWay Trust
Authority!- ]bGz=; vCUOY.
1C
KeyStorage O#- 0! zeGz=; vCUOY. Mandatory
KeyRollover O#- 0! ?OQ q{! gkGB uNn
0N k<Gz=; vCUOY.
1C
&5e |6gW 113
% 19. (g L%. (hS)
L%. 3m Jv GB 1C
KeyCompromise O#- 0! UsGz=; vCUOY. Mandatory
CAKeyDistribution CAG xk 0! p:d.! 2)3=; vC
UOY.
Mandatory
Nu |.
CertGeneration NuL }:Gz=; vCUOY. Mandatory
CertRevocation NuL kRGz=; vCUOY. Mandatory
CertRenewal NuL ;EGz=; vCUOY. Mandatory
CertSuspension NuL OC _\Gz=; vCUOY. Mandatory
CertResumption L|! OC _\H NuL 0:-Gz=; v
CUOY.
Mandatory
CRLQuery Nu kR qO(CRL)L Pt3=; vCUO
Y.
Mandatory
CRLUpdate Nu kR qO(CRL)L ;EGz=; vCU
OY.
Mandatory
SubmitCertRequest Nu d;L &bGz=; vCUOY. Mandatory
8H (v
SuccessfulAuthWithPasswordO#& gkOB Nu C5! :x_=; vC
UOY.
Mandatory
UnsuccessAuthWithPasswordO#& gkOB Nu C5! GP_=; vC
UOY.
Mandatory
SuccessfulAuthWithCert Nu; gkOB Nu C5! :x_=; vC
UOY.
Mandatory
UnsuccessfulAuthWithCert Nu; gkOB Nu C5! GP_=; vC
UOY.
Mandatory
SuccessfulCertValidation g. CAG Nu! L#B |< Nu <NL
KuGz=; vCUOY.
Mandatory
UnsuccessfulCertValidation g. CAG Nu! L#B |< Nu <NL
+?-Gz=; vCUOY.
Mandatory
PasswordChange O#& /fOAB C5! :x_=; vCUO
Y.
Mandatory
ACLUpdate W<: &n qO(ACL)!/!- gkZ GB
#<<! _!/&EGz=; vCUOY.
Mandatory
SuccessfulIntegrityCheck q IBM SecureWay Trust Authority8:d
RMG .#hG8N NQ (g 9ZeG +a
: !K C5! :x_=; vCUOY.
Mandatory
114 Trust Authority: C:[ |. H;-
% 19. (g L%. (hS)
L%. 3m Jv GB 1C
UnsuccessfulIntegrityCheck q IBM SecureWay Trust Authority8:d
RMG .#hG8N NQ(g 9ZeG +a:
!K C5! GP_=; vCUOY.
Mandatory
SuccessfulAcquirePrivilege IBM SecureWay Trust Authority0 zeR
! kQ /$ 9'G W<:& 9fOAB C
5! :x_=; vCUOY.
Mandatory
UnsuccessfulAcquirePrivilege IBM SecureWay Trust Authority0 zeR
! kQ /$ 9'G W<:& 9fOAB C
5! GP_=; vCUOY.
Mandatory
8H dx 6!
SOAdd C:[! (g |.Z! _!Gz=; vCUO
Y.
Mandatory
SODelete C:[!- (g |.Z! h&Gz=; vCU
OY.
Mandatory
AudEventMaskChange ,sLp.! -v! |[R v VB (g L
%. <.& $GOB 6:)! /fGz=;
vCUOY.
Mandatory
CACrossCertRequest s# NuGB CA NuL d;Gz=; vC
UOY.
Mandatory
CAHierarchicalCertReq h~{8N NuGB CA NuL d;Gz=;
vCUOY.
Mandatory
RA L%.
ReceiptOfCertRequest RA! Nu d;; vE_=; vCUOY. Mandatory
ReceiptOfRevocationRequest RA! Nu kR d;; vE_=; vCUO
Y.
Mandatory
ReceiptOfRenewalRequest RA! Nu ;E d;; vE_=; vCUO
Y.
Mandatory
RequestApproval RA! Nu d;; BN_=; vCUOY. Mandatory
RequestRejection RA! Nu d;; E}_=; vCUOY. Mandatory
RequestCompletion Nu d;L OaGz=; vCUOY. Mandatory
&5e |6gW 115
(g %LM#L: %LM
Trust Authority (g %LM#L:B ]6 -q: jw %X X9.57!- xk 0
O#-! kX bzQ GegW; b]8N Q :06& gkUOY. L }!-B
Y=G %LM#L: WLm; 3mUOY.
V: L }! p^GB (g 9ZeG Je L': %LM#L: WLm!- - L
'! XgUOY.
v 0
-m, O#- W MAC(^Cv Nu Ze) }:! gkGB 3Nk/qP 0! k
Q &n WLmTOY.
v L%. I"5(event_severities)
L WLm: pg L%.G I"5& bzUOY.
v L%. &n(event_ctl)
L WLm: (gI v VB pg L%.& bzUOY.
v R:
L WLm: pg L%.G R: qO; 8/UOY.
v BNH #<<(auth_entities)
L WLm: BNH pg #<<G qO; 8/UOY.
v 5b^B #<< /|(afctd_entity_types)
L WLm: BNH pg *RG qO; 8/UOY.
v BNH *R(auth_roles)
L WLm: BNH #<<G pg *R qO; 8/UOY.
v 8:dR /|(component_types)
L WLm: pg 8:dR /|; 8/UOY.
v (g NW(audit_log)
(g NW 9Ze& 'Q V WLmTOY.
v C:[
L WLm!B |< (g C:[! {kGB $8! wTGn V@OY. L W
Lm!B `L O*8 V@OY.
116 Trust Authority: C:[ |. H;-
0 WLm
0 WLm: (g -jC:[L gkOB pg O#- 0! kQ $8& 8/UO
Y.
% 20. 0 WLm Je
Je 3m %LM /|
key_id 0G ;N m/ D0Z smallint
alg_oid 0M ,|H Km.r varchar
label G& 0& #B % gkGB KeyStore
9Lm GB d+
varchar
integrity L JeB 9ZeG +a:; /vOB
% gkKOY.
q. %LMk varchar
L%. I"5 WLm
L WLm: L%. I"5! kQ $8& 8/UOY. Pb |k WLmLg 3
! W 8: _! NeKOY.
% 21. L%. I"5 WLm Je
Je 3m %LM /|
severity_id L%. I"5G ;N m/ D
0Z
smallint
severity_desc I"5& bzOB NLS(Z9n
vx) .Z-
varchar
L%. &n WLm
L%. &n WLm: (g ,sLp.! (g -vN |[R v VB pg L%
.! kQ $8& 8/UOY. Pb |k WLmLg 3! W 8: _! NeKO
Y.
% 22. L%. &n WLm Je
Je 3m %LM /|
event_id L%.G m/ D0Z smallint
event_desc L%.G 8b !IQ 3m. L
JeB %C q{8N gkR
v V@OY.
varchar
&5e |6gW 117
% 22. L%. &n WLm Je (hS)
Je 3m %LM /|
event_key L%.& D0Om 3mOB *
: m/ .Z-. Java Zx x
iL gkUOY.
varchar
event_severity_id Xg L%.G I"5 ID.
event_severitiesWLm! kQ
\N 0TOY.
smallint
R: WLm
R: WLm: pg (g ,sLp.G qO; 8/UOY. (g ,sLp.B (
g L%.& }:OB Trust Authority 8:dRTOY.
% 23. R: WLm Je
Je 3m %LM /|
source_id (g ,sLp.G m/ D0Z smallint
source %C q{8N gkI v VB
(g ,sLp.G D0Z. k
NPG fl!B (g ,sLp
.G DNTOY.
varchar
integrity L JeB 9ZeG +a:;
/vOB % gkKOY.
q. %LMk varchar
BNH #<< WLm
L WLm: BNH pg #<<G qO; 8/UOY. BNH #<<u (g L
%. }: 6[; c!OB #<<& ;UOY.
% 24. BNH #<< WLm Je
Je 3m %LM /|
auth_entity_id BNH #<<G ;N m/ D
0Z
smallint
auth_entity_desc %C q{8N gkI v VB
BNH #<<G D0Z. kN
PG fl!B BNH #<<G
DNTOY.
varchar
integrity L JeB 9ZeG +a:;
/vOB % gkKOY.
q. %LMk varchar
118 Trust Authority: C:[ |. H;-
BNH *R WLm
L WLm: BNH #<<G *R! kQ $8& 8/UOY. Pb |k WLm
Lg 3! W 8: _! NeKOY.
% 25. BNH *R WLm Je
Je 3m %LM /|
auth_role_id BNH *RG ;N m/ D0
Z
smallint
auth_role_desc BNH *R; 3mOB NLS
.Z-
varchar
5b^B #<< /| WLm
L WLm: 5b^B #<<G YgQ /|! kQ $8& 8/UOY. 5b^B
#<<u (g L%.G }: 6[! 5b; ^B #<<& ;UOY. Pb |k
WLm: 3! W 8: C! NeKOY.
% 26. 5b^B #<< /| WLm Je
Je 3m %LM /|
afctd_entity_id 5b^B #<< /|G ;N
m/ D0Z
smallint
afctd_entity_desc 5b^B #<<& 3mOB
NLS .Z-
varchar
8:dR /| WLm
L WLm: (g ,sLp.G 8:dR /|! kQ $8& 8/UOY. Pb |
k WLmLg 3! W 8: _! NeKOY.
% 27. 8:dR /| WLm Je
Je 3m %LM /|
component_type_id 8:dR /|G ;N m/ D
0Z
smallint
component_desc 8:dR /|; 3mOB
NLS .Z-
varchar
&5e |6gW 119
(g NW WLm
(g NW WLm!B (g 9Ze! wTGn V@OY.
% 28. (g NW WLm Je
Je 3m %LM /|
serial_num (g 9ZeG m/ OC x# smallint
src_date_time Xg R:((g ,sLp.)!
L%.& }:Q C#; mCO
B C# RN
C# RN
cr_date_time (g -v! (g 9Ze& [
:Q C#G C# RN
C# RN
event_id L%.G ;N D0Z.
event_ctl WLm! kQ \N
0TOY.
smallint
source_id Xg L%.& }:Q R:G
;N D0Z. R: WLm! k
Q \N 0TOY.
smallint
component_type_id Xg L%.& }:Q R:G
8:dR /|; *8;B ;N
D0Z. component_typesWL
m! kQ \N 0TOY.
smallint
auth_entity_id L%.& c!Q #<<G ;N
D0Z. auth_entitiesWLm!
kQ \N 0TOY.
smallint
auth_role_id L%.& c!Q #<<G *R
; *8;B ;N D0Z.
auth_entitiesWLm! kQ \
N 0TOY.
smallint
afctd_entity L%.! 5b^B #<< /|
G L' GB DN
varchar
afctd_entity_id L%.! 5b^B #<< /|
G ;N D0Z
smallint
storage_media (g L%.M ,|H ze5*
E<
varchar
extra_info (g L%.M ,|H _! $
8
varchar
120 Trust Authority: C:[ |. H;-
% 28. (g NW WLm Je (hS)
Je 3m %LM /|
sig_key_id +a: Je& }:OB % g
kGB 0G ;N D0Z. 0
WLm! kQ \N 0TOY.
smallint
enc_key_id Xg 9Ze!- 1CH Je&
O#-OB % gkGB 0G
;N D0Z. 0 WLm! kQ
\N 0TOY. vg 1.:G
Trust Authority!-B n2 J
e5 O#-Gv J@OY.
smallint
integrity L JeB 9ZeG +a:;
/vOB % gkKOY.
q. %LMk varchar
C:[ WLm
C:[ WLm: (g %LM#L:! kQ sB $8& 8/UOY.
% 29. C:[ WLm Je
Je 3m %LM /|
first_sn audit_log! VB 9 x0 (g
9ZeG OC x#.
$v
next_sn audit_log! VB Y= (g
9ZeG OC x#.
$v
audit_int audit_logWLmG +a:;
/vOB % gkKOY.
q. %LMk varchar
archive_int archive_ctlWLmG +a:;
/vOB % gkKOY.
q. %LMk varchar
events_int events_ctlWLmG +a:;
/vOB % gkKOY.
q. %LMk varchar
auth_ent_int auth_entitiesWLmG +a:
; /vOB % gkKOY.
q. %LMk varchar
auth_role_int auth_rolesWLmG +a:;
/vOB % gkKOY.
q. %LMk varchar
sources_int R: WLmG +a:; /vO
B % gkKOY.
q. %LMk varchar
afctd_ent_type_int afctd_entitiesWLmG +a:
; /vOB % gkKOY.
q. %LMk varchar
&5e |6gW 121
% 29. C:[ WLm Je (hS)
Je 3m %LM /|
keys_int 0 WLmG +a:; /vOB
% gkKOY.
q. %LMk varchar
event_sevs_int L%. I"5 WLmG +a:
; /vOB % gkKOY.
q. %LMk varchar
comp_types_int 8:dR /| WLmG +a:
; /vOB % gkKOY.
q. %LMk varchar
system_int C:[ WLmG +a:; /v
OB % gkKOY.
q. %LMk varchar
sig_key_id Xg 9ZeG +a: Je&
}:OB % gkGB 0G ;
N D0Z. 0 WLm! kQ
\N 0TOY.
smallint
.&! Xa
Trust Authority |. _! _}OB .&!; XaOAi Y= b; \h& {
#JC@.
1. Trust Authority C:[; _vOJC@.
2. C:[; gN.OJC@.
3. Trust Authority C:[; C[OJC@.
4. " 8:dRG sB& !KO) " 8:dR! O|w C[Gn G` _Nv
.NOJC@.
5. ?OQ .&!; O82 D, " 8:dRG NW& !KO) @y& #8JC
@.
6. L/Q 8:)& OaQ D!5 .&!L vSGi, vx k%N! .GOJC
@.
122 Trust Authority: C:[ |. H;-
VGgW
L %G $8B L9!- &xGB &0 W -q:& 'Q MTOY. Y% *s!
-B L %! p^H &0, -q: GB bIiL &xGv J; v5 V@OY.
vg Xg v*!- gkL !IQ &0 W -q:! kQ $8B IBM 5wk%
!T .GOJC@. IBM &0, ANW% GB -q:& p^_Ym X- Xg IBM
&0, ANW% GB -q:8 gkR v VYB GLB FUOY. IBMG v{ g
jG; 'XOv JB Q bIs ?nQ Y% &0, ANW% GB -q:& kE
gkR v V@OY. W/*, IBMg L\G &0, ANW% GB -q:& gk
R ' W [?; r! W KuOB M: gkZG %STOY.
IBM: L %!- mGGB V&! kX /c& .m VE* vg bx_O v V
@OY. L %; &xOB ML /c! kQ gkG; N)OB M: FUOY. g
kG! |X-B -i; kX F! VRN .GOG v V@OY.
150-010
-o/0C 5nw8 )G5? 25-11, Qxty
Q9 FL.q.% VD8g
v{gjGN
2YL.(DBCS) $8! kQ gkG! |X-B Xg v*G IBM v{gjGN
N .GOE* -i; kX F! VRN .GOJC@.
IBM World Trade Asia Corporation Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan
Y= ;k: 59 W Xg v* }T! O!Ov JB 9!!B {kGv J@O
Y. IBM: n0Q >yG mC{ GB OC{ 8u xL L %; :vskN; &
xUOY. )b!B /$ q{zG {U: GB GE !I:, q'X n! kQ O
C{ 8uL wTG* L! 9QGB M: FUOY. ON 9!!-B /$ E!
! Vn- mC{ GB OC{ 8uG wb! ckGv J; v5 V@OY. {s
- L ;kL gkZ!T {kGv J; v5 V@OY.
© Copyright IBM Corp. 1999b 123
L %!B bzsG N$.:L* bGsG @y! V; v V@OY. L %G $
8B $b{8N /fGg, /fgW: 3$G! kUKOY. IBM: g| kv x
L p&s5 L %!- 3mOB &0 W ANW%; /fOE* 31R v V@
OY.
L %!- |6Q IBM L\G % gL.B \v mG& 'X &xH MLg X
g % gL.& _5Ob 'Q ML FUOY. Xg % gL.G ZaB ; IBM
&0; 'Q ZaG ON! FOg W/Q % gL.& gkOB M: gkZ ;
NL 1CR .&TOY.
IBM: m4L &xOB $8& m4!T n0Q G+5 N)Ov Jm {}OY
m }"OB fD8N gk GB PhR v V@OY.
(i) 6Z{8N [:H ANW%z(L ANW%; wTO)) b8 ANW% #G $
8 3/, (ii) 3/H $8G s# gk nG q{8N L ANW%! kQ $8&
xOB gkGZB F! VRN .GOCb YxOY.
150-010
-o/0C 5nw8 )G5? 25-11, Qxty
Q9 FL.q.% VD8g
RA.~n gw;N
L/Q $8B gka n; qTX- Xg b# W 6G! {s gkL !IUO
Y.
L %!- 3mOB gkG ANW%z W/Q ANW%; gkR v VB pg
gkG Zai: IBM m4 h`-, IBM 9& ANW% gkG h`- GB L
M ?nQ h`6GO!- IBM! GX &xKOY.
)b! wTH :I ZaB &nH /fO!- x$Gz@OY. W/GN b8 n
5 /f!- r: azM )T Y& v V@OY. ON x$*: 3_ \h C:
[!- r: MO v V8g, L/Q x$*L O]{8N gkR v VB C:[
!-5 0; MLsm 8eR v x@OY. S8 FOs, ON x$!B _$; k
X r: MLGN G& *z Y& v V@OY. L %G gkZB /$ /f! X
gGB Za& .NX_ UOY.
124 Trust Authority: C:[ |. H;-
IBM &0 L\G M! |Q $8B Xg &0G &6w< W b#0, W\ gk
!IQ xD R:& kX 8Q MTOY. IBM: IBM &0L FQ Mz |CH
R8gWL* :I W #/: .&! kX-B 8eOv J8g WM 0: &0:
W:.Ov JR@OY. IBM &0L FQ &0G :I! kQ .GB Xg &6
w<N OJC@.
IBMG bD fbL* G5! |Q xmB g| kv xL /fGE* 68I v
V8g LB \v q{L* q%& &COB M! v*v J@OY.
%CH pg IBM &0G !]: IBMG Ge RqZ !]LZ C<Lg g| k
v xL /fI v V@OY. E! !]: YgR v V@OY.
s% W -q: s%
Y=: L9 GB b8 9!! nOH IBMgG s%TOY.
IBM
AIX
AIX/6000
DB2
DB2 Universal Database
RISC System/6000
RS/6000
SecureWay
WebSphere
Trust Authority ANW%(″ANW%″): DB2 Universal DatabaseG )/ NP
; wTUOY. ANW% gkGz T2 ANW%L gk GB }:OB %LMG
ze W |.k8N gkOB fl!8 L 8:dR& 3!O) gkR GQL V
@OY. 9& in 68 GB 8m- }:; 'X Y% @kANW%G %LM#
L:N ;N ,aOB M: gkG! wTGv J@OY. ANW%L 3!HMz ?
OQ bh!- L ANW%z T2 gkOB fl!8 L 8:dR&3!O) g
kR GQL V@OY.
VGgW 125
ANW%: IBM WebSphere Application ServerW IBM HTTP % -v(″IBM
-v″)G )/ NPi; wTUOY. ANW%G gk c!M +|Q IBM -vB
3!OE* gkR v VB GQL x@OY. IBM -vB ANW%z ?OQ b
h! Vn_ Og, ANW%8NNM 63H IBM -vB 3!OE* gkR v V
B GQL x@OY.
Java W pg Java b] s% W NmB L9 W b8 9!! nOH Sun
Microsystems,Inc.G s%TOY.
Microsoft, Windows, Windows NTW Windows NmB L9 W b8 9!!
nOH Microsoft CorporationG s%TOY.
UNIXB X/Open Company Limited& kX 6!{8N gkGL N)GB L9
W b8 9!!-G nOs%TOY.
Pentium: L9z W [G *s!- gkGB IntelgG nOs%TOY.
L ANW%!B RSA Data Security, Inc.NNM &x^: 8H R
A.~n! wTGn V@OY. Copyright © 1994 RSA Data Security, Inc. All
rights reserved.
L ANW%!B Hewlett-Packard CompanyNNM &x^: STL(%X [C..
sLj/.)L wTGn V@OY. Copyright (c) 1994.
v gkZB IBM! qk; vROv Jm L RA.~nM H;-& n2 q{8
Ng gk, 9g, v$, hw GB GER v V@OY. \, 'G z[G $8&
pg 9g;! mCX_ Og, &xOB H;-! 'G z[G $8M L c!
$8& pN mCX_ UOY. Hewlett-Packard CompanyB L RA.~nG
SG q{zG {U:; 8uOv J8g, mC{ GB OC{ 8u xL ″VB
WkN″ &xUOY.
L ANW%!B Silicon Graphics Computer Systems, Inc.NNM &x^: STL(%
X [C.. sLj/.)L wTGn V@OY. Copyright (c) 1996–1999.
v gkZB IBM! qk; vROv Jm L RA.~nM H;-& n2 q{8
Ng gk, 9g, v$, hw GB GER v V@OY. \, 'G z[G $8&
126 Trust Authority: C:[ |. H;-
pg 9g;! mCX_ Og, &xOB H;-! 'G z[G $8M L c!
$8& pN mCX_ UOY. Silicon GraphicsB L RA.~nG SG q{
zG {U:; 8uOv J8g, mC{ GB OC{ 8u xL ″VB WkN″
&xUOY.
b8 8g, &0 W -q:m: 8g m/G s% GB -q: s%TOY.
VGgW 127
128 Trust Authority: C:[ |. H;-
|C $8
Trust Authority &0 H;-B IBM SecureWay Trust AuthorityH;-
CD-ROM! PDF(L? !I .- |D) W HTML |D8N &xGn V@OY.
HTML v|G nn #`0: &0z T2 3!Gn gkZ NMdL:& kX W
<:R v5 V@OY.
#`0L &[H LD! &0L /fGz; v5 V@OY. VYG &0 $8M g
kZ! 1CQ pn W |D8N #`0! W<:OB f}! kQ Z<Q ;k
: ReadmeDO; |mOJC@. VY v|G ReadmeDO: Y= VR! VB
IBM SecureWay Trust Authority% gL.G Library dLv!- TvR v V
@OY.
http://www.ibm.com/software/security/trust/library
Trust Authority sLj/.!B Y=G H;-! wTGn V@OY.
3! W G`
L %!-B &0G 3d& &xUOY. &0 d8gW; *-Om 3! }
w& 3mOg " &0 8:dR! gk !IQ BsN 5r;! W<:
OB f}! kQ $8& &xUOY. L %: NbH |BN &0z T
2 hwKOY.
C:[ |. H;-
L %!B Trust Authority C:[ |.! kQ O]{N $8! wTG
n V@OY. -vG C[ W _v, O# /f, -v 8:dR |., (g
v` W %LM +a: !K G`; 'Q }w! wTGn V@OY.
8: H;-
L %!B 3$ 6}g& gkO) Trust Authority C:[; 8:OB f
}! kQ $8! wTGn V@OY. 6}g& 'Q BsN 5r;; 8
B ?H L H;-G HTML v|! W<:R v V@OY.
nO GQ %:)> H;-
L %!B RA %:)>; gkO) Nu sLA gL, |<! ID N
© Copyright IBM Corp. 1999b 129
u; |.OB f}! kQ $8! wTGn V@OY. %:)>G BsN
5r;; 8B ?H L H;-G HTML v|! W<:R v V@OY.
gkZ H;-
L %!B Nu 9f W |. f}! kQ $8! wTGn V@OY. N
u d;, ;E W kR& 'Q Trust Authority jslz nO gD; g
kOB }w! &xGn V@OY. GQ PKIX #/ Nu g| nO f}
W Li Nu; |.Ob 'Q Trust Authority ,sLp. gk f}L
mGKOY. ,sLp.G BsN 5r;; 8B ?H L H;-G HTML
v|! W<:R v V@OY.
Trust Authority % gL.G Library dLv!B Trust AuthorityG 3!, |.
W gk! 5rL GB b8 .-! wTGn V@OY. 9& ii, nO AN<
:& gkZ $GOB f}! kQ _! v'5 < v V@OY.
130 Trust Authority: C:[ |. H;-
kn}
L kn}: ;.! *@B uNn kn* #
wOv J: knM W `n& $GOm gk
Z! |I Vn R kn& $GOm V@OY.
kn W W $GB Y= Za!- _iQ MT
OY.
v IBM Dictionary of Computing, New York:
McGraw-Hill, 1994.
v American National Standard Dictionary for
Information Systems, ANSI X3.172–1990,
American National Standards Institute
(ANSI), 1990.
v The Answers to Frequently Asked
Questions, Version 3.0, California: RSA
Data Security, Inc., 1998.
!
!s 3Nk W.v)(VPN). |-1L FQ NM]; g
kO) x] ,a; 8`OB 3Nk %LM W.v). g
kZiL |- 8g! FQ NM] -q: &xZ(ISP)&
kX |g{ W.v) Zx! W<:Ob '.! 6w<
!- x] W<: qk; sg NP }`R v V@OY.
VPN: GQ %LM 3/G 8H:; bsC5OY. b8
G f-. bzG fl ^Cv ;k: O#-C3 v V
8* R: W VRB O#-C3 v x@OY. VPN b
z!-B gkZ! |< $8 P6(;k W lu); O#
-Om 86-Q MN ,a; .3R v V@OY.
(g NW. Trust Authority!- (g L%.6Y O*
?G 9Ze& zeOB %LM#L:G WLm.
(g -v. (g ,sLp.NNM (g L%.& vE
Om L& (g NW! bOOB Trust Authority -v.
(g -jC:[. Trust Authority!- 8H |C 6!
! kQ Nk; vxOB -jC:[. ]6 -q: jw
; 'Q xk 0 O# [:}!- _%Q %X <. _
X9.57 %XG GegW; XvUOY.
(g _{. m.{ fN |D8N H %LMN-, L%.
x-& ,aOB %LM. (g _{; kX .#hGL*
Xg 0?G bO; _{R v V@OY.
(g ,sLp.. Trust Authority (g -vN (g L
%.& |[OB C:[G SG ,sLp.. (g ,sL
p.B (g -vN L%.& |[Ob |! (g -vM
G ,a; 3$UOY. ,aL 3$H D ,sLp.B (
g -jC:[ ,sLp. sLj/.& gkO) L%.
& (g -v! |^UOY.
3f| %LM#L: ,a:(ODBC). -N Y% %LM
#L: C:[; W<:Ob 'Q %X.
3f| C:[ s#,a(OSI). ISO!- NuQ D;M
W.v7 %X L'.
3Nk 0. R/Z8 gkR v VB xk/3Nk 0 V
G 0. L 0& kX R/Z! 3Nk .#hG; vEO
E* pvP Nu; v`R v V@OY. 3Nk 0N -
mH %LMB Xg xk 0N8 .NL !IUOY. x
k 0M q3OJC@. GQ xk/3Nk 0 V; |mO
JC@.
TL.~L. q#/ W.v) GB @kANW%L -N
kER v V5O OB bI{ \'.
© Copyright IBM Corp. 1999b 131
f. p:d. W<: ANd](LDAP). p:d. W<
:! gkGB ANd].
xk 0. Y% gkZ! gkR v V5O X VB x
k/3Nk 0 VG 0. .#hG; 0 R/Z!T v$O
E* pvP Nu; .NR v V5O UOY. xk 0N
O#-H %LMB Xg 3Nk 0N8 X6L !IUO
Y. 3Nk 0M q3OJC@. GQ xk/3Nk 0 V;
|mOJC@.
xk 0 O# [:} %X(PKCS). YgQ D;M w<
G k%Ziz T2 RSA ,8R!- 1991b! 3_Q q
x D { N w < # % X . L % X : RSA O # - ,
Diffie-Hellman y`, O# b] O#-, .eH Nu 8
., O#- ^Cv 8., 3Nk 0 $8 8. W.m N
u 8.; 8fUOY.
v PKCS #1: RSA xk 0 O#- C:[; gkT8
Na %LM& O#-OB f}; 3mUOY. pvP
-m W pvP @u! gkOB ML W q{TOY.
v PKCS #7: O#- ^CvG O] |D; v$UOY.
v PKCS #10: Nu d;G %X 8.; v$UOY.
v PKCS #11: :6. +e nG O#- e!& 'Q b
z 63{ ANW!V NMdL:& $GUOY.
v PKCS #12B gkZG 3Nk 0, Nu, b8 qP $
8 n; zeOE* |[Ob 'Q L? !IQ |D
; v$UOY.
xk 0 ON86(PKI). xk 0 O# [:}; b]8
N OB 8H RA.~nG %X. PKIB pvP Nu, N
u b|, nO GQ, Nu |. -q: W Pj p:d.
-q: C:[TOY. LM: NM] sG .#hG! |
CH " skfG Ex W GQ; .NOB % gkKO
Y. L .#hG!B Ex .NL JdQ 6[L ,|I
v V@OY. 9& in &H- T{Z, |Z lm ^C
v [:Z GB ]6 E!& .NOB fl! V@OY.
PKIB xk O#- 0M /?Q 3NL* 6w<!- N
uOB gkZ Nu; [:O) WM 0: 3.& v`U
OY. pvP Nu, Z] um, pvP -m; .NOb '
X gkGB xk O#- 0M NuL wTH BsN p
:d.& &xUOY.
PKIB xk O#- 0& 'Q .N 68 W d;! k
X ESOm ?2{N @d v\; &xUOY. GQ C
:[! kQ ag{N 8H 'h dR& D0Om 8H '
]; 3.Ob 'Q Zx; /v8vUOY. 6v78N
PKIB _dQ qvO: E!! pvP C# RN -q:
& &xUOY.
xk/3Nk 0 V. xk/3Nk 0 V: 0 V O# [
:}G 3d _ ONTOY(0 |. .&!; XaOb '
X DiffieM Hellman! GX 1976b! R3J). W 3d
! {#i " 3NL 0 V; R/Og O*& xk 0,
Y% O*& 3Nk 0N N(OY. 3Nk 0! qPN
/vGB ]i! " 3NG xk 0B x%KOY. [E
ZM vEZ! qP $8& x/R Jd! x@OY. p
g kE!B xk 08 |CGm 3Nk 0B |[GE*
x/GB OL x@OY. 5;L* xN! kqO) ON
kE $NG 8H; 'X u Ls ON kE $N; E
ZR v V5O 8i Jd! x@OY. /OQ d8gW
: xk 0& EZ(Nu) fD8N(9: EZ p:d.N)
gkZM ,|CQ_ QYB MTOY. xk $8& gk
Oi )8gv qP ^Cv& [ER v V@OY. W/
* 3Nk 0N8 ^Cv& O#-R v V8g W ^C
vB h9H vEZG \6 R/TOY. GQ 0 V O#
[:}: 3Nk8N(O#-) S8 FOs Nu(pvP -
m)!5 gkL !IUOY.
xk TL.~L NMdL:(CGI). % dLvM % -
v #G %X $8 |[ f}.
xk %LM 8H F0X3(CDSA). D;M b] 8H
@kANW%G 8H -q: W 8H |.! kQ w}{
"Y}; $GOb 'X 3_H M. D;M C'{L @k
ANW%; 8Y H|OT 8#R v V5O IntelL 3
_Q MTOY.
132 Trust Authority: C:[ |. H;-
xk O#- F0X3(CCA). Vd IBM D;C C'{
!- O# [:}! kQ O|H "Y; !IOT XVB
IBM RA.~n. YgQ ANW!V pnN [:H @k
ANW% RA.~n& vxUOY. @kANW% RA.
~nB DES W RSA O#-& wTO) $|'Q O#
- bI; v`OB CCA -q:& #bR v V@OY.
8P L'(DN). p:d.! zeH %LM WqG m/
L'. DN: p:d. h~ 86!- Q WqG '!& %
CUOY.
8P NZy T"(DER). BER! kQ &`; &xUO
Y. DERB NZy T"L ckOB NZy /| _ \
O*G NZy /|8 1CT8Na [EZG IG pN
& &EUOY.
93 8H b|(NSA). L$NG xD{N 8H \<.
9& kE \<(ITU). $N W 3N \'! |<hG k
E W.v) W -q:& kUOB 9& 6w. kE bz,
T& W %X $8G 15{N x3ZTOY.
9& %X b8(ISO). MN \!- D;M W.v) A
Nd]! L#bnv pg M! kQ %X; 3_ W .
3Ob 'X 8:H 9&{N 6w.
GQN). Zx W<:! kQ c!.
UO Zx '! 3$Z(URL). NM] sG Zx VR
v$; 'Q 3h. URL: ANd], #:. L' GB IP
VR& mCUOY. /$ bhNNM Zx! W<:Ob '
X JdQ w. x#, fN, Zx <NgW5 mCUOY.
bP:. GQL xB skf!TB )3Gv JB /:.
b; NZy T"(BER). ASN.1(_s 8. %b} 1)!
- bzQ %LM NZy \'! kX ISO 8825!- v
$Q T". L T": _s 8.L FQ NZy bz; v
$UOY.
*
;N 86. :06& |mOJC@.
Y
\x lm |[ ANd](SMTP). NM] s!- |Z
lm; |[OB ANd].
ks. v$ GB 1CH %LM R:.
k*{ O# [:}. O#- W X6! 0: 0& gk
OB O# [:}. L 0! 8H:G |GL KOY. 0
! kbGi )8gv ^Cv& X6R v VT KOY.
0! qPN /vGB ?H!8 kEG qPL /vKO
Y. qk*{ O# [:}z q3OJC@.
k*{ 0. O#- W X6! pN gkR v VB 0.
k*{ O# [:}; |mOJC@.
%LM O#- %X(DES). xD %X8N- 1977b L
$N!- $G W BNQ O#- mO O#(cypher). x
!B IBML 3_Q M8N-, x3H LD xP: ,8
z$; ED vgB _ KAvm $|OT gkGm VB
O#- C:[TOY.
DESB k*{ O#- C:[TOY. {s- kE! gk
I fl [EZM vEZ! pN 0: qP 0& ]eC
Km Vn_ UOY. L 0B ^Cv O#- W X6! g
kKOY. GQ O# |D8N Oe p:)! DO; z
eOB nG \O gkZ O#-!5 gkR v V@O
Y. DESB 64q. mO )b& !vg O#- _!B 56
q. 0& gkUOY. x!B Oe~n!- 8vO5O 3
hH MTOY. NISTB xD{N L$N O# %X8N
- 5b6Y gNuL Lgn}OY.
%LM ze5* sLj/.(DL). Nu, CRL, 0, $%
W b8 8H |C @j'.G 58 %LM zeR! W
<:R v V5O OB pb.
kn} 133
5^N. 8H 5^N W nO 5^N; |mOJC@.
nO. Trust Authority!-, NM] s!- gkR Z]
um-& 9fOB AN<:. nO!B NuG d;, ;E
W kR! wTKOY.
nO GQ(RA). nO d;L 3= vEH 'NNM N
uL kRI 'nv 6wG qnO: $%L ]5I v V
5O Ob 'X pvP Nu; |.OB RA.~n.
nO %LM#L:. Nu d; W _`H Nu! kQ $
8& !vm VB M. %LM#L:B nO %LM& z
eOm |< sLA gL,! I# Nu %LMG /fg
W pN& zeUOY. %LM#L:B RA AN<:M b
8 $%; kX, GB RA %:)>; gkOB |.Z!
GX w%L.I v V@OY.
nO 5^N. Zx, $%, W.m /$ Nu nO AN<
:M |CH 8: IGG }U. 5^N L': nO @k
ANW%; G`OB % gkGB URLG O' }UTO
Y.
nO /v. nO S:; |mOJC@.
nO S:. nO gD! wTH nO /v. L *: n
O _! r: $8& ]5UOY. nO S:G *: Z]
um-! /?Q |< C# ?H ?OOT /vKOY.
nO @kANW%. #<< nO(9: jslz, slM, |
Z lm, 8H ,sLp. @kANW% n) W |< s
LA gL, ?HG Nu |.& 'X /v-H v\; &
xOB Trust Authority @kANW% A9Sv).
nO AN<:. Trust Authority!-, gkZM gkZG
xk 0& NuO) .#hG! |)C3 v V5O gk
Z& /?-OB \h. L AN<:B NCL* %; b
]8N R v V8g, gkZ# s#[k; kX Z?-
Om |.R v V@OY.
p:d.. kE(|Z lm GB O#- 3/ n)z |C
H $8& 'Q $* zeRN gkOb 'X mHH h
~{ 86. p:d.B PKI 86! Jv dRN /$ W
q(xk 0, Nu W Nu kR qO n); zeUOY.
p:d. ;G %LMB .. |D8N h~{8N 8:
Gg ..G G 'B g.! XgKOY. 'NB s' 9
' 6w<! 30 9!, $N GB 8g& *8@OY. g
kZ* e!B 8k " ..G .AN %CKOY. .A
! XgOB gkZ, 6w, v*, 9! W e! ""!B
Z<G WqL wTGn V@OY. " Wq: /|-H S
:8N Lgnvg, L S:i: Xg WqL *8;B @
j'.! kQ $8& &xUOY.
p:d.G " Wq: ,|H DN(8P L')z ,aGn
V@OY. LM: G&{8N 8gOB @j'.! m/Q
M8N KAx S:L wTGn VB fl! m/X}O
Y. Y=G 9& DN; ll 8i, 9!(C)B L9, 6w
(O): IBM, 6w \'(OU)B Trust, 8k L'(CN):
CA1N M; < v V@OY.
C=US/O=IBM/OU=Trust/CN=CA1
p:d. -v. Trust Authority! wTH IBM
SecureWayp:d.. L p:d.B LDAP %X; v
xOg DB2& W b]8N gkUOY.
pU. iWsne!- 8:)& 3.OB ANW%. 5r
;L JdQ 6GL _}R fl +6G #bKOY. k
3B C:[L Z?8N G`C0GN gkZ! pU; N
DR JdB x@OY. pU: 58{8N 8gR v5 V
m C:[L O$ #]; Nm g}:R v5 V@OY.
L kn(pU8N _=)B E-!- *B MTOY. vg
B DAEMON(Disk And Execution MONitor)G `n
N X.Gm V@OY.
pvP -m. [EZG Ex; 8uOB .- GB %L
M! _!H Ze- ^Cv.
pvP -m: G& -m8Y u P: 8H 9'; &x
UOY. W L/B pvP -mL O#-H L' GB \
xQ D0 Ze C.n! FOs, -mGB ^CvG O
#-H d`Lb '.TOY. W/GN ^Cv! pvP -
134 Trust Authority: C:[ |. H;-
m; T8Na [EZG .GQ Ex; &xUOY. ([E
ZG 08 -m; [:R v V@OY.) GQ -mGB ^
CvG ;k; m$R v5 V@OY(O#-H ^Cv d
`: ^Cv ;kz ]eC O!X_ Og O!Ov J;
fl!B -mL +?-KOY). W/GN pvP -m;
Q ^Cv!- 9gO) Y% ^Cv! {kR vB x8
g LB d` GB XC! O!Ov Jb '.TOY. -
mH ^Cv! kQ /fL On/ fl!B Xg -m G
Q +?-KOY.
pvP -m Km.r(DSA). pvP -m %XG ON
N gkGB xk 0 Km.r. O#-!B L Km.r
; gkR v x8g pvP -m!8 gkR v V@O
Y.
pvP Nu. Nu; |mOJC@.
pvP Nu-. EZR v VB & 3Z! 3NL* #<
<! kX _`Q |Z Z] um-. " Nu-B CA 3
Nk 0& gkO) -mL Lgn}OY. 3N, qvO:,
6w<G Ex; 8uUOY.
CA *R! {s-B NuL NM]s!- |Z qvO:
& v`Ob 'Q RvZG GQ; umUOY. n2 G
L!-B pvP Nu-! n| icuL* Gk 9w u
m-M 0: *R; UOY. {s- L pvP Nu-B
Xg 3Nk 0G RvZ! /$ e-business0?; v`
R v VB GQL V=; umUOY.
Nu-!B NuQ #<<! 3NNv bhNv GB D
;M ANW%Nv! |Q $8! in V@OY. o, X
g #<<! NuH xk 0! V@OY.
6
^Cv d`. SG )bG ^Cv& gkOm m$ fL
G g; bBOB kR! R!IQ bI. MD5B ^Cv
d` Km.rG Q 9TOY.
^Cv Nu Ze(MAC). [EZM vEZ gL! x/
GB qP 0. [EZB L& NuOm vEZB KuU
OY. Trust Authority!- MAC 0B CA W (g 8
:dR& 'Q KeyStores! zeKOY.
pb/:. RSA xk 0 O#- C:[!- N 3G +
Rv(pM q)& vX- }:H v(n). RSA pb/:G V
{ )bB 8H d8! {s ^s}OY. pb/:! ,
vO u 9: 8HL Lgn}OY. RSA ,8R!- G
eOB 0 )bB 0G gk! {s Y(OY. o, 3N
kLi 768q., bwkLi 1024q., CAG 0 Vz 0
: FV _dQ 0! kX-B 2048q.TOY. 768q.
0B VRQ 2004bnvB 8HGB M8N 9sKOY.
+a:. C:[!- GQL xB v$; ]vR fl C
:[L %LMG +a:; 8#UOY(GQL xB )3;
]vOB %LMG bP:; 8#OB MzB ]kN).
+a: !K. \N 8:dRMG .#hG; kX }:H
(g 9Ze& !KOB M.
.- O#- 0(DEK). O]{8N, DES nG k*{
O#-/X6 0.
Y
YL.Ze. JavaDDO/! }:Om JavaNMA.M
! G`OB bh 63 Ze.
_`H Nu qO(ICL). _`H Nuz NuG vg s
B! kQ O|Q qO. Nu: OC x#M sB0N v
N-Gn V@OY. L qO: CA! |.Og CA %L
M#L:! zeGn V@OY.
f-.. W.v)#G $8 e'; &QOB W.v)#
TL.~L. 8k \NG GQL xB gk8NNM ;N
W.v)& 8HOb 'X gkKOY.
8H 5^N. ?OQ CA! GX NuH Nu-& R/
Q Wl(8g, [w WlL* @, 30 GB $N \<).
kn} 135
CA! -mQ Nu-& R/Q gkZi: 0: CA! -
mQ Nu-& .m VB Y% gkZG Ex; EZR v
V@OY.
8H RO h~(SSL). V> gkZ!T VkQG um
:; &xOB ;e 8H -q:& !x IETF %X k
E ANd]. pvPN 8HGB kE $N; &xUOY.
SSL gk !I -vB Ws %X HTTP d;L FQ Y
% w.!- SSL ,a d;; BNUOY. SSL: N p
) #G kE; 3$Ob 'Q E# 3/L \ Q x _
}X_ R ' <G; [:UOY. W Y=!B kEL O
#-KOY. ^Cv +a: !K: SSL <GL 8bGb
nv G`KOY.
8H |Z .#hG(SET). EZR v xB W.v) s
!- 8HH Ek+e* v] +e vR; KxOB jw
%X. L %X: NuG _`; d;Ob '.! +e R
vZ, sN, +e _^ :`G Nu; kUC5OY.
NN. 9& in gkZ! [EQ /$ ^Cv* &bQ
/$ d;; NNOB Mz 0L |L FQ M8N EN
OB M.
NN @b. .-G -mZ! .-! -mQ M; W8v
J: M8N ENOv J5O pvP 3Nk 0& gkO
B M.
jslz. % jslz& |mOJC@.
jslz Nu. pvP Nu: ,sLp.x NuLsm
5 UOY. L Nu: SSL gk !IQ % -v& kX
CA! _`UOY. O#-H DOG 0& kX Nu 8/
ZB %LM& O#-Om X6Om -mR v V@OY.
O]{8NB % jslz! L 0i; zeUOY. ON
@kANW%!-B :6. +e* Y% E<! 0& z
eO5O ckOm V@OY. pvP Nu; |mOJC@.
qk*{ O# [:}. O#- W X6; 'X -N Y
% qk*{ 0& gkOB O# [:}. " gkZB Q
VG 0& ^T Gg, L _!- xk 0B pg gkZ
! W<:R v V8g 3Nk 0B gkZ ZE!T8
KA}OY. 8H .#hG: xk 0M L! k@OB 3
Nk 0! O!O) .#hGG X6L !IQ fl!8
Lgn}OY. LM; 0 V O# [:}Lsm5 UOY.
k*{ O# [:}z q3OJC@.
q?b kE. [EZM vEZ! ?C! 8gOv JF
5 GB kE pe.
qP:. GQL xB %LM )3NNMG 8#.
qP: 8# -- ^O(PEM). NM] qP: 8# -
- ^O %X8N-, NM] s!- H|Q |Z lm;
&xOb 'X IAB(Internet Architect Board)! $CQ
%X. PEM ANd]: O#-, Nu, ^Cv +a:, 0
|.& &xUOY.
qnO: AN<: @j'.. /$ nO [w; v`O
B % gkGB Ze <.(9: nO d; sB !K GB
xk 0 vE )N Ku).
qnO: AN<: [C... v$H x-N G`GB q
nO: AN<: @j'.G p=.
g
gkZ Nu. ^CvG x! [:Z& D0Om ^Cv
R/Z& $g-OB /?: Ku AN<:. GQ bkQ
V> gkZ* C:[z kE _Nv5 .NUOY.
gL. Nu. CA Nuz /gOv8 /$ % gL.!
kX-8 /?Q Nu. CA Nu; |mOJC@.
g|nO. Trust Authority!- Q gkZ(k3B |.
Z)! Y% gkZ& nOR v V5O OB AN<:. d
;L BNGi RAB Xg gkZ! LD Trust Authority
,sLp. @kANW%; gkO) Nu; 9fR v V
5O OB $8& &xUOY.
136 Trust Authority: C:[ |. H;-
s# Nu. 3Nk -m 0M ,|H xk 0! in V
B Nu; Q CA! Y% CA!T _`OB EZ p(.
O]{8N s# 8uH Nu; gkOi O*G |. c
g 5^N! wTH ,sLp. C:[L* #e #<<
! Y% 5^N! wTH ,sLp. C:[L* #e #
<<M H|OT kER v V@OY.
-m. -m; }:Ob 'X 3Nk 0! gkOB M.
-m _N ^Cv& gkZ! %Svm BNT; TuO
B v\8N- gkKOY.
-m/Ku. -mQYB M: -m; }:Ob 'X 3N
k pvP 0& gkOB MTOY. KuQYB M: -
m; KuOb 'X k@OB xk 0& gkOB MTO
Y.
-v. (1) W.v)!- DO -v nG Y% :WLG
8N bI; &xOB %LM :WLG. (2) TCP/IP!-
,sLp./-vN N#B Y% gL.! VB C:[G
d;; 3.OB W.v) ;G C:[.
-v Nu. % -v! SSLk .#hG; 3.R v V
5O CA! _`Q pvP Nu. SSL ANd]; gkO
) jslz! -v! ,aGi -v! jslzN W x
k 0& [EUOY. L/Q z$; kX -vG Ex;
NuR v V@OY. O#-H $8& -v! 8> v5
V@OY. CA Nu, pvP Nu W jslz Nu; |
mOJC@.
-m4. Javagk !I -v! _! bI; &xOB -
vx ANW%.
:6. +e. gkZG pvP 0& zeOb 'X gk
GB 8k Ek+e )bG Oe~nG O>. :6. +
e!B O# 8HL !IUOY.
:06. p:d.M |CH M8N-, -N Y% @j'
. /|#G |h& $GOB ;N 86.
EZ 5^N. ?OQ CA! GX NuH Nu-& R/
OB #<<iG }U.
EZ p(. Nu GQL Y% Nu GQ; umOB f
}; &nOB 86{N T".
EZ D;M b](TCB). 6wG D;M 8H $%; }
U{8N G`OB RA.~n W Oe~n dR. 8H $
% Gv! 5b; L!B dR GB dR NP: 8Hz
|CH M8N- TCBG ONTOY. TCBB 8H fh
N &QGB @j'.TOY. 8H $%; G`OB ^?
Or: s4 xLO|X_ Og, GQL xB C:[ /
G! kQ W<: GQ; rv xO5O X_ UOY.
F
O# [:}. D;M 8H! Vn- O] X:.G O#
- W O#- X:.G X6; 'Q x", GL, f} n.
O# X6(decrypt). O#- AN<:& G`kROB M.
O#-. (1) {gQ X6 Ze& !x gw8L X6;
kX x! $8& r; v V5O $8& Z/B M. (2)
W GL& {bb 'Q %LM //z |CH M.
O#-/X6. 9$H vEZG xk 0& gkO) W g
w; 'X %LM& O#-Q D %LM X6! xk 0
M V; LgB 3Nk 0& gkOB M.
VC4. JavapnN bOGm Java#/ % jslz!
- G`GB D;M ANW%. JavaVC4Lsm5 UO
Y.
W<: &n qO(ACL). /$ ZxG gk; GQL V
B gkZ!TN &QOb 'Q ^?Or.
":.s]. /gQ bz; gkOB NM]G D}0. 9
: 8giL m4, D.J, ;N :G n )/ }\! k
X % x3, |ZsE!, ^Cv |[, Wl~n& {kO
m V@OY.
kn} 137
#e #<<. CA! FQ NuG V<.
@j'.. 4< vb 3h* ANW!V! Vn- _s
86- %LM W W %LMM ,|H 6[. ,!:& |
mOJC@.
@j'. D0Z(OID). ASN.1(_s 8. %b} 1)!
- $GQ /|8N- |. q{8N v$H %LM *.
@j'. /|. p:d.! zeC3 v VB @j'.
>y. 9& in N-, 8GG, e!, 3N, ANW% GB
AN<: n.
d; ID. RA! kQ Nu d;; m/OT D0OB
24-323G .ZN H ASCII *. L *: Nu d; .
#hG! gkGn d;G sB GB WM |CH Nu;
KvR v V@OY.
ye MLe %(WWW). OL[Lpn %LM& !x D
;M#! W.v) ,aL .3H NM] NP. L %L
MiL $8& &xOg WWW W NM]G Y% %L
M! kQ 5)& &xR v V@OY. WWW Zx: %
jslz ANW%; kX W<:KOY.
% jslz. %:)> PC!- G`Gn gkZ! ye
MLe % GB NC HTML dLv& #F< v V5O
XVB ,sLp. RA.~n. %z NM]!- gkL
!IQ + OL[Lpn %LM }U! kQ xkG W<
:& &xOB Kv 58TOY. n2 jslzB X:.
M W!H; pN %CR v VB ]i, n2 jslzB
X:.8 %CR v V@OY. kNPG jslz! FTP
.#hGz 0: Vd NM] kE |D; 3.UOY.
% -v. jslz ANW%8NNMG $8 Zx d;
! @dOB -v ANW%. -v& |mOJC@.
/OZe. ISO 10646!- $GQ 16q. .Z <.. /
OZe .Z NZy %X: $8 3.! gkGB 9& .
Z ZeTOY. /OZe %X: |<hG _dQ :)3
.& wTOg, RA.~nG 9&- W v*-& 'Q b
J& &xUOY. Java ANW!V /fG pg R: Z
eB /OZeN bOKOY.
/|. @j'. /|; |mOJC@.
N:O:. DB2! Vn- N:O:B %LM& zeOm
@kANW%; v`Ob 'Q m.{ %LM#L: |.
/fTOY. 8: E3/vG xk <.& )/ %LM#
L:! kX $GR v V5O ckUOY.
Nu. (1) 3N, qnO:, 6w<G Ex; 8uUOY.
(2) kE _N skfG Ex; G0OB AN<:.
Nu b|(CA). 6wG 8H $%; XvOm Nu |
DG 8H |Z EP; v$R %SL VB RA.~n.
CAB RANNMG Nu _`, ;E W kR d;; 3
.UOY. CAB RAM s#[kO) Nu W CRL; p
:d.! x%UOY. pvP Nu; |mOJC@.
Nu $%. xk 8H d8gW; !vB /$ ,!:G
@kANW%! kQ NuG {k !I:; v$OB T
"; mCQ }U. 9& in Nu $%: /$ Nu /
|; kX gkZ! Vnx !] |' H!- s0! k
Q .#hG; v`O5O ckR MNv )N& v$R
v V@OY.
Nu kR qO(CRL). Nu b|L kRQ NuG qO
8N- pvP -m W C# RNL {kH qO. L q
OG Nui: ck R!N #VKOY. pvP Nu; |
mOJC@.
Nu ANDO. xOB Nu /|; $GOB /!iG
}U(9: SSL Nu GB IPSec Nu). L ANDO: N
u gg W nO; |.OB % 5rL KOY. _`ZB
ANDOG L'; /fOm xOB NuG /!(9: /?
b#, 0 k5, DN &` n); v$R v V@OY.
Nu .e. Nu! _! Je& wTC3 v V5O O
B X.509v3 Nu |DG 1C{ bI. %X .e W g
kZ $G .eL V@OY. %X .e: 0 W $% $
138 Trust Authority: C:[ |. H;-
8& wTQ YgQ q{, V< W _`Z S:, Nu f
N &` n; 'Q MTOY.
NM]. D;M#! |Z{ ,a; &xOB |<h{N
W.v) }U. NM]: D;MiL |Z lm GB %
jslz nG RA.~n e!& kX -N kER v V
5O X ]OY. O*G W.v)! VB nn kPiL
NM]; 8:O) /gQ Y% W.v)M wJN ,a
OB ML W Q 9TOY.
N.s]. 8k f-. Z! sVOB bw ;G W.v
). NM]G D}0N- WM /gQ bz; gkUOY.
bz{8N N.s]: NM]; `# .eQ M! Rz
UOY. HTML W HTTPB L _!- 8m-H MTO
Y.
O] X:.(plaintext). O#-Gv J: %LM.
cleartextG ?Gn.
Z
Z] um-. Nu 3/C 3NG Ex; .NOb 'X
gkGB bP $8. W.v) D;C /f! Vn- Z
] um-G !e O]{N /|: CA! [: W -m
Q NuTOY.
Z9n vx(NLS). pn, k-, /% W C# |D, }
Z %b& wTO) v*0 /:! {% wL!; &0 ;
!- vxOB M.
|[ &n ANd]/NM] ANd](TCP/IP). LAN W
WAN; 'X kn(peer-to-peer),a: bI; vxOB
kE ANd] <..
$% "C.. nO @kANW%!-, @kANW%L #
bOB 6w $G ANW%. $% "C.! v$H T"
: 6wG qnO: W 8H 1#gW; nO AN<:!
{kUOY.
6! w:d.. Z] um-G sLA gL,!- `{H
L%.G p=.
w
<N /?: .N. Nu; _`Q EZ h~ ;G pg
CA BNG /?: .N. 9& in Q CA! Y% CA
& kX -m Nu; _`Q fl, N -m: pN gk
Z! &COB NuG /?: Ku z$; kX /?-K
OY.
Vm CA. PKI CA h~G G '! VB CA.
_s 8. %b} 1(ASN.1). $8 %LMG 8.; $
GOB % gkGB ITU %b}. )/ !v #\Q %L
M /|; $GOm WM 0: /|G D0 W * v$;
'Q %b}; v$Q MTOY. L %b}: |[C $
8 O#- fDG &Q xL $8G _s{ 8.; $G
X_ R '6Y {kC3 v V@OY.
+
Ze -m. G` ANW%; pvP -m8N -mOb '
Q bz. Ze -m: NM]; kX PjH RA.~n
G EZ5& tLb 'X 3hH MTOY.
,sLp.. (1) -vNNM x/ -q:& vEOB b
I{ \'. (2) Y% D;M* ANW%G -q:& d;
OB D;M* ANW%.
,sLp./-v. Q gL.G ANW%!- Y% gL.
G ANW%8N d;; [EOm @d; bY.B Pj
3.G Q p(. d;OB ANW%; ,sLp., @dO
B ANW%; -vN N(OY.
,!:. 4< vb 3h GB ANW!V!- xk $G
& x/O) xk /:, 6[, [w /:; x/OB @
j'. Wl.
kn} 139
0. $8G O#- W X6; 'X O# [:}! gk
GB g.
0 V. qk*{ O# [:}! gkGB k@ 0. Q 0
B O#-! gkGm Y% 0B X6! gkKOY.
8
MN. VPN bz! Vn- NM]; kX LgnvB d
8 C! !s v!# ,a. ,aH ?H!B x] gkZ
! MN; gkO) bw<G 3Nk W.v)G -vM
8H W O#-H 86- $8& 3/R v V@OY.
.#hG ID. g|nO nO d;! kQ @d8N RA
! &xOB D0Z. Trust Authority ,sLp. @kA
NW%; G`OB gkZ! g| BNH Nu; 9fR
v V5O UOY.
D
DO |[ ANd](FTP). D;M#G DO |[; '
X gkOB NM] ,sLp./-v ANd].
%X |k 6)w pn(SGML). 6)w pn& bzO
B %X. HTML: SGML; b]8N UOY.
ANd]. D;M# kE; 'X y$H T`.
AOC -v. W<:& d;OB D;M(D;M A)M W
<:GB D;M(D;M B) gLG _3Z. W/GN V>
gkZ! A D;MNNM Zx; d;Oi L d;L A
OC -vN v$KOY. AOC -v!-B d;; [:
O) B D;MNNM @d; ^: Y= W @d; V>
gkZ!T L[UOY. AOC -vB f-. ;NNNM
ye MLe % Zx! W<:R ' /kUOY.
O
OL[X:.. gkZ! .-G %C W Kv; 'X 6
l:N )& v VB \n, 8, W!HL wTH X:..
LM 0: \n, 8 GB W!H; OL[5)sm Og
OL[5)& KvOB M; 5)QYm UOY.
OL[X:. 6)w pn(HTML). % dLvG Zy;
'Q 6)w pn. LM: SGML! bJOm V@OY.
OL[X:. .#hG ANd](HTTP). % s!- O
L[X:. DO; |[Ob 'Q NM] ,sLp./-v
ANd].
}Z
3_ DES. O] X:.& < x O#-C0B k*{ K
m.r. L& 'Q 9: f}iL VbB Ov8, !e H
|Q Y_ O#- |D: < 3G -N Y% 0& gk
OB 3_ DESTOY.
4758 PCI O#- ZAN<-. m:IG DES W RSA
O#- 3.& &xOB ANW!VL !IQ /6 ]@
bIG O#- PCI v: +e. O#- AN<:B +e
s! ;eH 8H e!!- v`KOY. +eB FIPS
PUB 140-1 9' 4 %XG v]Q d8gW; XvUO
Y. RA.~nB ;eH 8H e!!- G`KOY. Ek
+e E!B SET %X; gkOB Q 9TOY.
64x NZy. MIME; gkQ 2x %LM& //Ob
'Q O]{N f}.
A
ACL. W<: &n qO.
ANSI. L9 %X ,8R.
ANSI(American National Standards Institute). N
!H 6w<!- [:Q ANC`n& .3Om L9; S
GG jw %X; /v8vOB \<. }jZ, RqZ, O
]{N LM }\8N Lgn}OY.
ASCII. $8 3/; 'Q L9 %X Ze.
140 Trust Authority: C:[ |. H;-
ASCII(American National Standard Code for
Information Interchange). %LM 3. C:[, %L
M kE C:[ W |C eq #G $8 3/! gkG
B %X Ze. ASCII <.B 7q. Ze- .Z(P.<
<)k q.& wTO) 8q.)N Lgnx Ze- .Z
<.& gkOg, .Z <.B &n .Z W W!H .Z
N Lgn}OY.
ASN.1. _s 8. %b} 1.
B
BER. b; NZy T".
C
CA. Nu b|.
CA h~. Trust Authority!-, O*G CA! G ' 8
6! '!Om Vm W 3G >S CA ~L W F!! '
!OB EZ 86. CA& kX nOH gkZ* -vB X
g CA! -mQ Nu; ^T Gg s' vXG Nu h
~; hBUOY.
CA -v. Trust Authority CA(Nu b|) 8:dR&
'Q -v.
CA Nu. gkZG d;C, gk _N % jslz! N
DOv xOB CA!- BNQ Nu. W Y=!B jsl
z! L Nu; gkO) Xg CA! _`Q Nu; 8
/OB -vMG kE; NuUOY.
CAST-64. 64q. mO )bM 6q. 0& gkOB m
O O#(cipher) Km.r. LM: Carlisle AdamsM
Stafford Tavares! GX 3hGz@OY.
CCA. IBM xk O#- F0X3.
CDSA. xk %LM 8H F0X3.
CGI. xk TL.~L NMdL:.
cleartext. O#-Gv J: %LM. O] X:.
(plaintext)G ?Gn.
CRL. Nu kR qO.
CRL _` #]. CA 8: DOG 3$*8N- CRL
; p:d.! x%OB Vb gLG #] C#.
D
DEK. .- O#- 0.
DER. 8P NZy T".
DES. %LM O#- %X.
Diffie-Hellman. _m!(DiffieM Hellman)G L'!-
/!Q L'8N, 8HGv JB E<! kX x/ 0&
.3OB f}.
DL. %LM ze5* sLj/..
DN. 8P L'.
DSA. pvP -m Km.r.
E
e-business. W.v) W D;M& kQ qnO: .#
hG. 00 W -q:G 8T W GE! wTKOY. G
Q pvP kE; kQ Z]G L?L wTKOY.
e-commerce. qnO: # .#hG. NM] s!-G 0
0 W -q:G 8T W GE(-q:, x^Z, GEwZ n
; kQ)! wTKOY. e-businessG b;{N dRTO
Y.
F
FTP. DO |[ ANd].
kn} 141
H
HTML. OL[X:. 6)w pn.
HTTP. OL[X:. .#hG ANd].
HTTP -v. jslz W W.v)G Y% ANW%z
T2 % b] kE; 3.OB -v.
I
ICL. _`H Nu qO.
IETF (Internet Engineering Task Force). NM]k
ANd]G h9 W 3_; _!{8N 3.OB Wl. W
.v) 3hZ, n5Z, }jw<, ,8xG 9&{N }
\; k%UOY. IETFB NM] F0X3G 3_ W N
M]G x0Q gk n; VN YlOY.
IniEditor. Trust Authority!- 8: DO; m}OB
% gkOB 58.
IPSec. IETF!- 3_Q NM] ANd] 8H %X.
IPSecB W.v) h~ ANd]N-, Nu, +a:, W<
: &n W bP:G aU; /?{8N vxOB O#-
8H -q:& &xOb 'X mHH MTOY. -Q N
u bI8N NX L %X: 9: VPN &0 GEwZi
L NM] s!- H|Q v!# ,a; 8`Ob 'Q A
Nd]N- $COm V@OY.
ISO. 9& %X b8.
ITU. 9& kE \<.
J
Java. Sun Microsystemsg!- 3_Q W.v)& N
DOB, C'{ xk D;M bz <.TOY. Java /f
: Java OS,YgQ C'{G !s bh, 4< vb Java
ANW!V pn, )/ ,!:G sLj/.N 8:KOY.
Java !s bh(JVM). YL.ZeG X.; cgOB
Java 18S /fG ON.
Java VC4. VC4; |mOJC@. Java @kANW
%z q3OJC@.
Java pn. VC4z !L|. @kANW%k8N /0
w 3hH Sun Microsystemsg!- 3_Q ANW!V
pn.
Java @kANW%. Java pnN bOH 63{ ANW
%. % jslzG \X:. \N!- G`KOY.
Java ,!:. Java ANW% Ze \'.
K
KeyStore. Trust Authority 8:dR Z] um-(9;
O#-H |DG 0 W Nu)& zeOb 'Q DL.
L
LDAP. f. p:d. W<: ANd].
M
MAC. ^Cv Nu Ze.
MD2. 128q.G ^Cv d` XC Tv(Ron Rivest!
mH). PEM ANd]!- MD5M T2 gkKOY.
MD4. 128q.G ^Cv d` XC Tv(Ron Rivest!
mH). LM: MD28Y n h* u |(OY.
MD5. \fb ^Cv d` XC Tv(Ron Rivest! m
H). MD4! bsH v|TOY. MD5B 512q. mO
G TB X:.& 163G 32q. -jmO8N */OY.
L Km.rG bB: 32q. mO <.N- \O 128q
. XC *; 8:O5O ,aC2 MTOY. GQ PEM
ANd]!- MD2M T2 gkKOY.
142 Trust Authority: C:[ |. H;-
MIME(Multipurpose Internet Mail Extensions). -
N Y% .Z <. pnN H X:.G s# 3/; c
kOB Z/ST gkR v VB :e <.. GQ NM]
lm %X; gkOB 9: vG -N Y% D;M C:
[ #!- V<Lpn |Z lm; ckUOY. 9& i
n |Z lm ^Cv! US-ASCII, 3NQ X:., LL
v, gne& wTC3 v V@OY.
N
NIST. zE NBS(93 %X g+R)N KAx 93 %
X W bz y8. D;M b] jw! Vn- 3f %X
z s#nk:; uxC0B \<TOY.
NLS. Z9n vx.
nonce. gkZ Nu; d;OB -v* @kANW%8
NNM [EGB .Z-. Nu; d;^: gkZ! 3N
k 0& gkO) nonce! -mUOY. gkZG xk 0
M -mH nonce! Nu; d;Q -v* @kANW%
! YC [EKOY. W.m *i -v! gkZG xk
0N -mH nonce& X6OA C5UOY. X6Q nonce
! [EH x! nonceM 08i gkZ! NuKOY.
NSA. 93 8H b|.
O
ODBC. 3f| %LM#L: ,a:.
OSI. 3f| C:[ s#,a.
P
PC +e. :6. +eM /gOg PCMCIA +esm
5 UOY. L +eB :6. +e8Y 6] )m, 8k
u 9: k.; !}OY.
PEM. qP: 8# -- ^O
PKCS. xk 0 O# [:} %X.
PKCS #1. xk 0 O# [:} %X; |mOJC@.
PKCS #10. xk 0 O# [:} %X; |mOJC@.
PKCS #11. xk 0 O# [:} %X; |mOJC@.
PKCS #12. xk 0 O# [:} %X; |mOJC@.
PKCS #7. xk 0 O# [:} %X; |mOJC@.
PKI. xk 0 ON86.
PKIX. X.509v3 b] PKI.
PKIX CMP. PKIX Nu |. ANd].
PKIX Nu |. ANd](CMP). PKIX Xv @kA
NW%zG ,a; !IOT OB ANd]. PKIX
CMP! TCP/IP& Ow |[ ^?Or8N gkOB Q,
RO '!B _s- h~L 8gUOY. LM: _! z
5 |[! kQ vx; !IOT UOY.
PKIX ;kZ. /$ nO 5^NL Trust Authority ,
sLp. @kANW%8NNMG d;; ;kOB% gk
OB xk HTTP -v.
R
RA. nO GQ.
RA |.Z. RA %:)>! W<:O) Nu W Nu
! kQ d;; |.R GQ; N)^: gkZ.
RA %:)>. Z] um- d;; 3.Om Z] um
-! /?Q |< b#! ID L& |.Ob 'Q W!
H NMdL:& RA! &xOB Java VC4.
RA -v. Trust Authority nO GQ 8:dR& 'Q
-v.
kn} 143
RC2. RSA %LM 8H; 'X Ron Rivest! 3hQ
!/ 0 )b mO O#. RCB Ron’s CodeGB Rivest’s
Cipher& *8@OY. DES8Y |#m DESG pTD k
<N- 3hH MTOY. {gQ 0 )b& gkT8Na
DES8Y u H|OE* Rp 0 =v! kX-B z H
|OT 8i v V@OY. 64q.G mO )b& !vg
RA.~n! Vn- DES8Y ` 2-3 h u |(OY.
RC2B DESM 0: peN gkL !IUOY.
RA.~n _%Z y8(SPA)M L$N#G y`!-
RC2 /v sB& &xUOY. LM: ]b BN AN<
:& O]{N O# v$} ]b AN<: 8Y u #\
Om |#T 8in ]OY. W/* |% ]b BNL {
UO5O 8ib 'X-B &0!- RC2 0 )b& 40
q.N ]eC &QCQ_(ON 9\B V8*) UOY. O
#-H + #b WLm; L. hjOAm C5OB 'T
Z& 7b 'X-B _!{N .Z-; gkR v V@O
Y.
RSA. _mZG L'(Rivest, Shamir, Adelman); }
xk 0 O#- Km.r. O#- W pvP -m! gk
KOY.
S
SET. 8H |Z .#hG
SGML. %X |k 6)w pn.
SHA-1(8H XC Km.r). pvP Nu %Xz gk
Ob 'X NIST W NSA!- 3hQ Km.r. L %X
: 8H XC %XLm SHAB %X! gkGB Km.
rTOY. SHAB 160q. XC& }:UOY.
SMTP. \x lm |[ ANd].
SSL. 8H RO h~.
S/MIME. NM]; kX |[GB |Z lmG -m W
O#-& vxOB %X. MIME; |mOJC@.
T
TCP/IP. |[ &n ANd]/NM] ANd].
TP. EZ $%.
Trust Authority. pvP NuG _`, ;E W kR&
vxOB kU IBM SecureWay8H VgG. L Nu:
$|Q NM] @kANW%! gkI v V8g, gkZ
& NuOm EZVB kE; 8eOb 'Q v\; &x
UOY.
U
URL. UO Zx '! 3$Z.
UTF-8. // |D. L |D: 8q. .Z <.8 3.
OB $8 3. C:[L 16q. /OZe& k@OB 8
q.N //Om $8G UG xL L& YC G91 v
V5O UOY.
V
VPN. !s 3Nk W.v).
W
WebSphere Application Server. gkZ! m:I %
gL.& 3_Om |.R v V5O 5MVB IBM &
0. \xQ % x3!- m^ e-business@kANW%!
L # B z $ ; k L O T X ] O Y . WebSphere
Application ServerB % -v W b] n5 <& pN
M 63H Javab] -m4 #x8N Lgn. V@OY.
X
X.500. D;M C:[; s#,aT8Na Yq{ Pj
W 9& p:d. -q:& gkOb 'Q %X. L|!
144 Trust Authority: C:[ |. H;-
B CCITTN KA. Vx 9& kE \<(ITU)M %X
- 9& b8 W 9& |b -P y8(ISO/IEC)!- T
2 $GQ MTOY.
X.509 v| 3 Nu. X.509v3: Nu @kANW% $
8G ze W Kv, Nu Pj $8, Nu kR $8, $
% $8, pvP -m; 'Q $|'Q %LM 86& !
vm V@OY.
X.509v3 AN<:B pg Nu! Vn- C# RN; g
kOB CRL; [:UOY . NuL gkI '6Y
X.509v3 bI: @kANW%L Xg NuG /?:; !
KR v V5O UOY. GQ @kANW%L Xg CRL
! NuL VBv )N& G0R v V5O UOY.
X.509v3 CRL: v$H /? b#! kX [:R v V
@OY. Nu; +?-R v5 VB Y% /f; b]8
N R v5 V@OY. 9& in Q wxL 6w; 0*
B fl Xg Nu: CRL! uLT KOY.
X.509 Nu. N. ^Fi)vm VB Nu %X8N-,
8H |. W 8H NM] W.v) s!-G pvP -
m NuG Ph& vxOb 'X mHH %X. X.509 N
u: EZR v VB & 3Z! pvPN -mQ xk 0
G Ph& 'Q ANC`n& vkOB %LM 86& $
GUOY.
kn} 145
146 Trust Authority: C:[ |. H;-
vN
[!]
(g
%LM#L: %LM 116
9Ze, =v 42
NW 48
6:) 44
YNy gLG #] /f 46
YNy C5 /f 45
8m-, }: 51
L%. Je 113
w. /f 42, 43
#:. L' /f 42
(g |.Z O# 6
(g |.Z 6! L%. 74
(g NW WLm 120
(g -jC:[
(g NW 3$ /f 48
(g 6:) /f 44
(g +a: !K /?.< 111
(g 88 W -m /?.< 110
|. 39
%LM#L: 8b 40
9Ze, $8 74
NW 46, 56
NW DO, 88 51
NW DO, -m 51
sB 54
-v 8: DO 100
1C{ L%. 75
@y NW 3$ /f 50
'S L%. 75
L%. NW 3$ /f 46
L%. 6:) 74
L%., $8 74
$8 73
(g -jC:[ (hS)
_{ NW 3$ /f 49
,sLp. 8: DO 105
w. /f 44
#:. L' /f 43
(g L%. 113
(g |.Z 6! 74
6:) 74
8H (v 74
1C{ 75
'S 75
Nu |. 74
0 |. 74
RA 74
3Nk 0 gk b# .e 65
3Nk .e 67
h~ 25
h~, CA 64
xk .e 67
|.
(g -jC:[ 39
p:d. -v 60
4758 O#- ZAN<- 62
CA -v 18
DB2 UDB 56
HTTP Server 16
RA -v 30
Trust Authority 5
WebSphere Application Server 14
|.Z, RA _! 31
|.Z, 9x0 RA _! 31
8P L'(DN) 69
8: DO 10, 81
(g -v 100
(g ,sLp. 105
8: DO 10, 81 (hS)
v$ 9
AuditClient.ini 105
AuditServer.ini 100
CA -v 82
jonahca.ini 82
jonahra.ini 91
RA -v 91
8: DO v$ 9
8:dR /| WLm 119
8:dR, Trust Authority
(g -v 39
-v C[ 7
-v _v 7
4758 O#- ZAN<- 62
CA -v 18
IBM HTTP Server 16
IBM SecureWayp:d. 60
RA -v 30
WebSphere Application Server 14
GQ $8 W<: .e 65
GQ 0 D0Z .e 65
UO Zx D0Z(URI) 24
bP: 70
b; &WgW .e 65
[Y]%LM#L: %LM, (g 116
%LM, (g %LM#L: 116
5^N, nO 71
nO 5^N 71
p:d. 60
p:d. |.Z O# 6
p:d. -v
|. 60
© Copyright IBM Corp. 1999b 147
p:d. -v (hS)
NW 62
sB 60
-v 38
! kQ RA 3$ /f 38
$8 77
Wq 25, 28
pvP Nu 1, 69
[s]NW
(g 46, 48
(g -v 56
(g -jC:[ 51
p:d. -v 62
@y 50
L%. 46
_{ 49
CA -v 28
DB2 60
HTTP Server 18
RA -v 36
WebSphere Application Server 15
[6]6:), (g 44
^Cv Nu Ze(MAC) 64
^Cv, PKIX 63
mI` /?.<
(g +a: !K 52
(g 88 W -m 51
CA Nu 22, 25
+a: 70
+a: @N 75
+a: !K 52, 75
.&! Xa 122
[Y]YNy 45, 46
_`H Nu qO(ICL) 70
_`Z 3< L' .e 65
iw 13
AIX 13
Trust Authority %LM#L: 13
Windows NT 13
0m v$, IP 77
8m-, (g 51
8b, (g %LM#L: 40
8H (v L%. 74
8H, Trust Authority 63
9x 13
AIX 13
Trust Authority %LM#L: 13
Windows NT 13
[g]sB
(g -v 54
p:d. -v 60
CA -v 29
DB2 %LM#L: 57
HTTP Server 16
RA -v 36
WebSphere Application Server 14
s# Nu 22, 64, 68
-m 70
-m /?: 70
-v
(g 39
8:dR C[ 7
8:dR _v 7
p:d. 38, 77
% 76
CA -v 18
HTTP 16, 77
RA 30
WebSphere Application 14, 76
-v 8:dR C[ 7
R: WLm 118
vm, CRL 21
:6. +e 73
BNH #<< WLm 118
BNH *R WLm 119
C:[ WLm 121
EZ VB kE 1
[F]O#
(g |.Z 6
p:d. |.Z 6
/f 5
&n ANW% 5
4758 CA ANDO 5
O# /f /?.< 5
O#- #x 63
O#- ZAN<-, 4758 71
O#- 0 70
W<: &n qO(ACL) 63, 64
5b^B #<< /| WLm 119
@y NW 50
@j'. D0Z(OID) 78
% -v 76
/?.<
(g +a: !K 52
(g +a: !K /?.< 111
(g 88 W -m 51, 110
/?.<, O# /f 5
CA Nu 22, 25, 107, 109
IniEditor 9
RA gkZ _! 32
Trust Authority &n 7
/?:, -m 70
L' &QgW .e 65
L%. NW 46
L%. I"5 WLm 117
L%. &n WLm 117
L%., (g 43, 113
Nu 1, 69
;E 1
148 Trust Authority: C:[ |. H;-
Nu 1, 69 (hS)
_` 1
Nu kR qO(CRL) 1
kR 1
kR qO(CRL) 68
.e 64
Nu |. L%. 74
Nu b|(CA) 63
Nu $% .e 65
Nu, pvP 1, 69
[Z][: #], CRL 20
gC5 43
gC5 #] 35
|Z lm VR 24, 27
$% JN .e 65
$% &QgW .e 65
&n ANW% O# 5
V< 3< L' .e 65
V< p:d. S: .e 65
V< 0 D0Z .e 65
[w]9x0 RA |.Z _! 31
;kZ w. 34
_{ NW 49
kR qO(CRL), Nu 1
[+]0
O#- 70
MAC 70
0 |. L%. 74
0 gk .e 65
0 WLm 117
[8]kE, EZ VB 1
[D]DO, 8: 81
w:. #] 38
w. 38, 42, 44
(g -v 42, 44
p:d. -v 38
CA -v 19
RA -v 34
z5 #] 20, 35
%X
ASN.1 78
CCITT 78
ISO 78
ITU 65, 78
RFC 2459 65
X.509v3 65
X.680 78
%X .e 65
%, (g %LM#L:
(g NW WLm 120
8:dR /| WLm 119
R: 118
BNH #<< 118
BNH *R 119
C:[ WLm 121
5b^B #<< /| WLm 119
L%. I"5 117
L%. &n 117
0 117
Je, (g L%. 113
[O]#:. L' 38, 42
.e
3Nk 67
xk 67
d; e' 68
Nu 64
%X 65
.e 0 gk .e 65
[}Z]4758 CA ANDO 5
4758 9& 14
4758 O#- ZAN<- 62
|. 62
9& 14
O#- ZAN<- 71
AAIX
iw 13
9x 13
ASN.1 78
AuditClient.ini 10, 105
AuditServer.ini 10, 100
CCA -v
|. 18
8: DO 82
NW 28
sB 29
;kZ w. 19
z5 #] /f 20
CRL 3$ /f 20
CA(Nu b|)
h~ 64
s# Nu 64
Nu /?.< 107
CCITT 78
CRL Ph wN. .e 65
CRL(Nu kR qO) 68
3$, /f 20
vm 21
[: #] 20
vN 149
DDB2 %LM#L: 76
|. 56
NW 60
sB 57
DES 62
DNS VR 23, 26
HHTTP Server 16
|. 16
NW, !K 18
sB 16
HTTP ServerNW /f 18
IIBM HTTP Server 16, 77
ICL(_`H Nu qO) 70
IniEditor /?.<
E3/v _! 12
E3/v m} 11
gk} 11
=G _! 11
G` 9
DO ze 12
IP 0m v$ 77
IP VR 6:) 23, 26
IP VR, /f 12
ISO 78
ITU %X 65, 78
Jjonahca.ini 10, 82
jonahra.ini 10, 91
LLDAP, (f. p:d. W<: ANd
]) 60
MMAC 0 70
PPKIX ^Cv 63
RRA |.Z _! 31
RA -v 30
|. 30
8: DO 91
p:d.G w. /f 38
p:d.G #:. L' /f 38
NW 36
sB 36
gC5 #] /f 35
;kZ w. /f 34
z5 #] /f 35
RA L%. 74
RA(nO GQ)
|.Z 71
|.Z _! 32
$8 71
9x0 |.Z _! 31
9x0 RA |.Z _! 31
RA gkZ /?.< _! 32, 109
RFC 2459 65
RSA 62
SSQL mIn 32
TTrust Authority
|. 5
Trust Authority (hS)
iw 13
8H 63
9x 13
3m 1
&n /?.< 7
IP VR, /f 12
UURI 28
WWebSphere Application Server 14, 76
|. 14
NW 15
sB 14
Windows NT
iw 13
9x 13
XX.509v3 65
X.680 78
150 Trust Authority: C:[ |. H;-
© Copyright IBM Corp. 1999b 151
IBM
ANW% x#: 5648-D09
SA30-0875-00
Top Related