인증서와 개인키는 어떻게 다른가 - injeungseowa gaeinkineun eotteohge daleunga

공개키와 개인키의 차이점

목차 Show

6 �� Ű ��
��
��
�ŷ� ��ͺ��̽� ��
password.conf ��
VeriSign �� û �� ġ
VeriSign �� û
VeriSign �� ġ
��Ÿ �� û �� ġ
�ʼ� CA ��
��Ÿ �� û
��Ÿ �� ġ
��׷��̵��
�� Ʈ �� .
��
CRL �� KRL ��ġ/��
CRL �Ǵ� CKL ��ġ
CRL �� CKL ��
�� ⺻ ��
SSL �� TLS ��
LDAP�� ſ� SSL ��
û�� Ͽ� ��
��
�ܺ� ��ȣȭ ��
PKCS#11 �� ġ
FIPS-140 ǥ��
Ŭ��̾�Ʈ �� 䱸 ��
Ŭ��̾�Ʈ �� ʼ�ȭ
Ŭ��̾�Ʈ �� LDAP��
certmap.conf ��
��
�߰� ��
�� ׼��
�� ׼��
�� ȣ ��
��ȣ �Ǵ� PIN ��
�� Ÿ �� α׷� ��
Ŭ��̾�Ʈ�� SSL �� ĳ�� ϵ��
��Ʈ ��
�� Ѱ� �ľ�
�� ȣ�� ߰� ��

우선, 공개키는 암호화 할때 주로 사용되지만, 요즘에는 구분없이 사용됩니다.

개인키는 복호화할때 많이 사용되지만, 요즘에는 구분없이 사용됩니다.

즉, 공개키와 개인키의 차이가 없다란 문의가 와서 openssl 로 간단하게 예제를 만들어 전달드렸습니다.

1. 공개키는 우선 맨 윗줄에 "-----BEGIN PUBLIC KEY-----" 로 시작합니다.

2. 개인키는 우선 맨 윗줄에 "-----BEGIN RSA PRIVATE KEY-----" 로 시작합니다.

다음은 임의로 인증서를 생성하여 공개키만 포함된 인증서와, 공개키,개인키가 포함된 인증서를 보여줍니다.

[root@ip-10-0-0-5 test_crt]# openssl genrsa -out private.pem 1024

인증서 생성이 완료되었으면, 여기서 공개키만 추출하여 public 인증서를 생성합니다.

[root@ip-10-0-0-5 test_crt]# openssl rsa -in private.pem -out public.pem -outform PEM -pubout

다음은 cat으로 비교해본 인증서의 차이입니다.

다음은 public 인증서를 사용하여 파일을 암호화 하는 방법을 보여줍니다.

# openssl rsautl -encrypt -inkey public.pem -pubin -in ./test.txt -out ./test_encrypt.txt

다음은 기존 text 파일과 인코딩된 text파일의 비교입니다.

다음은 개인키로 복호화 하는 방법입니다.

# openssl rsautl -decrypt -inkey private.pem -in ./test_encrypt.txt -out ./test_decrypt.txt

6 �� Ű ��

�� 忡�� Ű �� Ͽ� Sun ONE Web Server 6.1�� ȭ�ϴ� �� Ͽ� ��մϴ�. �� پ�� Ͽ� ��͸� ��ȣ�ϰ� ħ�� ׼�� ź��ϸ� ��ϴ� �� ׼�� ϴ� �� Ͽ� ��մϴ�. Sun ONE Web Server 6.1�� Sun ONE �� Ű��ó�� ԵǾ� ��, �� Ű��ó�� ִ�� ȣ ��� ϰ�� Ͽ� �� ǥ�� Ǿ��ϴ�.

�� б� �� Ű ��ȣȭ�� ⺻ �� ˰� �־�� մϴ�. �� 信�� ȣȭ �� ȣȭ, �� Ű, �� , ��ȣȭ �� Ե˴ϴ�. �ڼ�� SSL �� Ͻʽÿ�.

�� ϴ� �� κп�� ڼ�� մϴ�.

��

�ŷ� ��ͺ��̽� ��

VeriSign �� û �� ġ

��Ÿ �� û �� ġ

��׷��̵��

��

CRL �� KRL ��ġ/��

�� ⺻ ��

�ܺ� ��ȣȭ ��

Ŭ��̾�Ʈ �� 䱸 ��

��

�߰� ��

��

�� ź�� Ȯ��ϴ� ��Դϴ�. ��Ʈ��ũ ��ȣ�ۿ��̶�� ƶ�� ٸ� �� ź�� Ȯ�� Ȯ��ϴ� ��Դϴ�. �� ϴ� �� Դϴ�.

��

�� , ȸ�� Ǵ� ��Ÿ ��ü�� ̸�� ϴ� �� ͷ� ��Ǹ� �� Ե� �� Ű�� ش� ��ü�� ˻��մϴ�. Ŭ��̾�Ʈ�� ֽ��ϴ�.

�� (�Ǵ� CA)�� ϰ� �� մϴ�. CA�� ͳݿ�� Ǹ��ϴ� ȸ�� ȸ�� Ʈ�� Ǵ� �ͽ�Ʈ��ݿ�� ϴ� �μ�� ֽ��ϴ�. �ٸ� �� ź�� Ȯ��ϴµ� �� ŷ�� ִ� CA�� մϴ�.

�� Ͽ� Ȯ�εǴ� �� Ű�� ü�� ̸�� Ͽ� �� , �� CA�� ̸� �� CA�� "�� "�� Ե˴ϴ�. �� Ŀ� �� ڼ�� SSL �� Ͻʽÿ�.


��	�� ݵ�� ȣȭ �� ϱ� �� ġ�Ǿ�� մϴ�.

��

�� ̶� Ŭ��̾�Ʈ�� ź�� Ȯ��ϴ� �� մϴ�. ��, Ư�� Ʈ��ũ �ּҿ�� å�� ִ� ��ü�� ź�� Ȯ��ϴ� ��Դϴ�.

Ŭ��̾�Ʈ ��

Ŭ��̾�Ʈ ��̶� �� Ŭ��̾�Ʈ�� ź�� Ȯ��ϴ� ��, ��, Ŭ��̾�Ʈ ��Ʈ�� ��ϴ� �� ź�� Ȯ��ϴ� ��Դϴ�. �� ź�� ִ� ��ó�� Ŭ��̾�Ʈ�� ֽ��ϴ�.

��

�� ٸ� �� ͺ��̽�� ο�� ֽ��ϴ�. �� ͺ��̽�� ֽ��ϴ�. �� ν��Ͻ�� ٸ� �� ֽ��ϴ�.

�ŷ� ��ͺ��̽� ��

�� û�ϱ� �� ݵ�� ŷ�� ִ� ��ͺ��̽�� մϴ�. Sun ONE Web Server�� Administration Server�� ν��Ͻ�� ü�� ŷ� ��ͺ��̽�� ο�� ֽ��ϴ�. �ŷ� ��ͺ��̽�� ǻ�Ϳ� �� մϴ�.

�ŷ� ��ͺ��̽�� Ű�� Ͽ�� ȣ�� մϴ�. �� ȣȭ�� Ͽ� �� ȣ�� ʿ��մϴ�. ��ȣ�� ϴ� �� ؾ� �� ħ�� "��ȣ �Ǵ� PIN ��"�� Ͻʽÿ�.

�ŷ� ��ͺ��̽�� Ű�� ֽ��ϴ�. �̴� Ű�� ̶�� մϴ�. Ű�� SSL ��ȣȭ�� ˴ϴ�. Ű�� û�ϰ� ��ġ�� մϴ�. �� ġ�Ǹ� �ŷ� ��ͺ��̽�� ˴ϴ�. Ű�� 丮�� ȣȭ�Ǿ� ��˴ϴ�.

server_root/alias/<serverid-hostname>-key3.db.

Administration Server�� ϳ�� ŷ� ��ͺ��̽�� ֽ��ϴ�. �� ν��Ͻ�� ü�� ŷ� ��ͺ��̽�� ο�� ֽ��ϴ�. �� ش� �� ν��Ͻ�� ŷ� ��ͺ��̽�� մϴ�.

�ŷ� ��ͺ��̽� ��

�ŷ� ��ͺ��̽�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Create Database ��ũ�� ϴ�.

��ͺ��̽�� й�ȣ�� Է��մϴ�.

�ݺ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

password.conf ��

�⺻�� ϱ� �� ڿ�� Ű ��ͺ��̽� ��ȣ�� Է��϶�� Ʈ�� ǥ�õ˴ϴ�. �� ۾�� Ϸ�� 쿡�� ȣ�� password.conf ��Ͽ� �� ƾ� �մϴ�. �ý�� ȣ�Ǿ� �� ϰ� ��ȣ ��ͺ��̽�� ۵�� 쿡�� Ͻʽÿ�.

�� UNIX SSL�� ϴ� �� ϱ� �� ȣ�� ʿ��ϹǷ� etc/rc.local �Ǵ� etc/inittab �� ϴ�. ��ȣ�� Ϲ� �ؽ�Ʈ ��Ͽ� ��Ͽ� SSL�� ϴ� �� ڵ�� , �̴� �� ʽ��ϴ�. �� password.conf �� Ʈ �Ǵ� �� ġ�� ϸ�, �� ڸ� �� а� �� ־�� մϴ�.

UNIX�� SSL�� ϴ� �� ȣ�� password.conf ��Ͽ� ��ܵθ� ��Ȼ�� Ŀ��ϴ�. ��Ͽ� �׼�� ִ� ��ڴ� �� SSL�� ϴ� �� ȣ�� ֽ��ϴ�. SSL�� ϴ� �� ȣ�� password.conf ��Ͽ� ��ϱ� �� 迡 ��Ͽ� ��ؾ� �մϴ�.

Windows�� NTSF �� ý�� ϴ� ��, password.conf �� ʴ� �� ִ� ��丮�� ׼�� Ͽ� ��ȣ�ؾ� �մϴ�. ��丮�� ڿ� �б�/�� ־�� մϴ�. ��丮�� ȣ�ϸ� �ٸ� �� ߸�� password.conf �� մϴ�. FAT �� ý�� ׼�� ϴ� ��쿡�� 丮�� ȣ�� ϴ�.

SSL �� ڵ� ��

�� ʴ� �� SSL�� ϴ� �� ڵ�� ֽ��ϴ�.

SSL�� Ǵ�� Ȯ��մϴ�.

�� ν��Ͻ�� config �� 丮�� password.conf �� ϴ�.

�� Բ� ��Ǵ� �� PKCS#11 ��Ʈ�� ȣȭ �� ϴ� ��쿡�� Է��մϴ�.

internal:your_password

�ٸ� PKCS#11 ��(�ϵ�� ȣȭ �Ǵ� �ϵ�� ӿ�)�� ϴ� ��쿡�� ش� PKCS#11 �� ̸�� ȣ�� մϴ�. ��:

nFast:your_password

�� ٽ� ��Ͽ� �� ǵ�� մϴ�.

password.conf �� Ķ� �� ׻� ��ȣ�� Է��϶�� Ʈ�� ǥ�õ˴ϴ�.

VeriSign �� û �� ġ

VeriSign�� Sun ONE Web Server�� Ǵ� �� Դϴ�. VeriSign�� VICE �� ϸ� �� û ��μ�� ֽ��ϴ�. VeriSign�� ȸ�� ִٴ� �� ֽ��ϴ�.

�� ŷ� ��ͺ��̽�� û�ϰ� �̸� ��(CA)�� ֽ��ϴ�. ȸ�翡 �� CA�� ִ� ��쿡�� ش� CA�� û�մϴ�. �� CA�κ�� ȹ�� 쿡�� CA�� ϰ� �ʿ�� ִ�� մϴ�. Request a Certificate �� ϰ� �ش� ��Ʈ�� ũ�� ֽ��ϴ�. CA�� ʿ�� Ϳ� �� ڼ�� Request a Certificate�� ִ� Server Administrator �Ǵ� Server Manager Security �� ִ� �� Ͻʽÿ�.

Administration Server�� ϳ�� ο�� ֽ��ϴ�. �� ν��Ͻ�� ü�� ο�� ֽ��ϴ�. �� Ͽ� �� ν��Ͻ� �� ֽ��ϴ�.

VeriSign �� û

VeriSign �� û�Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Request VeriSign Certificate ��ũ�� ϴ�.

�ʿ�� Ȯ��մϴ�.

OK�� ϴ�.

VeriSign �� մϴ�.

VeriSign �� ġ

VeriSign �� û�ϰ� �̿� �� 3�� ̳�� Install VeriSign Certificate �� ٿ� ��Ͽ� �� ǥ�õ˴ϴ�. VeriSign �� ġ�Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Install VeriSign Certificate ��ũ�� ϴ�.

�ܺ� ��ȣȭ �� ʴ� ��, ��ȣȭ �� ٿ� ��Ͽ�� internal(software)�� մϴ�.

Ű �� ȣ �Ǵ� PIN�� Է��մϴ�.

�� ٿ� ��Ͽ�� Transaction ID to Retrieve�� մϴ�.

�� ׸�� մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

��Ÿ �� û �� ġ

VeriSign �ܿ�� ٸ� �� û�Ͽ� ��ġ�� ֽ��ϴ�. Request a Certificate�� Server Administrator�� Server Manager Security �� CA �� ֽ��ϴ�. ȸ�糪 �� ü�� ֽ��ϴ�. ��⿡�� ٸ� �� û�ϰ� ��ġ�ϴ� �� Ͽ� ��մϴ�.

�ʼ� CA ��

��û ��μ�� ϱ� �� CA�� 䱸�ϴ� �� ˾ƾ� �մϴ�. �� CA �Ǵ� �� CA �� û�� ΰ�� ؾ� �մϴ�.

Common Name�� DNS ��ȸ�� Ǵ� ��ȿ�� ȣ��Ʈ �̸�� մϴ�(�� www.sun.com). �̴� �� Ʈ�� ϴ� URL �� ȣ��Ʈ �̸��Դϴ�. �̵� �̸� �� ġ�� Ŭ��̾�Ʈ�� ̸�� Ʈ �̸�� ġ�� ʴ´ٴ� �� ź�� ǽ� �ް� �˴ϴ�. CA�� 䱸 �� ٸ� �� Ƿ� �ݵ�� ش� CA�� Ȯ��ؾ� �մϴ�.

�� CA�� û�ϴ� ��쿡�� ʵ忡 ��ϵ�ī�� ǥ�� Է�� ֽ��ϴ�. ��޾�ü�� 쿡�� κ� �� ̸�� ϵ�ī�峪 �� ǥ�� û�� ʽ��ϴ�.

Email Address�� ڿ�� ּ��Դϴ�. �� ּҴ� CA�� ǰ߱�ȯ�� Ͽ� ��˴ϴ�.

Organization�� ȸ��, �� , ��°�� , �� ̸�� մϴ�. ��κ�� CA�� Ͽ� �� (�� )�� Ȯ�� 䱸�մϴ�.

Organizational Unit�� ȸ�� Է��ϴ� �� ʵ��Դϴ�. �� ȸ�� ̸��(�ֽ�ȸ��, �� ϰ�) �˸�� ֽ��ϴ�.

Locality�� ʵ�� /�� Ǵ� �� Է��մϴ�.

State or Province�� ʼ� �׸�� ƴ�� CA�� 䱸�ϴ� ��쵵 �ֽ��ϴ�. ��κ�� CA�� ڸ� �� , �ش� CA�� Ȯ��ϴ� �� ϴ�.

Country�� ʼ� �ʵ�� ̸�� ڸ� ��ڸ� ��մϴ�. (ISO ��) �̱�� ڵ�� US�Դϴ�.

�� DN(Distinguished Name)�̶�� ϴ� �Ϸ�� Ӽ�-�� յǾ� �� ü�� ϰ� ��մϴ�.

�� CA�� ϴ� ��쿡�� ݵ�� CA�� Ͽ� �� ϱ� ��Ͽ� �ʿ�� ߰� �� ִ�� Ȯ��ؾ� �մϴ�. ��κ�� CA�� źп� �� 䱸�մϴ�. �� , ȸ�� ̸�� Ȯ��, ȸ�簡 �� ϵ�� Ȯ��ϸ� ��ڰ� ��ϴ� �� ִ�� Ȯ�� Դϴ�.

�Ϻ� �� CA�� Ϻ�� ź�� ϴ� ��̳� ��ο�� ڼ��ϰ� ��Ȯ�� մϴ�. �� , ��ڰ� www.sun.com ��ǻ�Ϳ� �� ڿ�� ִ�� Ȯ�� ʾ��, 3�Ⱓ �濵�ؿ� ȸ�� Ҽ�� ٴ� �� ǥ��ϴ� �� ֽ��ϴ�.

��Ÿ �� û

�� û�Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Request a Certificate ��ũ�� ϴ�.

�ű� �� Ǵ� �� մϴ�.

�� κ� 6��̳� 1�� , �� ð�� ϸ� ��ȿȭ�˴ϴ�. CA�� ڵ�� ۽��ϴ� ��쵵 �ֽ��ϴ�.

�� û�� ϴ� �� Ϸ�� մϴ�.

CA�� ڿ�� ޽�� û�� ۽��ؾ� �ϴ� ��쿡�� CA Email�� ϰ� CA�� ڿ�� ּҸ� �Է��մϴ�. CA�� List of available certificate authorities�� ϴ�.

Netscape Certificate Server�� ϴ� �� CA�� û�Ϸ�� CA URL�� Certificate Server�� URL�� Է��մϴ�. �� URL�� û�� ó��ϴ� �� α׷�� Ű�� URL�̾�� մϴ�. URL ��: https://CA.mozilla.com:444/cms.

�� ٿ� ��Ͽ�� û�� Ű�� Ͽ� ��ȣȭ �� մϴ�.

Ű�� Ͽ� ��ȣ�� Է��մϴ�.

�� ƴ� �ٸ� ��ȣȭ �� , �� ȣ�� ŷ� ��͸� �� ȣ�Դϴ�. �� ȣ�� Ͽ� �� Ű�� ϰ� CA�� ۵Ǵ� �޽�� ȣȭ�մϴ�. �׷� ��, �� Ű�� ȣȭ�� ޽�� CA�� մϴ�. CA�� Ű�� Ͽ� �޽�� ص��մϴ�.

ID �� Է��մϴ�.

�� CA�� ٸ��ϴ�. �� ʵ忡 �� Ϲ�� Request a Certificate�� ִ� Server Administrator �Ǵ� Server Manager Security �� ִ� �� Ͻʽÿ�. �� κ�� 쿡�� ʿ�� ʽ��ϴ�.

�Է�� Ȯ�� ٽ� �� Ȯ��մϴ�.

�� Ȯ�� ε� �� ֽ��ϴ�. ��û�� 쿡�� û�� ϱ� �� Ȯ��϶�� Ʈ�� ǥ�õ� ��Դϴ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

�� ϴ� �� û�� մϴ�. ��û�� Ű�� Ͽ� �� Ե˴ϴ�. CA�� Ͽ� ��û�� ǻ�Ϳ�� CA�� õǴ� �� ۵�� ʾҴ�� ˻��մϴ�. �幰�� û�� ۵� ��쿡�� CA�� ȭ�� Ͽ� ��ڿ�� մϴ�.

��û�� ڿ�� û�� Ե� ��ڿ�� ޽�� ۼ��ϰ� �޽�� CA�� մϴ�. �� , �� ڿ�� Ͽ� ȸ�ŵ˴ϴ�. �� URL�� ϴ� ��쿡�� URL�� Ͽ� ��û�� Certificate Server�� մϴ�. CA�� ȸ�� ڿ�� ϰų� �ٸ� �� Ͽ� ��ŵ˴ϴ�.

CA�� ࿡ ��ϴ� �� ش� �� մϴ�. ��κ�� CA�� ڿ�� Ͽ� �� մϴ�. ȸ�翡�� ϴ� �� Ͽ� �� ˻�� ֽ��ϴ�.


��	�� CA�� û�ϴ� �� Ǵ� �� ƴմϴ�. �� CA�� ϱ� �� ź� �� 䱸�մϴ�. �� ο�� Ϸ翡�� ޱ�� ɸ� �� ֽ��ϴ�. ��ڴ� CA�� ʿ�� ż�� å�� ֽ��ϴ�.

�� , �̸� ��ġ�� ֽ��ϴ�. �� ȿ�� SSL �� ֽ��ϴ�.

��Ÿ �� ġ

CA�� ϸ� �� Ű�� ȣȭ�ǹǷ� �� ͻ縸 �̸� �ص�� ֽ��ϴ�. �� Ȯ�� ŷ� ��ͺ��̽�� ȣ�� Է��ؾ߸� �� ص��ϰ� ��ġ�� ֽ��ϴ�.

�� ֽ��ϴ�.

Ŭ��̾�Ʈ�� ü ��

�� ü�ο�� CA�� ü ��

�ŷڵ� CA��

�� ü��̶� �� Ϸ�� մϴ�. CA �� (CA)�� Ȯ��ϰ� �ش� �� ϴ� �� ˴ϴ�. �� CA �� ٽ� �� CA�� CA �� Ͽ� ��Ǵ� �� Ǯ��Ͽ� ��Ʈ CA�� ̾��ϴ�.


��	CA�� ڵ�� ʴ� ��쿡�� û�ؾ� �մϴ�. �� CA�� ͻ�� ִ� ��ڿ�� ü�� ϸ�, �� ÿ� ��ġ�մϴ�.

CA�� ϸ� �� Ű�� ȣȭ�ǹǷ� �� ͻ縸 �̸� �ص�� ֽ��ϴ�. �� ġ�ϸ� �� Ű �� ȣ�� Ͽ� �̸� �ص��մϴ�. ��ڿ�� ׼�� ִ� �ٸ� ��ġ�� ϰų� ��ڿ�� ؽ�Ʈ�� Install Certificate �� ش� ��ġ�� ٿ� �� ֵ�� մϴ�.

�� ġ

�� ġ�Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Install Certificate ��ũ�� ϴ�.

��ġ�ϴ� �� մϴ�.

This Server�� ϴ� �� Դϴ�.

Server Certificate Chain�� ü�� ϴ� CA�� Դϴ�.

Trusted Certificate Authority(CA)�� Ŭ��̾�Ʈ �� Ͽ� �ŷڵ� CA�� Ϸ�� CA�� Դϴ�.

�� ٿ� ��Ͽ�� Cryptographic Module�� մϴ�.

Ű�� ȣ�� Է��մϴ�.

�� ν��Ͻ��θ� �� 쿡�� ̸� �ʵ带 �Է�� ʽ��ϴ�. �׷�� 쿡�� մϴ�.

Multiple certificates will be used for virtual servers

�� ν��Ͻ�� ̸�� Է��մϴ�.

Cryptographic modules other than internal are used

�� ȣȭ ��⿡ �ִ� �� ν��Ͻ�� Ͽ� �� ̸�� Է��մϴ�.

�̸�� Է��ϸ� Manage Certificates ��Ͽ� ǥ�õǹǷ� �� ̸�� Է��Ͻʽÿ�. �� "United States Portal Service CA"�� CA�� ̸��̸� "VeriSign Class 2 Primary CA"�� CA�� Ÿ��ϴ�. �� ̸�� Է�� ⺻ �� ˴ϴ�.

�� մϴ�.

�� ޽�� ڿ�� ü �� Է�

�޽�� ؽ�Ʈ(�� ) �� ڿ�� ؽ�Ʈ �ٿ� �ֱ�.

�ؽ�Ʈ�� Ͽ� �ٿ� �� ݵ�� "Begin Certificate" �� "End Certificate"�� °� �Բ� ��ؾ� �մϴ�.

OK�� ϴ�.

�� մϴ�.

�ű� �� ġ�ϴ� �� Add Certificate.

�� ġ�ϴ� �� Replace Certificate.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

�� ͺ��̽�� ˴ϴ�. �� ̸�� <��Ī>-cert8.db�Դϴ�. ��:

https-serverid-hostname-cert8.db

��׷��̵��

iPlanet Web Server 4.1�̳� 6.0�� ϴ� �� ŷ� �� ͺ��̽�� Ͽ� �� ڵ�� Ʈ�˴ϴ�.

Ű�� ϴ� ��쿡�� ˴ϴ�. �� Administration Server �� Server Management �� ִ� Security �� Ͽ� Ű�� ֽ��ϴ�.

�� Ű�� ν��Ͻ�� ִ� ��Ī�� Ͽ� ��Ǿ��ϴ�. Administration Server�� Ī�� ش� �� ߽��ϴ�. Sun ONE Web Server 6.1�� Administration Server�� ν��Ͻ�� ü�� Ű�� , �̴� ��Ī�� ƴ� �ŷ� �� մϴ�.

Administration Server�� 쿡�� ü��, �� ν��Ͻ�� 쿡�� Server Manager�� Ե� �� Ͽ� �ŷ� ��ͺ��̽�� ش� �� մϴ�. �� Ű�� ͺ��̽� �� ̸� ��ϴ� �� ν��Ͻ�� ̸�� ̸�� ˴ϴ�. �� ν��Ͻ�� Ī�� , �� Ű�� ̸�� ο� �� ν��Ͻ�� ˴ϴ�.

�� ν��Ͻ�� ŷ� ��ͺ��̽� ��ü�� ˴ϴ�. �� ͺ��̽�� ִ� �� Sun ONE Web Server 6.1 ��ͺ��̽�� ˴ϴ�. CA�� ߺ��Ǵ� �� ȿ �Ⱓ �� CA�� մϴ�. �ߺ��Ǵ� CA�� ϸ� �� ˴ϴ�.

�� Ʈ �� .

�� ε�� ִ� ��Ʈ �� Sun ONE Web Server 6.1�� ԵǾ� ��, ��⿡�� VeriSign�� Ͽ� �� CA�� Ʈ �� ֽ��ϴ�. ��Ʈ �� ϸ� �� ξ� �� Ʈ �� ű� �� ׷��̵�� ֽ��ϴ�. �� Ʈ �� ϳ�� ϰ� �� ϳ�� ġ�ؾ� �߽��ϴ�. �� ˷�� CA �� ġ�ϴ� ��, �� Sun ONE Web Server�� ű� ��̳� Service Pack�� ǥ�� ű� �� Ʈ�ϸ� �˴ϴ�.

��Ʈ �� PKCS#11 ��ȣȭ �� ǹǷ� ��⿡ ��Ե� ��Ʈ �� , �ش� �� ϴ� �� ɼ�� ˴ϴ�. �� ν��Ͻ�� Ʈ �� Ϸ�� alias ��Ͽ�� Ͽ� ��Ʈ �� ʵ�� ؾ� �մϴ�.

libnssckbi.so (��κ�� UNIX �÷�� )

libnssckbi.sl (HP-UX)

nssckbi.dll (Windows)

�� , ��Ʈ �� Ϸ�� bin/https/lib (UNIX �� HP) �Ǵ� bin\https\bin(Windows)�� Ȯ�� Ī �� 丮�� ϸ� �˴ϴ�.

��Ʈ �� ŷ� �� ֽ��ϴ�. �ŷ� �� Ʈ �� ü�� ƴ϶� ��ϴ� �� ν��Ͻ�� ͺ��̽�� ϵǾ� �ֽ��ϴ�.

��

�� ġ�� پ�� ŷ� �� Ȯ��, �� Ǵ� �� ֽ��ϴ�. ��⿡�� ͻ� ��ü�� CA�� Ե˴ϴ�.

�� Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Manage Certificates ��ũ�� ϴ�.

�� ȣȭ �� ϴ� �⺻ �� ϴ� ��쿡�� ġ�� ش� �� ȿ �Ⱓ�� Բ� ǥ�õ˴ϴ�. �� server_root/alias�� ˴ϴ�.

�ϵ�� ӱ� �� ܺ� ��ȣȭ �� ϴ� ��쿡�� 켱 �ش� �� ȣ�� Է��ϰ� OK�� մϴ�. �� ش� ��⿡ �ִ� �� Ͽ� ��Ʈ�˴ϴ�.

��Ϸ�� Certificate Name�� ϴ�.

�ش� �� ɼ�� ִ� Edit Server Certificate �� ǥ�õ˴ϴ�. �� CA �� 쿡�� Ŭ��̾�Ʈ �ŷڸ� �� Ǵ� �� ֽ��ϴ�. �ܺ� ��ȣȭ ��⿡ �� 쵵 �ֽ��ϴ�.

Edit Server Certificate

Edit Server Certificate â�� ɼ�� ֽ��ϴ�.

Delete Certificate �Ǵ� Quit - ��

Set client trust, Unset server trust �Ǵ� Quit - CA ��

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

�� ڿ� ��ڰ� ǥ�õ˴ϴ�.

�ŷ� �� ̿��Ͽ� Ŭ��̾�Ʈ �ŷڸ� ��ϰų� �� ŷڸ� �� ֽ��ϴ�. LDAP �� ݵ�� ŷڵǾ�� մϴ�.

CRL �� KRL ��ġ/��

�� öȸ ��(CRL)�� Ű ��(CKL)�� Ŭ��̾�Ʈ�� ڰ� �� ̻� �ŷ��ϸ� �� Ǵ� �� ǥ��մϴ�. �� ȿ�Ⱓ�� ڰ� �繫�� ϰų� ��ϴ� �� Ͱ� ��Ǹ� �� ҵǸ� CRL�� ش� ��Ͱ� ǥ�õ˴ϴ�. Ű�� Ǵ� ��Ǵ� �� ش� Ű�� Ͱ� CKL�� ǥ�õ˴ϴ�. CRL�� CKL�� CA�� Ͽ� �� ֱ�� Ʈ�˴ϴ�.

CRL �Ǵ� CKL ��ġ

CA�� CRL �Ǵ� CKL�� մϴ�.

CRL�̳� CKL�� ٿ�ε�� CA�� URL�� Ȯ��մϴ�.

�� URL�� Է��Ͽ� ��Ʈ�� ̵��մϴ�.

CA�� CRL �Ǵ� CKL�� 丮�� ٿ�ε��մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Install CRL/CKL ��ũ�� ϴ�.

�� մϴ�.

Certificate Revocation List

Compromised Key List

�ش� �� ü �� ̸�� Է��մϴ�.

OK�� ϴ�.

Certificate Revocation List�� ϸ� CRL �� ִ� Add Certificate Revocation List �� ǥ�õ˴ϴ�.

Compromised Key List�� ϸ� CKL �� ִ� Add Compromised Key List �� ǥ�õ˴ϴ�.


��	��ͺ��̽�� ̹� CRL �Ǵ� CKL �� ִ� ��쿡�� Replace Certificate Revocation List �Ǵ� Replace Compromised Key List �� ǥ�õ˴ϴ�.

Add�� ϴ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

CRL �� CKL ��

CRL�� CKL�� Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Manage CRL/CKLs ��ũ�� ϴ�.

Manage Certificate Revocation List/Compromised Key List �� Ÿ�� ġ�� CRL�� CKL �� ȿ �Ⱓ�� Բ� ǥ�õ˴ϴ�.

Server CRL �Ǵ� Server CKL ��Ͽ�� Certificate Name�� մϴ�.

�ɼ�:

Delete CRL

Delete CKL

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

�� ⺻ ��

�� , �� ۾�� ֽ��ϴ�. Sun ONE Web Server�� پ�� Ұ� ��˴ϴ�.

��ȣȭ�� ȯ�Ͽ� �ǵ�� ܿ� �ƹ�� ˾ƺ� �� ϴ� ��μ��Դϴ�. �ص�ȭ�� ȣȭ�� ȯ�Ͽ� �ٽ� �˾ƺ� �� ֵ�� ϴ� ��μ��Դϴ�. Sun ONE Web Server 6.1�� SSL �� TLS ��ȣȭ �� մϴ�.

��ȣ�� ȣȭ �˰��(�� Լ�)�� ȣȭ �Ǵ� �ص�ȭ�� ˴ϴ�. SSL �� TLS ��ݿ�� پ�� ȣ ��ǰ�� Ե˴ϴ�. �� ȣ�� ٸ��ϴ�. �Ϲ�� ȣ�� ϴ� ��Ʈ�� ͸� �ص��ϴ� �� ƽ��ϴ�.

�� ȣȭ ��μ�� ʿ�� ݵ�� ȣ�� ־�� մϴ�. �پ�� ȣ�� Ƿ� �� Ǵ� ��ȣ�� ؾ� �մϴ�.

�� ῡ�� Ŭ��̾�Ʈ�� ſ� �� ִ� �� ȣȭ�� ϵ�� մϴ�. ��ȣ�� SSL2, SSL3 �� TLS �� ֽ��ϴ�.


��	SSL �� 2.0 �� Ȱ� �� Ǿ��Ƿ� SSL3�� ִ� Ŭ��̾�Ʈ�� ƴ� ��쿡�� SSL2�� ϸ� �� ˴ϴ�. Ŭ��̾�Ʈ �� SSL 2 ��ȣ�� ۵��ǵ�� ʽ��ϴ�.

��ȣȭ ��μ�� ü�δ� �� ϴ� �� ʽ��ϴ�. �� ȣȭ �� ų� �� ȣȭ�� ص��Ϸ�� ȣȭ ��ȣ�� Բ� Ű�� Ǿ�� մϴ�. ��ȣȭ ��μ�� Ͽ� �� Ű�� Ű�� Ű�� ˴ϴ�. �� Ű�� ȣȭ�� Ű�θ� �ص�� ֽ��ϴ�. �� Ű�� Ϻη� �� Ű�� ȣ�˴ϴ�.

�پ�� ȣ ��ǰ�� Ű �� ڼ�� SSL �� Ͻʽÿ�.

�� ִ� ��ȣ�� Ϸ�� Ͽ�� ش� �� մϴ�. Ư�� ȣ�� ϸ� �� Ǵ� �� ʴ� ��, �� ؾ� �մϴ�. �׷�� ȣȭ�� ġ�� ʴ� ��ȣ�� Դϴ�.


��	"No Encryption, only MD5 message authentication"�� ϸ� �� ˴ϴ�. Ŭ��̾�Ʈ �� ٸ� ��ȣ�� ⺻�� ǵ�� ȣȭ�� ʽ��ϴ�.

SSL �� TLS ��

Sun ONE Web Server 6.1�� ȣȭ ��ſ�� SSL(Secure Sockets Layer) �� TLS(Transport Layer Security) �� մϴ�. SSL�� TLS�� α׷� �� ݷ� �� α׷�� ϰ� ��ġ�� ֽ��ϴ�.

SSL�� TLS �� Ŭ��̾�Ʈ�� θ� ��ϰ�, �� ϸ� �� Ű�� ϴ� �� ۾�� Ǵ� �پ�� ȣ�� մϴ�. Ŭ��̾�Ʈ�� ϴ� ��, ��ȣȭ �� ȸ�� å, ��ȣȭ�� Ʈ�� ⿡ �� , �پ�� ο� �� ϴ� ��ȣ ��ǰ�� ޶��ϴ�. �ٸ� �� SSL�� TLS �ڵ��ũ ��ݿ� �� Ŭ��̾�Ʈ�� ſ� �� ȣ ��ǰ�� ϴ� �� ˴ϴ�.

LDAP�� ſ� SSL ��

Administration Server�� SSL�� Ͽ� LDAP�� ϵ�� ؾ� �մϴ�. Administration Server�� SSL�� ϵ�� Ϸ�� մϴ�.

Administration Server�� ׼��ϰ� Global Settings �� մϴ�.

Configure Directory Service ��ũ�� ϴ�.

Yes to use Secure Sockets Layer(SSL) for connections�� մϴ�.

Save Changes�� ϴ�.

OK�� Ʈ�� SSL�� LDAP�� ⺻ ��Ʈ�� մϴ�.

û�� Ͽ� ��

�� û�� ֽ��ϴ�.

��

û�� Ͽ� ��

��ȣ ��

��

û�� Ͽ�� ٸ� �� ϱ� �� ݵ�� ϵ�� ؾ� �մϴ�. �� û�� ų� �� û�� ֽ��ϴ�.

û��

�� û�� ϵ�� Ϸ�� մϴ�.

Server Manager�� ׼��ϰ� �� ٿ� ��Ͽ�� û�� ν��Ͻ�� մϴ�.

Preference �� ǥ�õ�� ʾ�� Ͽ� ǥ��մϴ�.

Edit Listen Sockets ��ũ�� մϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

New ��ư�� ϴ�.

Add Listen Socket �� ǥ�õ˴ϴ�.

�ʿ�� Է��ϰ� �⺻ �� մϴ�.

�� Ϸ�� Security �� ٿ� ��Ͽ�� Enabled�� մϴ�.

OK�� ϴ�.

Apply�� Restart�� մϴ�.

��

û�� Ϸ�� Edit Listen Sockets ��ũ�� ؾ� �մϴ�.

û��

�� Administration Server�� Server Manager�� û�� ϵ�� ֽ��ϴ�. û�� ϵ�� Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Security �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Preference �� ǥ�õ�� ʾ�� Ͽ� ǥ��մϴ�.

Edit Listen Sockets ��ũ�� մϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

û�� Ϸ�� Ϸ�� û�� Listen Socket ID�� ϴ�.

Edit Listen Socket �� ǥ�õ˴ϴ�.

�ش� û�� Ϸ�� Security �� ٿ� ��Ͽ�� Enabled�� մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

û�� Ͽ� ��

Administration Server�� Server Manager�� û�� Ͽ� ��û �� ġ�� ֽ��ϴ�.


��	�ݵ�� ġ�� ̻� �־�� մϴ�.

û�� Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Edit Listen Sockets ��ũ�� մϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

û�� Ϸ�� Ϸ�� û�� Listen Socket ID�� ϴ�.

Edit Listen Socket �� ǥ�õ˴ϴ�.

�ش� û�� Ϸ�� Security �� ٿ� ��Ͽ�� Enabled�� մϴ�.


��	�ܺ� �� ġ�� 쿡�� ϱ� �� Manage Server Certificates �� ܺ� �� ȣ�� 䱸�ϴ� �޽�� ǥ�õ˴ϴ�.

Server Certificate �� ٿ� ��Ͽ�� ش� ��Ͽ� �� մϴ�.

�� Ͽ�� ġ�� ܺ� �� ǥ�õ˴ϴ�.


��	��ġ�� Server Certificate Name �� ٿ� �� ޽�� ǥ�õ˴ϴ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

��ȣ ��

�� ȣ�Ϸ�� SSL�� ϵ�� ؾ� �մϴ�. SSL 2.0, SSL 3.0 �� TLS ��ȣȭ �� پ�� ȣ ��ǰ�� ֽ��ϴ�. SSL�� TLS�� Administration Server�� û�� Ͽ�� ϵ�� ֽ��ϴ�. Server Manager�� û�� Ͽ�� SSL �� TLS�� ϸ� �ش� û�� Ͽ� �� ⺻ �� ˴ϴ�.

��ȵ�� ϴ� ��, �ش� �� ʵ�� û�� Ͽ� ��Ǿ�� մϴ�.

�⺻ �� Ǵ� ��ȣ�� մϴ�. Ư�� ȣ�� ϸ� �� Ǵ� �� ʴ� ��, �� ؾ� �մϴ�. Ư�� ȣ�� ڼ�� SSL �� Ͻʽÿ�.


��	�ݵ�� ġ�� ̻� �־�� մϴ�.

tlsrollback �Ű� �� ⺻ �� true�Դϴ�. �̷�� ϸ� �� ߰��(man-in-the-middle) �� ѹ� �� õ�� ֽ��ϴ�. TLS ǥ�� ߸� �� Ϻ� Ŭ��̾�Ʈ�� ȣ ��뼺�� Ͽ� �� false�� ؾ� �ϴ� ��쵵 �ֽ��ϴ�.

tlsrollback�� false�� ϸ� �� ѹ� ��ݿ� ��ٴ� �� Ͻʽÿ�. �� ѹ� �� 3�ڰ� Ŭ��̾�Ʈ�� Ͽ�� SSLv2 �� ϵ�� ϴ� ��Ŀ��Դϴ�. SSLv2�� ˷�� Ƿ� �� ѹ� �� ϴ� �� 3�ڰ� ��ȣȭ�� ä�� ص�� ֽ��ϴ�.

SSL �� TLS�� Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�. �� û�� Ͽ� ��Ͽ� Edit Listen Socket �� ȣ �� ǥ�õ˴ϴ�.


��	û�� Ͽ�� Security�� ʴ� ��쿡�� SSL �� TLS �� ǥ�õ�� ʽ��ϴ�. ��ȣ�� Ϸ�� û�� Ͽ�� ǵ�� ؾ� �մϴ�. �� ڼ�� "û�� Ͽ� �� "�� Ͻʽÿ�.

�ʿ�� ȣȭ �� ش��ϴ� ��ö�� մϴ�.


��	Netscape Navigator 6.0�� TLS�� SSL 3�� մϴ�. TLS Rollback�� Ͽ� TLS�� ϰ� SSL 3�� SSL2�� Ǿ�� Ȯ��մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.


��	û�� Ͽ� �� ϵ�� ϰ� �� ϸ� magnus.conf �� ڵ�� Ǿ� �� ǥ�õǸ�, �ش� û�� Ͽ� �� ⺻ �� Ű� �� ˴ϴ�.

�� SSL�� ϸ� URL�� http�� ƴ� https�� մϴ�. SSL�� ϴ� �� Ű�� URL�� ϴ�.

https://servername.[domain.[dom]]:[port#]

��: https://admin. admin.sun.com:443.

�⺻ �� http ��Ʈ ��ȣ(443)�� ϴ� �� URL�� Ʈ ��ȣ�� Է�� ʾƵ� �˴ϴ�.

��

SSL�� ϴ� �� ġ�ϸ� magnus.conf��(�� ⺻ �� )�� Ű� �� ù� �׸�� ϴ�. �� ۵��Ϸ�� Security�� ݵ�� "on"�� Ǿ�� մϴ�. �� SSL �� server.xml �� SSLPARAMS ��ҿ� �ֽ��ϴ�.

SSL �� ù�� Ϸ�� մϴ�.

Server Manager�� ׼��ϰ� �� ٿ� ��Ͽ�� ش� �� ν��Ͻ�� մϴ�.

��Ϸ�� û�� Ͽ�� ϴ�� Ȯ��Ͻʽÿ�. �� ϵ�� Ϸ�� մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

�� ϵ�� Ϸ�� û�� Ͽ� �ش��ϴ� Listen Socket ID�� ϴ�.

�̷�� ϸ� Edit Listen Socket �� ̵��մϴ�.

Security �� ٿ� ��Ͽ�� Enabled�� մϴ�.

OK�� ϴ�.

Magnus Editor ��ũ�� ϴ�.

�� ٿ� ��Ͽ�� SSL Settings�� ϰ� Manage�� ϴ�.

�� ׸�� Է��մϴ�.

SSLSessionTimeout

SSLCacheEntries

SSL3SessionTimeout

OK�� ϴ�.

Apply�� Restart�� մϴ�.

SSL Configuration File Directives�� ϴ�.

SSLSessionTimeout

SSLSessionTimeout�� SSL2 �� ĳ�ø� ��մϴ�.

��

SSLSessionTimeout ��

�� ĳ�õ� SSL �� ȿ �ð�� Է��մϴ�. �⺻�� 100�Դϴ�. SSLSessionTimeout ��ù�� Ǹ� �� ڵ�� 5�� 100�ʷ� ��ѵ˴ϴ�.

SSLCacheEntries

ĳ�� ִ� SSL �� մϴ�.

SSL3SessionTimeout

SSL3SessionTimeout ��ù�� SSL3 �� TLS �� ĳ�� մϴ�.

��

SSL3SessionTimeout ��

�� ĳ�õ� SSL3 �� ȿ �ð�� Է��մϴ�. �⺻�� 86400(24�ð�)�Դϴ�. SSL3SessionTimeout �� Ǹ� �� ڵ�� 5�� 86400�ʷ� ��ѵ˴ϴ�.

�ܺ� ��ȣȭ ��

Sun ONE Web Server 6.1�� Ʈ ī�峪 ��ū �� ܺ� ��ȣȭ �� ϴ� �� մϴ�.

PKCS#11

FIPS-140

FIPS-140 ��ȣȭ ǥ�� ϱ� �� PKCS#11 �� ߰��ؾ� �մϴ�.

PKCS#11 �� ġ

Sun ONE Web Server�� PKCS(Public Key Cryptography Standard)#11�� մϴ�. �̴� SSL�� PKCS#11 �� ſ�� Ǵ� ��̽�� մϴ�. PKCS#11 �� SSL �ϵ�� ӱ⿡ �� ǥ�� ˴ϴ�. �ܺ� �ϵ�� ӽÿ�� Ű�� secmod.db�� Ǹ�, �� PKCS#11�� ġ�� ˴ϴ�.

modutil�� Ͽ� PKCS#11 �� ġ

modutil �� Ͽ� PKCS#11 �� .jar �� Ǵ� ��ü �� ·� ��ġ�� ֽ��ϴ�.

modutil�� Ͽ� PKCS#11 �� ġ�Ϸ�� մϴ�.

Administration Server�� Ͽ� �� Ǿ�� մϴ�.

��ͺ��̽�� ִ� server_root/alias ��丮�� ̵��մϴ�.

server_root/bin/https/admin/bin�� PATH�� ߰��մϴ�.

server_root/bin/https/admin/bin�� modutil�� ã��ϴ�.

ȯ�� մϴ�. ��:

UNIX: setenv

LD_LIBRARY_PATH server_root/bin/https/lib:${LD_LIBRARY_PATH}

IBM-AIX: LIBPATH

HP-UX: SHLIB_PATH

Windows�� ̸� PATH�� ߰��մϴ�.

LD_LIBRARY_PATH server_root/bin/https/bin

�Ʒ� �� ǻ�Ϳ� PATH�� ã�� ֽ��ϴ�. server_root/https-admin/start.

�� Է��մϴ�. modutil.

�ɼ� �� ǥ�õ˴ϴ�.

�ʿ�� ġ�� մϴ�.

�� PCKS#11 �� UNIX�� ߰��Ϸ�� Է��մϴ�.

modutil -add (the name of PCKS#11 file) -libfile (your libfile for PCKS#11) -nocertdb -dbdir . (��ϴ� db ��丮)

pk12util ��

pk12util�� ϸ� �� ͺ��̽�� Ű�� ̸� �� Ǵ� �ܺ� PKCS#11 �� ֽ��ϴ�. �� Ű�� ͺ��̽�� , �ܺ� ��ū�� κ� �� Ű�� ϴ�. �⺻�� pk12util�� cert8.db�� kyes3.db�� ̸�� Ű ��ͺ��̽�� մϴ�.

pk12util�� Ͽ� ��

�� ͺ��̽�� Ű�� մϴ�.

��ͺ��̽�� ִ� server_root/alias ��丮�� ̵��մϴ�.

server_root/bin/https/admin/bin�� PATH�� ߰��մϴ�.

server_root/bin/https/admin/bin�� pk12util�� ã��ϴ�.

ȯ�� մϴ�. ��:

UNIX: setenv

LD_LIBRARY_PATH/server_root/bin/https/lib:${LD_LIBRARY_PATH}

IBM-AIX: LIBPATH

HP-UX: SHLIB_PATH

Windows�� ̸� PATH�� ߰��մϴ�.

LD_LIBRARY_PATH server_root/bin/https/bin

�Ʒ� �� ǻ�Ϳ� PATH�� ã�� ֽ��ϴ�. server_root/https-admin/start.

�� Է��մϴ�. pk12util.

�ɼ� �� ǥ�õ˴ϴ�.

�ʿ�� ġ�� մϴ�.

�� UNIX�� Է��մϴ�.

pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host]

��ͺ��̽� ��ȣ�� Է��մϴ�.

pkcs12 ��ȣ�� Է��մϴ�.

pk12util�� Ͽ� ��

�� Ǵ� �ܺ� PKCS#11 �� Ű�� մϴ�.

��ͺ��̽�� ִ� server_root/alias ��丮�� ̵��մϴ�.

server_root/bin/https/admin/bin�� PATH�� ߰��մϴ�.

server_root/bin/https/admin/bin�� pk12util�� ã��ϴ�.

ȯ�� մϴ�. ��:

UNIX: setenv

LD_LIBRARY_PATH/server_root/bin/https/lib:${LD_LIBRARY_PATH}

IBM-AIX: LIBPATH

HP-UX: SHLIB_PATH

Windows�� ̸� PATH�� ߰��մϴ�.

LD_LIBRARY_PATH server_root/bin/https/bin

�Ʒ� �� ǻ�Ϳ� PATH�� ã�� ֽ��ϴ�. server_root/https-admin/start.

�� Է��մϴ�. pk12util.

�ɼ� �� ǥ�õ˴ϴ�.

�ʿ�� ġ�� մϴ�.

�� UNIX�� Է��մϴ�.

pk12util -i pk12_sunspot [-d certdir][-h ?Cipher?[-P https-jones.redplanet.com-jones-]

-P�� ݵ�� -h �ڿ� �־�� ϸ� �� μ�� մϴ�.

�빮�ڿ� �ο� ��ȣ �� Ͽ� ��ū �̸�� Ȯ�� Է��մϴ�.

��ͺ��̽� ��ȣ�� Է��մϴ�.

pkcs12 ��ȣ�� Է��մϴ�. �ܺ� �� Ͽ� ��

�� ܺ� PKCS#11��(�ϵ�� ӱ� ��)�� ġ�� , server.xml�� ϰų� �Ʒ�� Ͱ� �� ̸�� Ͽ� �� ϴ�.

�� ׻� "Server-Cert"�� ̸�� Ͽ� ��Ϸ�� õ��մϴ�. �׷�� ܺ� PKCS#11 ��⿡ �ִ� �� ش� ID�� ū �̸� �� ϳ�� Ե˴ϴ�. �� ܺ� ��Ʈī�� ǵ��⿡ ��ġ�� "smartcard0"�� , �̸�� "smartcard0:Server-Cert"�� ˴ϴ�.

�ܺ� ��⿡ ��ġ�� Ͽ� �� Ϸ�� Ǵ� û�� Ͽ� �� ̸�� ؾ� �մϴ�.

û�� Ͽ� �� ̸� ��

û�� Ͽ� �� ̸�� Ϸ�� մϴ�.


��	û�� Ͽ�� Security�� ʴ� ��쿡�� ǥ�õ�� ʽ��ϴ�. û�� Ͽ� �� ̸�� Ϸ�� ݵ�� 켱 û�� Ͽ�� ϵ�� ؾ� �մϴ�. �� ڼ�� "û�� Ͽ� �� "�� Ͻʽÿ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Preference �� õ�� ʾ�� մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

�� Ϸ�� û�� Ͽ� �ش��ϴ� Listen Socket ID ��ũ�� ϴ�.

Edit Listen Socket �� ǥ�õ˴ϴ�.

Server Certificate �� ٿ� ��Ͽ�� ش� ��Ͽ� �� մϴ�.

�� Ͽ�� ġ�� ܺ� �� ǥ�õ˴ϴ�.


��	��ġ�� Server Certificate Name �� ٿ� �� ǥ�õ˴ϴ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

�� server.xml �� Ͽ� �� ش� �� Ͽ� ��ϵ�� ֽ��ϴ�. SSLPARAMS�� servercertnickname�� մϴ�.

$TOKENNAME:Server-Cert

$TOKENNAME �� ã�� Security �� ̵��Ͽ� Manage Certificate ��ũ�� մϴ�. Server-Cert�� ܺ� �� α��ϸ� �ش� �� $TOKENNAME:$NICKNAME �� Ͽ� ǥ�õ˴ϴ�.


��	�ŷ� ��ͺ��̽�� 쿡�� ܺ� PKCS#11 ��⿡�� û�ϰų� ��ġ�ϸ� �ڵ�� ϴ�. �� ⺻ ��ͺ��̽�� ȣ�� ׼�� ϴ�. �ܺ� �� ۵�� û�ϰų� ��ġ�� ϴ�. �⺻ ��ͺ��̽�� ȣ �� Create Database�� Security �ǿ�� ȣ�� մϴ�.

FIPS-140 ǥ��

PKCS#11 API�� ϸ� ��ȣȭ �۾�� ϴ� ��Ʈ�� Ǵ� �ϵ�� ֽ��ϴ�. PKCS#11�� ġ�Ǹ� Sun ONE Web Server�� FIPS(Federal Information Processing Standards)-140 ǥ�� ֽ��ϴ�. �� ̺귯�� SSL �� 3.0�� ԵǾ� �ֽ��ϴ�.

FIPS-140�� Ϸ�� մϴ�.

FIPS-140�� ÷�� ġ�մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�. �� û�� Ͽ� ��Ͽ� Edit Listen Socket �� ǥ�õ˴ϴ�.


��	FIPS-140�� Ϸ�� û�� Ͽ�� ǵ�� ؾ� �մϴ�. �� ڼ�� "û�� Ͽ� �� "�� Ͻʽÿ�.

Enable�� õǾ� �� SSL Version 3 �� ٿ� ��Ͽ�� մϴ�.

�� FIPS-140 ��ȣ ��ǰ�� մϴ�.

56��Ʈ ��ȣȭ�� SHA �޽�� Ե� (FIPS)DES.

168��Ʈ ��ȣȭ�� SHA �޽�� Ե� (FIPS)Triple DES

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

Ŭ��̾�Ʈ �� 䱸 ��

�� ܰ踦 �� , Ŭ��̾�Ʈ�� ߰� �� 䱸 �� ֽ��ϴ�.

Ŭ��̾�Ʈ �� ʼ�ȭ

Administration Server�� û�� ϵ�� ϰ� �� ν��Ͻ�� Ŭ��̾�Ʈ �� û�ϵ�� ֽ��ϴ�. Ŭ��̾�Ʈ �� ϸ� �� Ŭ��̾�Ʈ�� 䱸�մϴ�.

Sun ONE Web Server�� Ŭ��̾�Ʈ �� ִ� CA�� Ŭ��̾�Ʈ �� ŷڵ� CA�� Ͽ� Ŭ��̾�Ʈ �� մϴ�. Ŭ��̾�Ʈ �� CA�� Administrator Server�� Security�� ִ� Manage Certificates �� Ȯ�� ֽ��ϴ�. CA�� Դϴ�.

Untrusted CA (�񱳵�� )

Trusted Server CA (�񱳵�� )

Trusted Client CA (�񱳵�)

Trusted Client/Server CA (�񱳵�)

�� ŷڵ� CA�� Ŭ��̾�Ʈ�� ź��ϵ�� ֽ��ϴ�. CA�� Ǵ� �ź��Ϸ�� ݵ�� CA�� Ŭ��̾�Ʈ �ŷڸ� ��ؾ� �մϴ�. �� ڼ�� "�� "�� Ͻʽÿ�.

Sun ONE Web Server�� ȿ �Ⱓ�� ϰ� �� ź��ϸ� Ŭ��̾�Ʈ�� ޽�� ݼ��մϴ�. �� Administration Servers Manage Certificates �� Ȯ�� ֽ��ϴ�.

�� Ŭ��̾�Ʈ�� Ͽ� �̸� LDAP ��丮�� ִ� �� ׸�� ϵ�� ֽ��ϴ�. �̷�� ϸ� Ŭ��̾�Ʈ�� ȿ�ϸ� LDAP ��丮�� ׸�� ǵ�� մϴ�. �� Ŭ��̾�Ʈ �� LDAP ��丮�� ׸� �� ϳ�� ġ�ǵ�� մϴ�. �̿� �� "Ŭ��̾�Ʈ �� LDAP�� "�� Ͻʽÿ�.

Ŭ��̾�Ʈ �� ׼�� Ƿ� �ŷڵ� CA�� 䱸 �� ̿ܿ� �� ڴ� �ݵ�� ׼�� Ģ(ACL)�� ġ�Ǿ�� մϴ�. �� ڼ�� "�׼�� " �� 184�� Ͻʽÿ�.

�� Ŭ��̾�Ʈ �� ó�� ֽ��ϴ�. �ڼ�� Sun ONE Web Server 6.1 NSAPI Programmer's Guide�� Ͻʽÿ�.

Ŭ��̾�Ʈ �� 䱸

Ŭ��̾�Ʈ �� 䱸�Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��ϰ� Preferences �� մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Edit Listen Sockets ��ũ�� ϴ�.

Edit Listen Sockets �� ǥ�õ˴ϴ�.

Ŭ��̾�Ʈ �� 䱸�� û�� Ͽ� �ش��ϴ� Listen Socket ID ��ũ�� ϴ�.

Edit Listen Socket �� ǥ�õ˴ϴ�.

�ش� û�� Ͽ� Ŭ��̾�Ʈ �� 䱸�Ϸ�� Client Authentication �� ٿ� ��Ͽ�� Required�� մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.


��	�� ν��Ͻ�� ϳ�� ŷ� ��ͺ��̽�� մϴ�. �ش� �� ν��Ͻ�� Ͽ� ��Ǵ� �� ŷ� �� CA�� մϴ�. �� ٸ� �� CA�� ʿ�� 쿡�� ش� �� ŷ� ��ͺ��̽�� ִ� �� ٸ� �� ν��Ͻ�� Ǿ�� մϴ�.

Ŭ��̾�Ʈ �� LDAP��

�� κп�� Sun ONE Web Server�� Ŭ��̾�Ʈ �� LDAP ��丮�� ׸�� ϴ� �� ϴ� ��μ�� Ͽ� ��մϴ�.

�� Ŭ��̾�Ʈ�� û�� ŵǸ� �̸� ó��ϱ� �� Ŭ��̾�Ʈ�� 䱸�մϴ�. Ŭ��̾�Ʈ�� û�� Բ� Ŭ��̾�Ʈ�� ϴ� ��쵵 �ֽ��ϴ�.

�� CA�� Administration Server�� ִ� �ŷ� CA�� ϰ� ��Ϸ�� մϴ�. ��ġ �׸�� Sun ONE Web Server�� մϴ�. ��ġ �׸�� û ó�� մϴ�.

�ŷ� CA�� Ȯ�� , �� LDAP �׸�� մϴ�.

Ŭ��̾�Ʈ �� ִ� ��ڿ� �� DN�� LDAP ��丮�� б�� մϴ�.

LDAP ��丮�� Ŭ��̾�Ʈ �� (�� )�� ġ�ϴ� �׸�� ִ�� ˻��մϴ�.

(��) Ŭ��̾�Ʈ �� DN�� ش��ϴ� LDAP �׸� �� ϳ�� Ȯ��մϴ�.

�� certmap.conf�� Ͽ� LDAP �˻� �� մϴ�. �� Ͽ� �� Ŭ��̾�Ʈ �� (�� ̸�, ��ڿ�� ּ� ��)�� մϴ�. �� ̵� �� Ͽ� LDAP ��丮�� ׸�� ˻��, �켱 �� LDAP ��丮�� ˻�� ġ�� ؾ� �մϴ�. �� Ͽ�� ġ�� ֽ��ϴ�.

�� ˻�� ġ�� ˻�� ׸�� ϸ�(��1�ܰ�) LDAP ��丮�� ˻�� մϴ�(��2�ܰ�). ��ġ �׸�� ų� ��ġ �׸�� Ȯ�� ʰ� �˻�� մϴ�. ��Ǵ� �˻� �� ü �� Ʒ�� ǥ 6-1�� Ͻʽÿ�. �� ACL�� Ǵ� �۵�� ֽ��ϴ�. �� , Sun ONE Web Server�� ġ�� ϴ� ��쿡�� ϵ�� ֽ��ϴ�. ACL �⺻ �� ڼ�� "�׼�� " �� 184�� Ͻʽÿ�.

ǥ 6-1) LDAP �˻� ��

LDAP �˻� ��	�� ON	�� OFF
�˻�� ׸� ��	��	��
��Ȯ�� ׸� ��ġ	��	��
�� ׸� ��ġ	��	��

�� LDAP ��丮�� ġ �׸�� ã�� ش� �� Ͽ� Ʈ�� ó�� ֽ��ϴ�. �� -LDAP �� Ͽ� �� ׼�� մϴ�.

certmap.conf ��

�� ο� �� LDAP ��丮�� ׸�� ã�� ˴ϴ�. certmap.conf�� Ͽ� �̸�� õ� �� LDAP �׸�� ġ��Ű�� ֽ��ϴ�. �� ̸� ��ϰ� �׸�� ߰��Ͽ� LDAP ��丮�� ˻��ϰ� ��ڿ�� ο�� ǥ�� ֽ��ϴ�. ��ڴ� ��ID, ��ڿ�� Ǵ� subjectDN�� Ǵ� �ٸ� �� ֽ��ϴ�. Ư��, �� Ͽ�� ǵ˴ϴ�.

�� ˻�� ϴ� LDAP Ʈ�� ġ

LDAP ��丮�� ׸�� ˻�� ˻� ��ַ� �� Ӽ�

�� ߰��

�� ֽ��ϴ�.

server_root/userdb/certmap.conf

��Ͽ�� ϳ� �̻�� ̸� �� , �� ٸ� CA�� ˴ϴ�. �� ϴ�.

certmap <name> <issuerDN>

<name>:<property> [<value>]

ù ��° �� ׸�� ̸�� CA �� ִ� �� ̸�� ϴ� �Ӽ�� մϴ�. name�� Ƿ� ��ϴ� �̸�� ֽ��ϴ�. �׷�� issuerDN�� ݵ�� Ŭ��̾�Ʈ �� CA�� DN�� Ȯ�� ġ�ؾ� �մϴ�. �� Ʒ�� issuerDN �� ̴� �� Ӽ�� ϴ� �� ׸�� ٸ� �� ó��մϴ�.

certmap sun1 ou=Sun Certificate Authority,o=Sun, c=US
certmap sun2 ou=Sun Certificate Authority,o=Sun, c=US


��	Sun ONE Directory Server�� ϸ� issuerDN�� ˻��ϴµ� �� ߻��ϴ� ��쿡�� Directory Server �� α׿� �� ִ�� Ȯ��Ͻʽÿ�.

�̸� �� ° �� մϴ�. certmap.conf ��Ͽ�� ֽ��ϴ�. (�� API�� Ͽ� �� ֽ��ϴ�.)

DNComps�� ǥ�� и�� Ӽ� ��, LDAP ��丮�� (��, Ŭ��̾�Ʈ �� )�� ġ�ϴ� �׸� �˻�� ġ�� ϴµ� ��մϴ�. �� Ŭ��̾�Ʈ �� ̵� �Ӽ� �� ϰ� �� Ͽ� LDAP DN�� մϴ�. �׷� �� LDAP ��丮�� ˻�� ġ�� մϴ�. �� , DNComps�� DN�� o�� c �Ӽ�� ϵ�� ϸ� �� LDAP ��丮�� Ӽ�� o=<org>, c=<country>�� ׸�� ˻�� մϴ�. ��⿡�� <org>�� <country>�� DN�� ִ� �� ü�˴ϴ�.

�� Ȳ�� Ͻʽÿ�.

��ο� DNComps �׸�� 쿡�� CmapLdapAttr �� ϰų� Ŭ��̾�Ʈ �� ִ� ��ü �� DN(��, �� )�� մϴ�.

DNComps �׸�� , �� ü LDAP Ʈ�� Ϳ� ��ġ�ϴ� �׸�� ˻��մϴ�.

FilterComps�� ǥ�� и�� Ӽ� �� Ŭ��̾�Ʈ �� ִ� �� DN�� Ͽ� ��͸� �� մϴ�. �� ̵� �Ӽ�� Ͽ� LDAP ��丮�� ׸�� ϴµ� �� ˻� ��ָ� ��մϴ�. LDAP�� ġ�ϴ� �׸�� ϳ� �̻� �˻��Ǵ� �� ˻�� ̸� �� մϴ�.

�� FilterComps�� ڿ�� ID �Ӽ�� ϵ�� ϴ� ��(FilterComps=e, uid), �� 丮�� ڿ�� ID �� Ŭ��̾�Ʈ �� ġ�ϴ� �׸�� ˻��մϴ�. ��ڿ�� ּҿ� ��ID�� 丮�� ׸��̹Ƿ� �� Դϴ�. LDAP ��ͺ��̽�� ϳ�� ׸� �˻��Ϸ�� Ͱ� ��ü��̾�� մϴ�.

x509v3 �� Ӽ� �� ǥ�� Ͻʽÿ�.

ǥ 6-2) x509v3 �� Ӽ�

�Ӽ�	��
c	��
o	��ü
cn	�� ̸�
l	��
st	��
ou	��
uid	UNIX/Linux ��ID
email	��ڿ�� ּ�

��Ϳ� �Ӽ� �̸�� LDAP ��丮�� ƴ� �� Ӽ� �̸��̾�� մϴ�. �� Ϻ� �� ڿ�� ּҿ� �Ӽ�� e�� ִ� �ݸ� LDAP�� Ӽ�� ̸�� mail�Դϴ�.

�� verifycert�� Ŭ��̾�Ʈ�� LDAP ��丮�� ˻�� մϴ�. �� ON�̰ų� OFF�Դϴ�. �� LDAP ��丮�� ִ� ��쿡�� ؾ� �մϴ�. �� ȿ�ϸ� ��ҵ�� ʾҴ�� Ȯ��ϴ� �� մϴ�.

CmapLdapAttr�� LDAP ��丮�� ִ� �Ӽ� �̸�� ڿ�� DN�� մϴ�. �� ⺻�� certSubjectDN�Դϴ�. �� ǥ�� LDAP �Ӽ�� ƴϹǷ� �� Ϸ�� ݵ�� LDAP ��Ű�� Ȯ��ؾ� �մϴ�. �ڼ�� SSL �� Ͻʽÿ�.

certmap.conf�� ü LDAP ��丮�� Ӽ�� ü DN(�� DN)�� ġ�ϴ� �׸�� ˻��մϴ�. �ش� �׸�� ˻�� ʴ� �� DNComps�� FilterComps �� Ͽ� �ٽ� �˻��մϴ�.

�� LDAP �׸�� ġ��Ű�� DNComps�� FilterComps�� Ͽ� �׸�� ġ��Ű�� մϴ�.

Library�� ̺귯�� Ǵ� DLL�� ̸�� Դϴ�. �� API�� Ͽ� ��ü�� 쿡�� մϴ�. �� ڼ�� NSAPI Programmer's Guide�� Ͻʽÿ�.

InitFn�� ̺귯�� ִ� init �Լ�� ̸�� Դϴ�. �� API�� Ͽ� ��ü�� 쿡�� մϴ�.

�� ڼ�� "�� "�� Ͻʽÿ�.

��

Ŭ��̾�Ʈ �� API�� Ͽ� ��ü�� ֽ��ϴ�. Ŭ��̾�Ʈ �� API ��α׷��ְ� �� NSAPI Programmer's Guide�� Ͻʽÿ�.

�� ִ� �� մϴ�.

<name>:library <path_to_shared_library>
<name>:InitFn <name_of_init_function>

��:

certmap default1 o=Sun Microsystems, c=US
default1:library /usr/sun/userdb/plugin.so
default1:InitFn plugin_init_fn
default1:DNComps ou o c
default1:FilterComps l
default1:verifycert on

��

certmap.conf ��Ͽ�� ּ�� ̻�� ׸�� ־�� մϴ�. certmap.conf �� ϴ� �پ�� ̴� �Ͱ� ��ϴ�.

�� 1

�� certmap.conf ��Ͽ�� "�⺻" ��θ� �ֽ��ϴ�.

certmap default default
default:DNComps ou, o, c
default:FilterComps e, uid
default:verifycert on

�� ϸ� �� ou=<orgunit>, o=<org>, c=<country> �׸�� ϴ� LDAP �б�� ˻�� ϸ�, ��⿡�� <>�� ؽ�Ʈ�� Ŭ��̾�Ʈ �� ִ� �� DN�� ü�˴ϴ�.

�� , �� ִ� ��ڿ�� ּҿ� ��ID �� Ͽ� LDAP ��丮�� ġ�ϴ� �׸�� ִ�� ˻��մϴ�. �׸�� ˻��Ǹ� �� Ŭ��̾�Ʈ�� 丮�� ִ� �� Ͽ� �� մϴ�.

�� 2

�� Ͽ�� ⺻�� US �� 񽺿�� ֽ��ϴ�.

certmap default default
default:DNComps
default:FilterComps e, uid

certmap usps ou=United States Postal Service, o=usps, c=US
usps:DNComps ou,o,c
usps:FilterComps e
usps:verifycert on

�� ̱� �� 񽺰� �ƴ� �ٸ� �� ŵǸ� �⺻ �� մϴ�. �� LDAP Ʈ�� ܿ�� Ͽ� Ŭ��̾�Ʈ�� ڿ�� ID�� ġ�ϴ� �׸�� ˻��մϴ�. �̱� �� ϴ� LDAP �б⿡�� ˻�� ϸ� ��ġ�ϴ� ��ڿ�� ּҸ� �˻��մϴ�. �� USPS�� ̸� �� Ÿ �� ʽ��ϴ�.


��	�� DN(��, CA ��)�� ݵ�� ù ��° �� Ͽ� �ִ� �� DN�� ؾ� �մϴ�. �� o=United States Postal Service,c=US�� DN�� o�� c �Ӽ� ��̿� �� Ƿ� ��ġ�� ʽ��ϴ�.

�� 3

�� CmapLdapAttr �� Ͽ� LDAP ��ͺ��̽�� certSubjectDN�̶�� ϴ� �Ӽ�� ˻��մϴ�. �� Ӽ�� Ŭ��̾�Ʈ �� DN ��ü�� Ȯ�� ġ�մϴ�.

certmap myco ou=My Company Inc, o=myco, c=US
myco:CmapLdapAttr certSubjectDN
myco:DNComps o, c
myco:FilterComps mail, uid
myco:verifycert on

Ŭ��̾�Ʈ �� ,

uid=Walt Whitman, o=LeavesOfGrass Inc, c=US

�� 켱 �� ׸�� ˻��մϴ�.

certSubjectDN=uid=Walt Whitman, o=LeavesOfGrass Inc, c=US

��ġ�ϴ� �׸�� ϳ� �̻�� 쿡�� ׸�� մϴ�. �˻�� ׸�� DNComps�� FilterComps�� Ͽ� ��ġ�ϴ� �׸�� ˻��մϴ�. �� o=LeavesOfGrass Inc, c=US �Ʒ�� ׸񿡼� uid=Walt Whitman�� ˻��մϴ�.


��	�� LDAP ��丮�� certSubjectDN �Ӽ�� ִ� �׸�� Ե� �� մϴ�.

��

Stronger Ciphers �ɼǿ�� ׼�� 168, 128 �Ǵ� 56��Ʈ �� Ű�� ϰų� �� ֽ��ϴ�. ��ѿ� �� ʴ� �� 񽺵� �� ֽ��ϴ�. �� Sun ONE Web Server�� "Forbidden" ��¸� ��ȯ�մϴ�.

�� ׼�� Ű ũ�Ⱑ Security Preferences�� ȣ �� ʴ� �� Sun ONE Web Server�� ū �� Ű�� ȣ�� ؾ� �Ѵٴ� �� ȭ ��ڰ� ǥ�õ˴ϴ�.

�� Ű ũ�� Service fn=key-toosmall�� ƴ� obj.conf�� NSAPI PathCheck ��ù�� ˴ϴ�. ��ù�:

PathCheck fn="ssl-check" [secret-keysize=<nbits>] [bong-file=<filename>]

��⿡�� <nbits>�� Ű�� ʿ�� ּ� ��Ʈ ��̸� <filename>�� ʴ� �� 񽺵� �� ̸�(URL �ƴ�)�Դϴ�.

SSL�� ʰų� secret-keysize �Ű� �� PathCheck�� REQ_NOACTION�� ȯ�մϴ�. �� Ű ũ�Ⱑ �� secret-keysize�� , bong-file�� Լ�� REQ_ABORTED�� PROTOCOL_FORBIDDEN ��¿� �Բ� ��ȯ�մϴ�. �׷�� REQ_PROCEED�� ȯ�ϸ� "path" �� bong-file <filename>�� ˴ϴ�. �� Ű ũ�� ǿ� SSL �� ĳ�ð� ��ȿȭ�Ǿ� �� Ŭ��̾�Ʈ�� ϸ� ��ü SSL �ڵ��ũ�� ߻��մϴ�.


��	Stronger Ciphers �� ϸ� PathCheck fn=ssl-check�� ߰�� ü�� ˻��Ǵ� Service fn=key-toosmall ��ù�� ŵ˴ϴ�.

�� ȣ�� Ϸ�� մϴ�.

Server Manager�� ׼��ϰ� �� ٿ� ��Ͽ�� ν��Ͻ�� մϴ�.

Virtual Server Class �� ϴ�.

�� ٿ� ��Ͽ�� Ŭ�� ϰ� Manage�� ϴ�.

Class Manager �� ǥ�õ˴ϴ�.

Content Mgmt �� մϴ�.

Stronger Ciphers�� մϴ�.

�� ɼ� �� մϴ�.

�� ٿ� ��

Browse ��

Wildcard ��

�� Ű ũ�� մϴ�.

168��Ʈ �̻�

128��Ʈ �̻�

56��Ʈ �̻�

��

�׼�� ź�� ޽�� ġ�� Է��մϴ�.

OK�� ϴ�.

Apply�� ϴ�.

hard start/restart �Ǵ� dynamically apply�� մϴ�.

�ڼ�� SSL �� Ͻʽÿ�.

�߰� ��

�� ȣ�� ص��Ϸ�� õ� �ܿ�� ٸ� �� ֽ��ϴ�. ��Ʈ��ũ�� ׼��Ϸ�� پ�� ϴ� �ܺ� �� Ŀ�� 迡 �� ֽ��ϴ�.

�� ȣȭ�� ϴ� �� ̿ܿ� �߰�� ġ�� ؾ� �մϴ�. �� ǻ�͸� �� ġ��Ű�ų� �ŷڵ�� α׷�� ø�� ϵ�� ؾ� �մϴ�.

�� ϰ� ��µ� �� ߿�� ׵鿡 ��Ͽ� �� Դϴ�.

�� ׼��

�� ׼��

�� ȣ ��

��ȣ �Ǵ� PIN ��

�� Ÿ �� α׷� ��

Ŭ��̾�Ʈ�� SSL �� ĳ�� ϵ��

��Ʈ ��

�� Ѱ� �ľ�

�� ȣ�� ߰� ��

�� ׼��

�� ֽ��ϴ�. �� ǻ�͸� �� ġ�� ִ� �� ġ�� ִ� ��  �� ֵ�� մϴ�. �̷�� ϸ� �� ǻ�� ü�� ŷ�� մϴ�.

�� ִ� �� ǻ�� (��Ʈ) ��ȣ�� ȣ�Ͻʽÿ�.

�� ׼��

�� ϴ� �� ڿ� ��ǻ�Ϳ�� ϵ�� ׼��  ��ؾ� �մϴ�. Administrator Server�� LDAP ��ڿ�� LDAP �� 丮 �� ׼�� ο��ϵ�� ϴ� ��, SSL�� ϴ� Administration Server�� ϰ� ��ڰ� ��Ÿ Administration Server�� ׼�� ֵ�� Administration Server�� Ŭ�� Ͻʽÿ�.

Ŭ��Ϳ� �� ڼ�� "Ŭ�� " �� 153�� Ͻʽÿ�.

�� Administration Server�� ȣȭ�� ؾ� �մϴ�. �� SSL �� ʴ� ��쿡�� ȵ�� Ʈ��ũ�� Ͽ� �� ؾ� �մϴ�. �� ȣ�� ä�� 籸�� ֽ��ϴ�.

�� ȣ ��

�� ȣ, �� Ű ��ȣ, ��ͺ��̽� ��ȣ �� ȣ�� մϴ�. �� ȣ�� ǻ�Ϳ� �ִ� �� Ƿ� �� ߿�� ȣ�Դϴ�. �� Ű ��ȣ�� ߿�� ȣ�Դϴ�. �� Ű�� Ű ��ȣ�� ̴� ��¥ �� ų� �� ä�� ֽ��ϴ�.

�� ȣ�� ڽ�� ٸ� �� ȣ�Դϴ�. �� Mci12!mo�� "My Child is 12 months old!"�� Դϴ�. �ڳ�� ̸��̳� �� ȣ�Դϴ�.

�ص��ϱ� �� ȣ

�� ȣ�� Ǵ� �� ħ�� ֽ��ϴ�.

�ϳ�� ȣ�� Ģ�� ؾ� �ϴ� �� ƴ�� Ģ�� ȣ�� ˾Ƴ�� Դϴ�.

��ȣ�� ̴� 6-14��ڿ�� մϴ�. (Mac ��ȣ�� ̴� 8�� ̻�� ϴ�.)

*, " �Ǵ� �� "��" ��ڸ� ��ϸ� �� ˴ϴ�.

�� ܾ ��ϸ� �� ˴ϴ�. (�� )

E�� 3��, L�� 1�� ϴ� �� Ϲ�� ü�� ʽÿ�.

�� ڸ� �� Խ�ŵ�ϴ�.

�빮��

�ҹ��

��

��ȣ

��ȣ �Ǵ� PIN ��

�ֱ�� ŷ� ��ͺ��̽�/Ű�� ȣ �Ǵ� PIN�� ϴ� �� ϴ�. Administration Server�� SSL�� ϴ� �� ȣ�� ʿ��մϴ�. �ֱ�� ȣ�� ϸ� �� ȣ�� ܰ� �� ֽ��ϴ�.

�� ȣ�� ǻ�Ϳ�� ؾ� �մϴ�. ��ȣ�� ϴ� �� ؾ� �� ħ�� "�ص��ϱ� �� ȣ"�� Ͻʽÿ�.

��й�ȣ ��

Administration Server �Ǵ� �� ν��Ͻ�� ŷ� ��ͺ��̽�/Ű�� ȣ�� Ϸ�� մϴ�.

Administration Server �Ǵ� Server Manager�� ׼��մϴ�.

Server Manager�� ݵ�� ٿ� ��Ͽ�� ν��Ͻ�� ؾ� �մϴ�.

Change Password ��ũ�� մϴ�.

�� ٿ� ��Ͽ�� ȣ�� Ϸ�� ū�� մϴ�.

�⺻�� ̴� �� Ű ��ͺ��̽�� "��" ��ȣ�Դϴ�. PKCS#11 �� ġ�� ū �� ǥ�õ˴ϴ�. Change Password ��ũ�� ϴ�.

�� ȣ�� Է��մϴ�.

�� ȣ�� Է��մϴ�.

�� ȣ�� ٽ� �Է��մϴ�.

OK�� ϴ�.

Server Manager�� Apply�� Restart�� ǵ�� մϴ�.

Ű�� ȣ�Ǵ�� Ȯ��Ͻʽÿ�. Administration Server�� Ű �� server_root/alias ��丮�� մϴ�. �� ǻ�Ϳ� ��ġ�� Sun ONE �� ش� ��ϰ� ��丮�� ֵ�� ϴ� ��츦 �� ֽ��ϴ�.

�� Ǿ� �ִ�� Ǵ� ��Ÿ �ٸ� �� ç ��ɼ�� ִ�� Ȯ��ϴ� �� ߿��մϴ�. �� Ϻ��ϰ� ��ȣ�ؾ� �մϴ�.

�� Ÿ �� α׷� ��

�� ǻ�Ϳ�� Ǵ� �� α׷�� ϰ� ��ؾ� �մϴ�. �� Ǵ� �ٸ� ��α׷�� Ȱ��Ͽ� �� ȸ�ϴ� �� մϴ�. �ʿ�� α׷�� 񽺸� ��մϴ�. �� UNIX sendmail �� ϰ� ��ϴ� �� ǻ�Ϳ�� طο� ��α׷�� ϵ�� α׷�� ֽ��ϴ�.

UNIX �� Linux

inittab �� rc ��ũ��Ʈ�� ϴ� ��μ�� ϰ� ��մϴ�. �� ǻ�Ϳ�� telnet �Ǵ� rlogin�� ϸ� �� ˴ϴ�. �� ǻ�Ϳ� rdist�� ˴ϴ�. (�̴� �� ǻ�� Ʈ�ϵ�� ֽ��ϴ�.)

Windows

�ٸ� ��ǻ�Ϳ� �� ̺� �� 丮�� մϴ�. �� ̳� Guest �� ο�� ڸ� ��մϴ�.

��  ��α׷�� ٸ� �� ġ�� α׷�� ؾ� �մϴ�. �ٸ� �� α׷�� ֽ��ϴ�. �� Ư�� ջ��Ű�� ε� �� α׷�� ε�� ֽ��ϴ�. �� α׷�� ϱ� �� ϰ� ��α׷�� ؾ� �մϴ�.

Ŭ��̾�Ʈ�� SSL �� ĳ�� ϵ��

HTML�� ִ� �� <HEAD> �κп� �� ߰��Ͽ� Ŭ��̾�Ʈ�� ̸� ��ȣȭ�� ĳ�� ֽ��ϴ�.

��Ʈ ��

��ǻ�Ϳ�� ʴ� ��Ʈ�� Ȱ��ȭ�մϴ�. �� Ǵ� ��ȭ�� Ͽ� �� ּ� ��Ʈ ��Ʈ �̿�� ϴ� ��߰� �� մϴ�. �̷�� ϸ� �� ̹� ��ѵ� �� ġ�� ǻ�͸� �� ǻ�Ϳ�� ְ� �˴ϴ�.

�� Ѱ� �ľ�

�� Ŭ��̾�Ʈ ��̿� �� մϴ�. Ŭ��̾�Ʈ�� ϴ� �� ϸ� �� ǻ�� ü�� ش� ��丮 �� Ͽ� �� ׼�� ϴ�.

�̷�� ˰� �� ؾ� �� Ȳ�� ϴ� �� ˴ϴ�. �� SSL �� Ͽ� �ſ� ī�� ȣ�� ȣ�� ǻ�� Ͽ� ��Ǿ� ��? SSL �� ȣ�� �� ɱ��? Ŭ��̾�Ʈ�� SSL�� Ͽ� �۽��ϴ� �� å�� ֽ��ϴ�.

�� ȣ�� ߰� ��

��ȣ�� ȣ�� Ϸ�� ȣ�� ȣ�� ٸ� ��ǻ�Ϳ�� ؾ� �մϴ�. �ڿ�� Ѱ�� Ͽ� ��ȣ�� ȣ�� ǻ�Ϳ�� ؾ� �ϴ� ��쿡�� մϴ�.

�� Ʈ ��ȣ�� մϴ�. ��ȣ�� ȣ�� ݵ�� ٸ� ��Ʈ ��ȣ�� ǵ�� ؾ� �մϴ�. ��ϵ� �⺻ ��Ʈ ��ȣ:

443 - ��ȵ� ��

80 - ��ȵ��

UNIX �Ǵ� Linux�� Ʈ ��丮�� Ͽ� chroot �� մϴ�. ��ȣ�� chroot�� Ͽ� �� Ʈ�� ϰ� �˴ϴ�.

chroot�� ϸ� �� Ư�� 丮�� ϴ� ��2�� Ʈ ��丮�� ֽ��ϴ�. �� ȣ�� ġ�� ִ�. �� Ʈ ��丮�� /dl/ms�� ֽ��ϴ�. �׷� ��, �� Ʈ ��丮�� ׼��ϸ� �� dl/ms�� ׼��ϰ� �˴ϴ�. �� /dev�� ׼��Ϸ�� õ��ϸ� /dl/ms/dev�� ׼��ϰ� �˴ϴ�. �̷�� ϸ� �� Ʈ ��丮�� Ͽ� �� ׼�� ʰ� UNIX/Linux �ý��ۿ�� ֽ��ϴ�.

�׷�� chroot�� ϴ� ��, �Ʒ�� ׸�� ̴� �Ͱ� �� ü ��Ʈ ��丮�� Sun ONE Web Server�� 䱸�ϴ� ��ü ��丮 �� մϴ�.

chroot ��丮 ��

�� Ŭ�� chroot ��

�� Ŭ�� chroot ��丮�� ֽ��ϴ�.

Server Manager�� ׼��ϰ� �� ٿ� ��Ͽ�� ν��Ͻ�� մϴ�.

Virtual Server Class �� մϴ�.

Edit Classes ��ũ�� ϴ�.

chroot�� Ϸ�� Ŭ�� Option�� Edit�� Ǿ�� Ȯ��մϴ�.

�ش� Ŭ�� Advanced ��ư�� ϴ�.

Virtual Servers CGI Settings �� ǥ�õ˴ϴ�.

Chroot �ʵ忡 ��ü ��θ� �Է��մϴ�.

OK�� ϴ�.

Apply�� ϴ�.

Load Configuration Files�� Ͽ� �� մϴ�.

�� chroot ��

�� chroot ��丮�� ֽ��ϴ�.

Server Manager�� ׼��ϰ� �� ٿ� ��Ͽ�� ν��Ͻ�� մϴ�.

Virtual Server Class �� մϴ�.

Server�� Tree View�� chroot ��丮�� Ϸ�� ũ�� ϴ�.

Settings �� մϴ�.

Settings �� ǥ�õ˴ϴ�.

Chroot Directory �� Set to �ʵ忡 ��ü ��θ� �Է��մϴ�.

OK�� ϴ�.

Apply�� ϴ�.

Load Configuration Files�� Ͽ� �� մϴ�.

�� Class Manager Virtual Servers �ǰ� CGI Settings ��ũ�� Ͽ� �� chroot ��丮�� ֽ��ϴ�.

�� chroot ��丮�� ϴ� �� ڼ�� Sun ONE Web Server 6.1 Programmer's Guide�� Ͻʽÿ�.

��

인증서 공개키 추출

인증서와 개인키는 어떻게 다른가 - injeungseowa gaeinkineun eotteohge daleunga

6 �� ������ �� Ű ���

������ ��� ����

������ ������ ���

���� ����

Ŭ���̾�Ʈ ����

���� ���� ������

�ŷ� �����ͺ��̽� ����

�ŷ� �����ͺ��̽� ����

password.conf ���

SSL ��� ���� �ڵ� ����

VeriSign ������ ��û �� ��ġ

VeriSign ������ ��û

VeriSign ������ ��ġ

��Ÿ ���� ������ ��û �� ��ġ

�ʼ� CA ����

��Ÿ ���� ������ ��û

��Ÿ ���� ������ ��ġ

������ ��ġ

���׷��̵�� ������ ����

���� ��Ʈ ������ ��� ���.

������ ����

CRL �� KRL ��ġ/����

CRL �Ǵ� CKL ��ġ

CRL �� CKL ����

���� �⺻ ����

SSL �� TLS ��������

LDAP���� ��ſ� SSL ���

û�� ���Ͽ� ���� ��� ����

���� ��� ���

û�� ������ ���� �� ���� ��� ��� ����

û�� ������ ������ �� ���� ��� ��� ����

û�� ���Ͽ� ���� ������ ����

��ȣ ����

������ ���� ����

SSLSessionTimeout

����

SSLCacheEntries

SSL3SessionTimeout

����

�ܺ� ��ȣȭ ��� ���

PKCS#11 ��� ��ġ

modutil�� ����Ͽ� PKCS#11 ��� ��ġ

pk12util ���

pk12util�� ����Ͽ� ��������

pk12util�� ����Ͽ� ��������

û�� ���Ͽ� ������ �̸� ����

FIPS-140 ǥ��

Ŭ���̾�Ʈ ���� �䱸 ���� ����

Ŭ���̾�Ʈ ���� �ʼ�ȭ

Ŭ���̾�Ʈ ���� �䱸

Ŭ���̾�Ʈ �������� LDAP�� ����

certmap.conf ���� ���

����� ���� ��� ���� ����

���� ����

���� 1

���� 2

���� 3

���� ���� ����

�߰� ���� ���� ����

���� �׼��� ����

���� �׼��� ����

������ ��ȣ ����

�ص��ϱ� ����� ��ȣ

��ȣ �Ǵ� PIN ����

��й�ȣ ����

�������� ��Ÿ ���� ���α׷� ����

UNIX �� Linux

Windows

Ŭ���̾�Ʈ�� SSL ������ ĳ������ ���ϵ��� ����

��Ʈ ����

������ �Ѱ� �ľ�

���� ��ȣ�� ���� �߰� ���� ����

���� ���� Ŭ������ chroot ����

���� ������ chroot ����

관련 게시물

광고하는

최근 소식

광고하는

포퓰러

6 �� Ű ��

��

��

��

Ŭ��̾�Ʈ ��

��

�ŷ� ��ͺ��̽� ��

�ŷ� ��ͺ��̽� ��

password.conf ��

SSL �� ڵ� ��

VeriSign �� û �� ġ

VeriSign �� û

VeriSign �� ġ

��Ÿ �� û �� ġ

�ʼ� CA ��

��Ÿ �� û

��Ÿ �� ġ

�� ġ

��׷��̵��

�� Ʈ �� .

��

CRL �� KRL ��ġ/��

CRL �� CKL ��

�� ⺻ ��

SSL �� TLS ��

LDAP�� ſ� SSL ��

û�� Ͽ� ��

��

û��

û��

û�� Ͽ� ��

��ȣ ��

��

��

��

�ܺ� ��ȣȭ ��

PKCS#11 �� ġ

modutil�� Ͽ� PKCS#11 �� ġ

pk12util ��

pk12util�� Ͽ� ��

pk12util�� Ͽ� ��

û�� Ͽ� �� ̸� ��

Ŭ��̾�Ʈ �� 䱸 ��

Ŭ��̾�Ʈ �� ʼ�ȭ

Ŭ��̾�Ʈ �� 䱸

Ŭ��̾�Ʈ �� LDAP��

certmap.conf ��

��

��

�� 1

�� 2

�� 3

��

�߰� ��

�� ׼��

�� ׼��

�� ȣ ��

�ص��ϱ� �� ȣ

��ȣ �Ǵ� PIN ��

��й�ȣ ��

�� Ÿ �� α׷� ��

Ŭ��̾�Ʈ�� SSL �� ĳ�� ϵ��

��Ʈ ��

�� Ѱ� �ľ�

�� ȣ�� ߰� ��

�� Ŭ�� chroot ��

�� chroot ��