Tivoli PKI ÉèÖÃÓëÔËÐÐ -...
Transcript of Tivoli PKI ÉèÖÃÓëÔËÐÐ -...
Tivoli® Public Key InfrastructurehCkKP
f> 3 "Pf 7.1
GB84-0414-00
2001j9B27U
Tivoli ® Public KeyInfrastructurehCkKP
f> 3 "Pf 7.1
Tivoli ® Public KeyInfrastructurehCkKP
f> 3 "Pf 7.1
Tivoli Public Key Infrastructure hCkKP
f(yw
Copyright © 1999, 2001 by Tivoli Systems Inc., an IBM Company, including this documentation
and all software. All rights reserved.vI@U Tivoli Systemsm~mI$-i9C,r_w*
IBM M'-irmI$-iPX Tivoli z7D=<9C#4- Tivoli SystemsBHifmI,
{9TNNN=rNNVN(gSD"z5D"E'D"b'D"/'D"K$DHH)T>i
DNN?VxP4F"+%"*<"f"Zlw53Pr-kINNFczoT#Tivoli Systems
ZhzFwv)zT:9CD2=4rNNICFcz&mDD5DP^mI,0aG?vby
D4F7y&XP Tivoli +>Df(yw#4- Tivoli SystemsBHifmI,;Zhf(PD
d|({#>D5;G*zz<8D,"RGT0vK4,1Dy!a)D,;PNNN=D#
$#
rKT>D5;wNN#$yw,|(JzTMJCZ3X(C>D#$#
Lj
TBz7{FG Tivoli Systems Inc.rzJL5zw+>Z@zM/rd|zRrXxDLj:
AIX"DB2"DB2 Universal Database"IBM" Netfinity"RS/6000"SecureWay"Tivoli M
WebSphere#
Tivoli PKI Lr(0Lr1)|(?V IBM WebSphere Application ServerM?V IBM HTTP
Web Server(0IBM ~qw1)#}G!CKLrDmI$sE\9C,qrz^(20r9C
IBM ~qw#IBM ~qwMLrXk$tZ,;zwP,z^(ZkLrVkDivB%@20
r9C IBM ~qw#
Lr|(?V DB2 (C}]b#}G!CKLrM IBM WebSphere Application ServerDmI
$sE\9C,"RLrM IBM WebSphere Application ServerGCZ|GyzIr9CD}]
Df"M\m,xGCZd|}]\m?D,qrz^(20M9Cb)i~#}g,KmI$
;|(Sd|&CLr=}]bDCZi/r(mzIDk>,S#z;P(ZLryZD,;
(zwO20M9Cb)i~#
Microsoft"Internet Explorer"Windows"Windows NTM WindowsUjG Microsoft Corporation
DLjr"aLj#
UNIX GZ@zMd|zRrXxI The Open Group@Rd"D"aLj#
JavaMyPyZ JavaDLjrUjG Sun Microsystems,Inc.DLj#
PentiumG Intel CorporationZ@zMd|zRrXxD"aLj#
iiiTivoli PKI hCkKP
KLr|,4T RSA Date Security, Inc.D2+Tm~#Copyright © 1994 RSA
Data Security, Inc. All rights reserved.
KLr|,4T Hewlett-Packard Companyj<#eb(STL)m~#Copyright (c) 1994.
¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5DP*bQZkmI,+0a
GTOf(ywXkvVZyP1>P,"Rf(ywMKmIyw<XkvVZ'VD5
P#Hewlett-Packard Company;TNN?DTKm~DJOT"mNN4(#Km~GT0v
K4,1Dy!a)D,;=Pw>r,>D#$#
KLr|,4T Silicon Graphics Computer Systems, Inc.Dj<#eb(STL)m~#Copyright
(c) 1996–1999#
¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5DP*bQZkmI,+0a
GTOf(ywXkvVZyP1>P,"Rf(ywMKmIyw<XkvVZ'VD5
P#Silicon Graphics;TNN?DTKm~DJOT"mNN4(#Km~GT0vK4,1
Dy!a)D,;=Pw>r,>D#$#
d|+>"z7M~q{FI\Gd|+>DLjr~qjG#
iv f> 3 "Pf 7.1
yw
>vfoPya=D Tivoli Systemsr IBM z7"Lrr~q";5>b)z7"Lrr~q
+ZyPP Tivoli Systemsr IBM 5qDzRrXxPa)#NNTb)z7"Lrr~qD
}C";5>v\9C Tivoli Systemsr IBM Dz7"Lrr~q#;*;V8 Tivoli
Systemsr IBM DP'*6z(rd|\(I#$D({,NN,H&\Dz7"Lrr~q,
<ITC4zfya=Dz7"Lrr~q#Zkd|z7aO9C1,}KG)I Tivoli
Systemsr IBM w78(Dz7.b,d@@Mi$yIC'TP:p#
Tivoli Systemsr IBM I\Q5Pr}Zksk>D5Z]PXDwn({#a)>D5"4Z
hC'9Cb)({DNNmI$#PXmI$i/DBK,C'ITk IBM Director of
Licensing, IBM Corporation, North Castle Drive, Armonk, New York 10504-1785, USAif*
5#
>un;JCZ*OuzrNNbyDunk>X(I;;BDzRrXx#
zJL5zw+>T0vK4,1Dy!a)>vfo,;=PNNN=D(^[Gw>D,9
G,>D)#$,|((+;^Z)TGV(T"JzTMJCZ3X(C>D,>#$#3)
zRrXxZ3);WP;Jmb}w>r,>D#$#rK>unI\;JCZz#
>E"PI\|,P<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b)|D+
|,ZBf>P#IBM ITf1T>E"PhvDz7M/rLrxPDxM/r|D,x;m
P(*#
>E"PTG IBM Web >cD}C<;G*K=cp{Ea)D,;TNN==P#TG)
Web >cD#$#C Web >cPDJO;G IBM z7JOD;?V,9CG) Web >cx
4DgU+IzTPP##
vTivoli PKI hCkKP
vi f> 3 "Pf 7.1
?<
0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
>8ODA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
`XE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
>8O|,DZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
K"PfPDBZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
>8OP9CD<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
*5M''V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Tivoli PKI Web E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Z1B Kb Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
24G Tivoli PKI? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
i~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Tivoli PKI ~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
"aPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
O$PD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
sFS53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Web ~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
}]b53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Directory ~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4758 Cryptographic Coprocessor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
\?8]MV4$_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Iz$i)"$_. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
e5a9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
+C\?y!a9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
PKIX CMP -i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
LDAP -i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Tsf" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
EN#M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
zk)p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
viiTivoli PKI hCkKP
||
||
||
||
||
||
||
||
||
||
{")p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
}]S\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
KeyStore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
\'VDj< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
X.509 f> 3 $i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Z2B 53hs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
~qwm~*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
~qw2~*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
20r<*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
M'z*s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Z3B f. Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
20f.lim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
#$53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
9C@p=<u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
9C Tivoli PKI }]b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
dC Web ~qwD IP p{. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
9C Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Directory #= . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Directory CJXF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
9C 4758-&mw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
+ CA r RA \?f"Z2~P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
k Policy Director/I. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
'VD~qwdC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
zJ73"bBn. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Tivoli PKI iJm~| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Z4B Z AIX O20 Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
hC AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
i$D~/. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
viii f> 3 "Pf 7.1
||
i$Pc;Dw3Ud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
T AIX &C^)6p. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
hC AIX miMD~53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4( CD-ROM D~53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
|D AIX 53C'}. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
7#wz{bv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4(533s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
20}]bm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
20 DB2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
20 IBM® Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
20 Directory m~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
20 Java. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
4( WebSphere Application Server}]b . . . . . . . . . . . . . . . . . . . . . . . . . . 49
20 Web ~qwm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
20 WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
}6 WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
{C IBM HTTP ServerT/t/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
t/ WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
20 4758-&mw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
20 Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
20 KeyWorks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
20~qwm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
`z208< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
|DTYLr5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
KPs20dCLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
s20lim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
KP8]5CLr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Z5B Z Windows NT O20 Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . 65
hC Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
ixTivoli PKI hCkKP
||
||
||
||
||
||
20}]bm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
20 Web ~qwm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
20 JDK. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
20 IBM HTTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
20 WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
hC IP p{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
20 IBM Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
20 Directory m~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
k Tivoli PKI ;p9C Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7O53hC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
20 Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
20~qwm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
|DTYLr5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
KPs20dCLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
s20lim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
KP8]5CLr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Z6B dC Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Z7B kE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
53\m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
RA \m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
"aM$w. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
(F. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Jcm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
x f> 3 "Pf 7.1
||
0T
>i*za)K&C Tivoli Public Key Infrastructure(Tivoli PKI)53
yhDE"#|V[KTBwb:
¶ zDi/gN9C Tivoli PKI ZrXxO+MS\D"O$DMz\
DBq#9C Tivoli PKI "a$_,ITrcX*IE=)"}V$
i"XFGq*|Br7z$i#
¶ ozzf. Tivoli PKI D8<,}ggN+ Tivoli PKI i~k20
ZzD>cODd|z7/I#
¶ Z IBM® AIX ® =(OrZ Microsoft® Windows NT® B20>z
7D=h#
¶ d|D5D8>,Iozz9C Tivoli PKI C'gfM\m$_#
":>z7D"Pfv'V AIX =(#&1vSyPV[ Microsoft
WindowsDDO#
>8ODA_>ifrwVA_#
¶ g{zGP!?E-m,>i+8<zgN+ Tivoli PKI O"ki/
DgSLq(e-business)_T#
¶ g{zG2+?E-m,>i+8<zgN+ Tivoli PKI O"ki/
Dxg2+_T#
¶ g{zG53\m1,>iYhzQ_PZxg73P20MdC
z7D-i#&1_8TBEnD`X*6:
v 2~20MdC
v rXx(E-i,XpG TCP/IPM2+WSVc(SSL)
v Web ~qw\m
v +C\?y!a9(PKI)<u,|( Directory #=,X.509 f
> 3 j<Ma?6?<CJ-i(LDAP)
v X5}]b53,XpG IBM DB2 (C}]b®
xiTivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
`XE"Tivoli Web >ca)K Tivoli PKI z7D5DIF2D5q=(PDF)
M HTML q=#;)vfoD HTML f>GMz7;p20D,"R
IIC'gfCJ#
"bTvfovfs,z7PI\"zd/#XZnBDz7E"T0
XZgNTz!qDoTMq=TvfoxPCJ,kND6"P5
w7#nBf>D6"P5w7IZ Tivoli Public Key Infrastructure Web
>cqC:
http://www.tivoli.com/support
Tivoli PKI b|,TBD5:
hCkKP
Kia)Kz7Ev#|a)Kz7Dhs,|(20}L,
"a)gNCJ?vz7i~ICD*zoz#Ki+Z!"
skz7;pV"#
System Administration GuideKi|,XZ\m Tivoli PKI 53D;cE"#||,t/MX
U~qw"|D\k"\m~qwi~"4PsFT0KP}
]j{TliH}L#
dC8O
Ki|,XZgN9C20r<4dC Tivoli PKI 53DE"#
Zi4r<D*zoz1,z\CJK8OD HTML f>#
"aPD@f8O
Ki|,XZgNZ$iP'ZZ9C RA @f4\m$i#Z
i4@fD*zoz1,z\CJK8OD HTML f>#
C'8O
Ki|,XZgNqCM\m$iDE"#|a)K9C Tivoli
PKI /@wGGm%4ks"|BM7z$iD}LDE"#,
12V[KgN$"af] PKIX $i#
Customization GuideKiT>KgN(F Tivoli PKI "a$_,T'V5q_TD"
xii f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ak$w?j#}g,zI'agN(F HTML M Java® Server
3f"(*E"$iE*D~M_TvZ#
>8O|,DZ]>8O|,TBE":
¶ Z13D:Kb Tivoli PKI;r%hvK Tivoli PKI D&\MT\0
di~"e5a9M\'VDj<#
¶ Z193D:53hs;hvKI&20MYw Tivoli PKI XhD2~
Mm~hs#
¶ Z233D:f. Tivoli PKI;xvKXZ Tivoli PKI &\D;cE
"MXZXkdCDi~Dj8E"#
¶ Z393D:Z AIX O20 Tivoli PKI;xvKZ AIX =(O20
Tivoli PKI D}LE"#
¶ Z653D:Z Windows NT O20 Tivoli PKI;xvKZKP
Windows NTDzwO20 Tivoli PKI D}LE"#
¶ Z813D:dC Tivoli PKI;EvKCZ4PdCNqDdC}LM
D5#
¶ Z833D:kE;V[KCZ\mM(F Tivoli PKI D;,=fDw
b"=hM$_#
¶ Z873D:Jcm;(eK>iPI\GBDr;#CDuoMu
4T0A_I\PK$Duo#
K"PfPDBZ]Tivoli PKI 3.7.1 ITBBXwM&\9I:
¶ Iz$i)"#KXw*O$DC'a)KwC Tivoli PKI ;NM\
ks`v}V$iD2+=(#
¶ $i\m-i(CMP),f> 2#}6= CMP f> 2 * Tivoli PKI
a)K CMP 4,}IP`T CMP f> 1 |?DI?TT0v?
D2+T6p,CMP f> 1 T0GZ Tivoli PKI P5VD#
xiiiTivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
¶ Root C' CA \?*v#KXw9O$PD(CA)\S;vG[
TD CA \?Tj+Dd*B;v CA \?T(F.* CA \?|
B)#
¶ LDAP f> 3 f]T#KXwa)Kka?6?<CJ-i
(LDAP)f> 3 D#=f]T#XpX,|(}9C RFC 2256(
eD?<#=,a)K"<tTx LDAP D\&#@;'V4T
PKIX LDAP f> 2 D#=#
¶ RA \?D HSM f"#KXw9 RA \?\f"Z2~2+T#
i(HSM)i~P,* RA )p\?a)Kv?D2+T\&#
K"PfD5PD|DI3_UWPD^)8j6#
":Tivoli PKI 3.7.1 v'V AIX#K"Pf;'V Windows NT#
>8OP9CD<(>8OTXbuoMYw9C;,DVM<(#b)<(_PTB,
e:
<( ,e
VeV|n"X|V"j>Md|Xk9CDE",TVeVT
>#
1eVXka)Dd?MBuoT1eVT>#?wDJMLo2
,yT>*1eV#
HmVe zk>}"dvM53{"THmVeT>#
*5M''Vg{9CNN Tivoli z71v='Q,<ITxk
http://www.support.tivoli.com i4 Tivoli Supportw3#4SA"a
;M'"am%s,4ITZ Web OCJ\`M''V~q#
Z@z9CTBg0Ek*5M''V:Tivoli EkG
1–800–848–6548(1-800–TIVOLI8),IBM® EkG 1–800–237–5511(&
rKEks4 8 rXp 8)#b=vEk<a1S+zDg0*A Tivoli
M''Vg0PD#
xiv f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|||
|||
|||
|
|
|
|
|
|
|
|
RG.VVZ}=XZz9C Tivoli z7MD5D-i#RG6-za
vDxb{#g{zPXZ>D5Db{r(i,k"MgSJ~A:
Tivoli PKI Web E"Tivoli M IBM Tivoli M'ITR=XZNN Tivoli 2+Tz7M Tivoli
PKI DZ_E"#
XZ Tivoli PKI DnBz7|BM~qE"DX*E",kCJK Web
> c :
http://www.tivoli.com/support/secure_download_bridge.html
XZ Tivoli Public Key Infrastructurez7DE",kCJK Web>c:
http://www.tivoli.com/products/index/secureway_public_key/
XZd| Tivoli 2+\mz7DE",kCJK Web ;C:
http://www.tivoli.com/products/solutions/security/
xvTivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
xvi f> 3 "Pf 7.1
Kb Tivoli PKI
>Ba)K Tivoli Public Key Infrastructure(Tivoli PKI)DEv#|V
[K Tivoli PKI DXwMT\0di~"e5a9M\'VDj<#
24G Tivoli PKI ?Tivoli Public Key Infrastructure*&CLra)O$C'D=("7#I
ED(E#TBG Tivoli PKI D;)Xw:
¶ |Jmi/@U|GD"aM$w_T4)"""<M\m}V$
i#
¶ T X.509 f> 3(PKIX)D+2\?y!a9M+2}]2+a9
(CDSA)S\j<D'V<GK)&LD%YwT#
¶ }V)pM2+-ia)KZ;WPO$yPEeD=(#
¶ yZ/@wD"a\&a)KnsDinT#
¶ S\(EM"aE"D2+f"PzZ7#z\T#
Tivoli PKI 53IZ IBM AIX/6000(AIX)M Microsoft Windows NT
~qw=(OKP#|,TBw*Xw:
¶ IEO$PD(CA)\m}V$iDP'Z#*Ki$$iDf5
T,CA T}V==)p?;])"D$i#CA 2)p$i7zP
m(CRL),T7O$i;YP'#*x;=#$ CA D)p\?,
I9CS\2~,}g IBM 4758 PCI Cryptographic Coprocessor#
¶ "aPD(RA)&mC'"aD\mNq#RA 7#v)"'V5q
n/D$i,Rb)$iv)"xQZ(DC'#\mNqI(}
1
1Tivoli PKI hCkKP
|
|
|
1.Kb
Tivoli
PK
I
T/}LrK$v_==bv#k CA `F,RA 2I9CS\2~
(}g IBM 4758 PCI Cryptographic Coprocessor)4x;=#$d
)p\?#
¶ yZ WebDGGgf9q!$idCO*]W,b)$iICZ/
@w"~qw"ib(Cxg(VPN)h8"G\(M2+gSJ
~#
¶ w*yZ Web D\mgf,RA @f9QZ("a1\;K<r\
xGGks,"Z)"$is\m$i#
¶ sFS53\*?vsFG<FcdE"i$zk(MAC)#g{
sF}]Z4ksF}]bs;^Dr>},MAC Iozzlbk
V_#
¶ _TvZML5wLTs(BPO)9&CLr*"_\;(F"a
}L#
¶ *S\}fa)/I'V#*KO$(E,KD Tivoli PKI i~IC
$'zID(C\?xP)p#2+TTs,g\?M MAC,<;
S\,"f"ZF* KeyStoreD\#$xrZ#
¶ * IBM Directory a)/I'V#DirectoryT{O LDAP Dq=f
"XZP'MQ7{$iDE"#
¶ * IBM WebSphere™ Application ServerM IBM HTTP Servera)
/I'V#Web ~qwk RA ~qw-,$w,TS\E""K<
ksM*$ZDSU=*F$i#
¶ * IBM DB2 (C}]ba)/I'V#
i~
TB<mT>K Tivoli PKI 53,~qwLrV<ZdPD}(zwP#
ZzDi/P,yP}(~qwI\<2fZ;(zwO2f#
2 f> 3 "Pf 7.1
|
|
|
Tivoli PKI ~qwTivoli PKI ~qwGPk~qw,+d|i~,aZ;p#|,$dC}
]b,"a)\m53D5CLr#
"aPD"aPD(RA)G\m"a}LD~qwi~#RA 7#$iv)"xK
<D5e#RA 27#$ivCZK<DC>#RA Dw*Nq|,TB
wn:
¶ 7Oks5eDm]
¶ i$Q+|,ksDtTMmI(D$iZhjkK
¶ K<r\xksT4("|Br7z$i
< 1. Tivoli PKI i~dC
3Tivoli PKI hCkKP
|
|
|
1.Kb
Tivoli
PK
I
¶ i$T<CJ2+&CLrrJ4D5eVPk$i+C\?`X
*D(C\?#
k Tivoli PKI CA `F,RA I9CS\2~(}g IBM 4758 PCI
Cryptographic Coprocessor)4*d)p\?a)|`D2+T#
Z Tivoli PKI P,20Z RA ~qwOD"a$_a)'V6'\cD
"an/Dr\#dC531,("\;\m5q_T"$i_TMJ
4D"ar(kzi/DW!"aM$w_};B)#
GG
RA *`VGG-iM$i`Ma)K'V#GG&\|,:
¶ 9C DB2 }]b4G<S\D"aM$i}]#
¶ 'VV/rT/D"aK<}L#
¶ yZ JavaDGGm%/O,b)m%JmC'(}{GT:D Web
/@w4ksMq!$i#GG}LO$M'zM~qwm]"+
$i;6xK<5e,TyPksD}]xPK=KS\#GG}
L|,:
v (}2+WSVc(SSL);6$i,T9CS Web /@wr
Web ~qwCJD&CLr#
v (} PKIX $i\m-i(CMP);6$i,TCZ PKIX M'
z&CLrP,rf"ZG\(O#
v ;6'VxJ-i2+Tj<(IPSec)D$i,T9C2+ VPN
&CLrrtC IPSecDh8#
v ;6'V2+`C>rXxJ~)9(S/MIME)D$i,T9
C2+gSJ~&CLr#
v ;6(*E,(*jkKXZK<r\xksDE"#
¶ $iE*D~/O,b)E*D~c{KC'q!{Gh*D$i
`M#KE*D~(eK$iD$Z?DT0$iDP'Z#yZ
#ePDE",RA \;T}7q=;6_PX*$iZ]D$i#
XZ\ RA 'VD$i`MM$i)9DE",kNDZ153D:\
'VDj<;MZ163D:X.509 f> 3 $i;#
4 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
¶ 'V$"a,K}L9;vC'(dMDG\m1)\*m;vC
'ksJ& PKIX D$i#
¶ 'V_TvZML5wLTs(BPO),9i/ZGG}LP\w
C|GT:DLr#RA |,;v4PT/K<&mDy>_Tv
Z#
kN< IBM l$i Working with Business Process Objects for Tivoli
SecureWay PKI,SG24-6043-00,q!*"M(FL5wLTs
(BPO)D8<,TzczTQ@XDLqhs#
XZ9C Web/@w4GG$iDj{E",kND6Tivoli PKI C'
8O7#Ki2hvK Tivoli PKI 1!20Pa)D$i`M#
\m
"aPD@f(RA @f)!&CLrJmQZ(D\m1(2F.*"
a1)4i$iD&CLr"K<r\xks"|B$iT0@CrY
17z$i#|'VngTBDNq:
¶ lw}ZszDGGks
¶ i/"a}]b,Tlw{OX(u~DG<"T|GxPYw
¶ 4iXZ$irksDj8E",}gZ;Na;ks.sI!D
yPYwDz7
¶ hC$iDP'Z
¶ TG<xP"M,T5wYwD-r
RA @fG2+!&CLr#*CJ|,C'XkWHI*QZ(D"a
1#Tivoli PKI a)c{K}LD$_#ImSNb}?D"a1,T'
V"a$w:I#
mS"a11,kj6"ar"8(C'X(#}g,ITJm;v"
a1vK<"\xks,+,1Jmm;v"a17z$i#
¶ XZ20"CJM9C RA @f!&CLrDE",kND6Tivoli
PKI RA @f8O7#
¶ XZZ("a1DE",kND Tivoli PKI System Administration
Guide#
5Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
1.Kb
Tivoli
PK
I
(F
I9Ck Tivoli PKI ;pa)D"a$_,x;XT|xP(F#;x,
zI\k*|D;)GGm%r"a}LT43i/D}V$wDX(
?j#}g,zI\kZ/@wGGm%OT>+>Uj#2I\k|
D$iE*D~,T'VkzF.GGDC'V`"~qwV`rh8
V``XD)9#
20MdC Tivoli PKI s,I4Fm`(e"arDD~,"*5qC
>(F|G#k7#Z|DD~.0("8]1>#
I4Fr|BTB"a$_D~#dC}LP,Z*zD"ar("D
?<76P4(b)D~#
¶ 20Z etc S?<PDdCD~(D~`M .cfg)#}g,zI\k
w{ RA ~qwr RA @fDKP1hC#
¶ 20Z etcS?<PDy>(*E(D~`M .ltr)#Tivoli PKI a)
y>D>T(*C'N1K<r\xks,+zI\k4T:DD
>#
¶ 20Z Web 3fS?<PD HTML D~(D~`M .html)"<
(D~`M .gif)M Java Server Page(D~`M .jsp)#}g,zI
\k^DT>Z/@wGGm%PDD>M<N#2IT(FVP
D$iE*D~r(eBDD~T'Vi/D$i_T#
¶ _TvZ(policy_exit)20Z bin S?<B#Tivoli PKI a)Kv
Zw*gN&mT/K<&mD>}#IT4d|vZT+"a&
mkd|&CLr/Ir_C4&mT:D"aYw#
XZITT"aM$w}LxPD|DDE"T0XZgN|DD8>
E",kND Tivoli PKI Customization Guide#
XZ(FwbD=SE",kN< IBM l$i Working with Business
Process Objects for Tivoli SecureWay PKI,SG24-6043-00,q!*"M
(FL5wLTs(BPO)D8<,TzczTQ@XDLqhs#
6 f> 3 "Pf 7.1
|
|
|
O$PDO$PD(CA)G\m$w}LD~qwi~#CA GSBgSLqC'
DIEDZ}=#CA (}d)"D$i4i$C'm]#}K$wC'
m].b,$i2|,;+C\?,9C'\i$"S\(E#
w=DI?T!vZDh)"$iD CA DEN#*K7#$iDj{
T,CA T}V==)p$i#"T|D$ia<B){^',"9d;
IC#
Tivoli PKI CA (}4PTBwn,a)K2+;W73:
¶ 7#$iD(;T#CA *?vBD$iM?v|BD$izIrP
E#CrPEG(;j6,|;w*(P{F(DN)D;?Vf"
Z$iP#
¶ zY|)"D$i#CA ,$Q)"$iPm(ICL)#ICL +?v$
iD2+1>TrPE("w},f"Z DB2® }]bP#
¶ zY7zD$i#CA 4("|B$i7zPm(CRL)#;"z7
z,CA M RA M;;{",bM9 RA ZB;N(ZT|B}L
P\|B Directory#CA T}V==)pyP CRL,Ti$dj{
T#
¶ #$}];;[D#CA *4k=}]bPD?vG<zI{"O$
zk(MAC)#MAC (}9z\lbdPD}]N1Py^Dr>
},Sxoz7#}]bDj{T#
¶ #$ CA ){#CA Ik IBM 4758 PCI Cryptographic Coprocessor
/I#47589Cf"Z2~PDS\\?4S\"#$ CA D)p
\?#
¶ 'V CA \?TM$iD|B(*v),T@9}Z#
¶ 'VsFM}]V4#CA *m`IsFDB~zIsFG<#sF
~qw+b)G<f"Z DB2 }]bP#
¶ g{zDi/_P%v CA 4\zcDk"&CLr,r Tivoli PKI
'VT)p CA $i#K=8P,CA Td\mrPDyP$wn/
:PpN#
7Tivoli PKI hCkKP
|
1.Kb
Tivoli
PK
I
¶ g{zDi/_P;frVcD(^53,rIdC CA kd| CA
;p$w#
v Tivoli PKI CA Ikm;v CA ;fO$,",bS\K CA )
pD$iw*I?TD$w#;f$wJm CA \mrPD5e
km; CA \mrPD5e2+(E#
v Tivoli PKI CA Iw* root C' CA,T)pd| CA $i#|
2'V4Td|#{)pd CA $iD CA Dks#bM9 CA
\NkENcNa9;CA ,bS\IcNa9PZ|.ODNN
CA )pD$iw*I?TD$w#
byDEN#MGPCD,}g,TZ+XmxrMi/%;Vt
IX;;,D\mr#|29z\+;,D$i_T&C=i/D
;,?E#
¶ g{zDi/h*$iCZP4(} Tivoli PKI $iE*D~'VD
?D,r CA IzI"i$_PM'(eD)9D$i#
XZ(eBD$iE*D~M$i)9DE",kND Tivoli PKI
Customization Guide#
XZ Tivoli PKI CA D|`j8E",kND Tivoli PKI System
Administration Guide#Ci|,w{ CA ~qwKP1!nD8OT0
(";%O$MVc CA EN#MD}L#
sFS53Z Tivoli PKI P,sFS53*G<2+T`XYwa)'V#sF~
qw&mTBksF`Xn/:
¶ SU4TsFM'z(}g"aPDMO$PD)DsFB~#
¶ +B~4ksFU>,dMX,sFU>f"Z DB2 }]bP(I
!q+U>w*}]D~f")#?vsFB~ZU>PP;vG
<#
¶ JmsFM'zAN3)sFB~#!\\GG<;)B~,+2
I9CAN(Th9(fd|B~#bJmzXFsFU>Ds
!,"7#G<DB~GZzD73PP0lDB~#
8 f> 3 "Pf 7.1
¶ *?vsFG<Fcd{"O$zk(MAC)#MAC PzZ7#}]
bZ]Dj{T#}g,I7(TG<xPU>G<.s,CG<
GqQ;^D"[Dr>}#
¶ a)TsF}]bMi5DsFG<4Pj{TliD$_#
¶ a)i5M)psF}]b104,D$_#vZ2+T?D,&
i5sF}]b"T\Z*y!+}]bk_f"#i5}]b2
Ix4T\EF"Z!ELUd#
sF~qwXk20ZkO$PD`,DzwO#20"dC53.
s,XZ9CsF$_M\msF~qwDE",kND Tivoli PKI
System Administration Guide:
Web ~qwTivoli PKI 9C IBM WebSphere Application Server4*xg;Wa)
IEDy!#WebSphereGb6=2+TDz7/O,|,'V_6gS
Lq&CLr?pD IBM HTTP Server#
Z Tivoli PKI 53P,XkZk"aPD`,DzwO20 Web ~q
wm~#|a)K\#$DLrMT<CJ|GDC'.dD2+_
g#9C,D>+d-i(HTTPM HTTPS)M2+WSVc(SSL)<
u,Web ~qwIS\M'zM~qw.dD(E#|2IO$,S,
T@94Z(DCJr}][D#
Web ~qw9C;,KZ4&m;,`MDks:
¶ CZ;h*S\rO$DksD+CKZ
¶ CZh*S\M~qwO$DksD2+KZ
¶ CZh*S\"~qwO$MM'zO$DksD2+KZ
Z Tivoli PKI 53P,Web~qw&m|S Web/@wSU=DyP
ks#dP|,|,B$iks"|Br7zVP$iDksT0KP
2+!&CLrDks#g{h*,|ZJmE""zNN;;.04
PO$#
9Tivoli PKI hCkKP
1.Kb
Tivoli
PK
I
}]b53IBM DB2 (C}]b(DB2)G Tivoli PKI f"b#~qwi~,$
dC}]""a}]"$i}]"sF}]M Directory}]wTD}]
b#DB2 a)Kc:D2+T&\Ms?Df"]?#}g,DB2 9
Tivoli PKI \TS\q=f""a}],"Tf"DsFG<4Pj{T
li#
Tivoli PKI h*D DB2 f>|,Z Tivoli PKI iJm~|P#20
Tivoli PKI ~qwzk.0,Xk7#C}]bm~ZF.20~qwi
~D?(zwO<IC#20MdC}LP,Tivoli PKI *z4(yhD
}]b#
Directory ~qwIBM Directory ZPD;C,$PX$iDE"#(}k IBM DB2 D/
I,DirectoryI'V}YrD?<u?#|2JmM'z&CLr(}g
Tivoli PKI)4P}]bf""|BMlwBq#
Z Tivoli PKI P,RA ~qw"< Directory PDTBE":
¶ CZS\MO$D+C\?$i
¶ k(P{FX*DtT(yP_DG+MX()
¶ |,yPQ7z$iDrPED$i7zPm
¶ XZ)p$iD CA DE",|,k$iX*D5qM$i_T
4758 Cryptographic CoprocessorCA )"$i1,CA D){O$QZ(CC'CJd"aD~q#*@
94Z(DC'q!$iMCJtPJ4,Xk#$ CA D)p\?#
XZI RA zID\?T,&C`FD2+T"bBn#
m~bv=8(}S\,I*)p\?a)_H2+T#;x,r*\
?Xk)6,TzI){,yTK>69\?)6x;4-Z(DC'
6q#
IBM 4758 PCI Cryptographic CoprocessorGICZ Tivoli PKI 53P
T#$ CA M RA \?D(C2~#4758-&mwZ2~O=SD"
Ilb[D"_P_2+TD&mwP4Pc:DyZ RSA M DESD
10 f> 3 "Pf 7.1
|
|
|
|
|
|
S\&\#-&mwa)S\D}]#$"\?\mM(F&CLr'
V#-&mw2'V MD5 M SHA-1 "Pc(#b)&\9 4758-&
mw\J&Z$5j<Mh*2~2+T#i(HSM)T\D&CL
r#
Z%vzw Tivoli PKI 20P,CA M RA I5PwTD 4758-&m
w(,r_I2m,;v 4758-&mw(#kZKP20r<18(g
NdC(#
":vZ AIX f>D Tivoli PKI Pa) 4758-&mwD'V#
XZ 4758-&mwD=SE",kN< Tivoli PKI System Administration
GuideMz7D5#
(i
!\ 4758-&mw;GXhD,IBM T(izZF.20O$P
DD,;~qwO20|#g{@5Zm~4#$ CA \?,rT
st4XB20 Tivoli PKI m~,;\202~'V#
\?8]MV4$_Tivoli PKI a)K\?8]MV4ks$_,|JmTUK5e$i0`
&DI Tivoli PKI O$D(C\?xP8]MV4#
K$_JmT*'D"E|Dr_mb;Iq!D$i?DV4#<G
TB=8:;vM1}P+BX8]$iM(C\?,;s;;k*+
>,xs4^(5XCJ$iyhDyP(C\?#(}"vV4k
s,IlwKE"#
8]}L*sC'4( PKCS #12D~#KD~|,C'D$iM(C
\?#C'9C PKCS #12D~w*dkS'VD/@w"v8]ks#
\?V4}]b krbdb C=|B"|,KCJE"#\?V4T`FD
=($w:k"vV4ks,*Q8]D PKCS #12D~8(\k#;
) RA \m1K<Kks,MIBXKD~#
11Tivoli PKI hCkKP
|
|
|
|
1.Kb
Tivoli
PK
I
Iz$i)"$_Tivoli PKI a)Iz$i)"$_,9M'\9C;v%;D"T/D}
L,GG"4("ra?6?<CJ-i(LDAP)+<m`UK5e
$i#K$_h*|,$i}](|,+C\?)Dq=}7DdkD
~#K}L+dkAkGG}]b,;s"Mksx CA,TzI$i,
ns+C'}]M$ir Directory+<#y]M'D5q#M,Iz$
i)"$_Iw*%v}LKP,rVIwTD`v}L#Tivoli PKI
System Administration GuidePj8hvKK$_#
e5a9TBBZV[K Tivoli PKI e5r\0d'VD-i#
+C\?y!a9+C\?y!a9(PKI)*&CLra)K4PTB`MD2+T`
Xn/Dr\:
¶ O$SBgS;WDyP=#
¶ Z(CJtP53MJ4b#
¶ (}{"D}V){i$?v{"Dw_#
¶ S\yP(EDZ]#
PKIX j<S PKI "9x4,T'VgSLq&CLrD%YwT#|
Dw*EFGI9i/\\m2+gS;W,x;X<GYw=(r&
CLrm~#
Tivoli PKI PD PKIX 5V("Z4T Intel D+2}]2+Te5a
9(CDSA)Dy!O#CDSA 'V`vEN#M"$iq="S\c(
M$ib#|Dw*EFGI9i/\`4'Vd5q_TDJ& PKI
D&CLr#
PKIX CMP -iTivoli PKI 9C PKIX $i\m-i(CMP)CZ RA M CA ~qw
.dD(ET0CZ RA ~qwMM'z.dD(E#1 CMP 9C
TCP/IPw*|Dw*+MzF1,ZWSVOP;visc#|5VT
=SV/+MD'V#
12 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
CMP (e'V{v$iP'ZD{"q=#|28(KXkgN&m{
"#$,x;@5Z+MzF#
1`v)&L CA 4Png)""^)M7z}V$i.`D&\1,
ZK Tivoli PKI P\'VD CMP f> 2 PzZYx`v)&L CA
D%YwT#K'V2a)Kv?D2+TMvSD{"s!#
LDAP -i*Kr&CLra)CJd/P=~qw~qD(^,IBM Directory '
Va?6?<CJ-i(LDAP)#LDAP GI X.500 j<IzD-i#
LDAP 9C TCP/IP,"(}9C(P{FM\k4XFT?<DCJ#
r*'V SSL ,S,yT LDAP IS\{""4PM'zM~qwD
`%O$#
Z Tivoli PKI P,RA ~qw9C LDAP 4k Directory~qw(E#
RA y]QwHD\Z,"<$i"$i7zPmMXZ DirectoryPQ
"a5eM$w_TDd|E"#
Z Tivoli PKI DK"PfP,a)Kk LDAP f> 3 Ts`M#=D
f]T#9C PKIX LDAP f> 2 #=DVP Tivoli PKI &CLrI
Lx9CVPD#=MTs`#
Tsf"?v Tivoli PKI i~<P;vTsf"#Tsf"GCZVCTsDy
ZELDb#|f"x9PDBqMPXG)BqD4,E"#TsI
TGn/XFTs(}g$i"ksM CRL)rzm#zmG#fPX
TsD4,}]Dxr#
r*Tsf"PDTsGT ASN.1`kq=f"D,yTlwMf"I
\Gz[`TO_DYw#Tsf"_Y:fTTsD^D,R;|B
ELf",1="zTs4,|D,r_1=C'gfDdKTs#
*K9 ASN.1Vv`XD*zn!/,Tivoli PKI Z4PTsf"DT
sD4k_Y:f.O9CTs_Y:fc#a{G,vZXBt/~
qw.s,Z;N}C=Ts1,Eh**xPVv#
13Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
1.Kb
Tivoli
PK
I
Ts_Y:fca)K=SD";yZELD?;Tsf"xr#
Tivoli PKI 9CKxrC4f"2,"2+T`XE",}g#$$"a
G<D\k#Ts_Y:f2Ix(G<Ts,T#$;;`v_L,
1CJ#
EN#MTivoli PKI 53PD2+T(}9Czk)p"{")p"}]S\M\
?k\kD2+f"45V#
zk)pKD Tivoli PKI zkGZFl(S$)1)pD#9CFl'zID(
C\?)pzk1,zkcI*2,DM\#$DTs#4-lb,;
\|Drf;|#d|zkTsI9C`&D+C\?MZ?i$b,
TZ"zNN}];;.0O$(E#
{")p*Ka)|CDO$~q,dC}L* RA"CA MsF~qwzI)p
\?,7#)pKyPi~.dD(E#}g,IZ?vi~){Dy
!OO$yPZ RA M CA .d;;D{"#
}]S\f"Z KeyStorePDyPE"<-}S\#DB2 2S\ Tivoli PKI }
]bPf"Dm`E"#
KeyStoreTivoli PKI *f"(C\?"$i"{"O$zk(MAC)T0d|2
+T`XTsD KeyStoreM2+xra)K'V#@XD KeyStoreG
* CA MsFi~T0;)~qwzXfZED KeyStorePzZ4P~
qwBq#?v KeyStore PDE"<-}S\,"vI(}*C
KeyStore("D\k4CJ#
KEN#M(}#$f"Z KeyStorePDTs,PzZ7#53Dj{
T#|,12(};JmIED53i~ * 9CFl'zID\?4)
pD * CJ KeyStoreMdPS\D}],PzZ7#G)TsDz\
T#
14 f> 3 "Pf 7.1
dC}LP,khC=v\k:cfguser\kMXFLr\k#b)\k
IT`,,2I;,#dCs,Xk*?v KeyStorehC(;D\k#
XZ9C|D\k5CLr4xPb)|DDE",kND Tivoli PKI
System Administration Guide#
\'VDj<Tivoli Public Key Infrastructure'VTB+C\?\kuj<#
i~ j<
"aPD ¶ xPM'zO$D2+WSVc(SSL)f> 2 Mf> 3
¶ PKCS #10/@wMxP Base64`kD PKCS #7l&D~qw$iq
=
¶ xP PKIX CMP l&D PKIX CMP $iq=
¶ IPSec$iq=
¶ S/MIME $iq=
¶ TBwnD/@w$i:
v Microsoft Internet Explorerf> 4.x M 5.x
v Netscape NavigatorM Netscape Communicatorf> 6.x
¶ TBwnD~qw$i:
v Netscape Enterprise Server
v Microsoft Internet Information Server
¶ Netscape NavigatorM Netscape Communicatorf> 6.x DG\($i
(PKCS #11SZ)
¶ k Directory (ED LDAP j<
¶ (} TCP/IPxPkO$PD(ED PKIX CMP
O$PD ¶ X.509v3 $i
¶ $i7zPm(CRLv2)
¶ TZS\M\?;;\?,\?$HA`* 1024;
¶ TZ CA )p\?,\?$HA`* 2048;
¶ RSA DS\M)pc(
¶ MD5 M SHA-1 "Pc(
¶ (} TCP/IPxPk"aPD(ED PKIX CMP
IBM Directory LDAP f> 3.2,xP RFC 1779o(
15Tivoli PKI hCkKP
|||
||
1.Kb
Tivoli
PK
I
i~ j<
IBM 4758 PCI
Cryptographic
Coprocessor2~
¶ V9om%wD FIPS 1406p 4 *s
¶ TP5OID\kuj<D'V:
v S\/b\D DES
v )p/){i$D RSA
v PKCS #1i`M 00
v PKCS #1i`M 01
v PKCS #1i`M 02
v MD5 M SHA-1 "Pc(
v X9.9 M X9.23 ANSI
v ISO 9796
IBM CCA
Cryptographic
Coprocessor'V
Lr
* 4758-&mwa)~q,|, RSA \?T(#}$H* 2048;$)
D2+zIT0:
¶ SET™(2+gS;W)
¶ S\Mb\D DES
¶ )pM){i$D RSA
¶ MD5 M SHA-1 "Pc(
X.509 f> 3 $iTivoli PKI $i'V X.509f> 3(X.509v3)j<P(eDs`}VN
M)9#C'V9$i\CZs`}S\?D,}g SSL"IPSec"VPN
M S/MIME#
Tivoli PKI $iI|,TB`MD)9:
j<)9
j< X.509v3$i)9,}g\?9C"(C\?9CZ"wb
I!{F"y><xM{F<x#
+2)9
T Tivoli PKI (;D)9,}gwzm]3d#K)9kwz5
3O_P`&m]D$iwb`X*#
(C)9
&CLrC4j6Z_i$~q('V)" CA)D)9#
16 f> 3 "Pf 7.1
*K'Vzi/D"a_T,Tivoli PKI 2*za)K(FM(e$i)
9D=(#}g,I|D1!$iE*D~P8(D)9,r4(5X
_;,)9D$iDE*D~#
XZ4(r(F$i)9M$iE*D~Dj{E",kND Tivoli PKI
Customization Guide#
17Tivoli PKI hCkKP
1.Kb
Tivoli
PK
I
18 f> 3 "Pf 7.1
53hs
zDYw73XkzcTBBZV[Dm~M2~*s#XZ53*s
DnBE",kND6Tivoli Public Key Infrastructure(PKI)"P5
w7#C6"P5w7I\|,z7"P.sDE"#
*q!nBD6"P5w7,kCJ Tivoli Public Key Infrastructure Web
>c#
~qwm~*s*Z&mw.dVd$w:I,"R*'VzDi/VPD53dC,
IZ`(zwO20 Tivoli PKI ~qwLr#XZZzD73PhC
Tivoli PKI I\D;,=(DV[,kNDZ353D:'VD~qwd
C;#
Bm\aK Tivoli PKI Yw53Mm~*s#
z7 "M
TBYw53.;:
¶ IBM AIX/6000®(AIX),f>
4.3.3,$6p 6
¶ Microsoft Windows NT,f> 4.0
(xP Service Pack 5)
¶ h*#
¶ XkZ,;=(O20yP Tivoli
PKI ~qwLr#;\Z%;D
Tivoli PKI 20PlO AIX M
Windows NTzw#
2
19Tivoli PKI hCkKP
||
2.53hs
z7 "M
IBM DB2 (C}]b,f> 6.1 ^)
| 4¶ h*;Z Tivoli PKI iJm~|P
a)#
¶ ?v Tivoli PKI ~qwi~<fZ
(;D}]b#20 Tivoli PKI .
0,XkZF.Cw Tivoli PKI ~
qwD?(zwO20 DB2#
IBM WebSphere Application Server,
j<f,f> 3.5 LrY1T^)
(PTF)4#|, IBM HTTP Server,
f> 1.3.12.3M Sun Java
Development Kit(JDK),f> 1.2.2
LrY1T^)(PTF)8
¶ h*;Z Tivoli PKI iJm~|P
a)#
¶ 20 Tivoli PKI .0,XkZF.
20"aPDD,;zwO20
Web ~qwm~#
IBM Directory,f> 3.1.1.5 ¶ h*;Z Tivoli PKI iJm~|P
a)#
¶ 20 Tivoli PKI .0,Xk20
Directory m~#IZ_P Tivoli
PKI D,;zwO20|,rZ6
LzwO20#
¶ IBM 4758 PCI Cryptographic
Coprocessor
¶ IBM 4758 CCA 'VLr,f>
2.2.1.0
¶ I!;vT AIX 53IC;Xk(
}}fD IBM ):~@4):K
z7#
¶ 20 Tivoli PKI .0,XkZF.
20O$PDr"aPDD~qw
O20 47582~M'VLr#
¶ 4758 S\(Z RS/6000® Oh*
PCI \_#
~qw2~*s* Tivoli PKI !qDzwdC!vZ$ZD5qn/T0Gq*Z AIX
r Windows NTO9C Tivoli PKI.
¶ g{F.Z AIX 53OKP Tivoli PKI,XkZ IBM RISC
System/6000®(RS/6000®
)zwO20|#
20 f> 3 "Pf 7.1
||||||
|||||
|||
¶ g{F.Z Windows NT53OKP Tivoli PKI,IBM (iZ IBM
Netfinity®
ServerO20|#
@@]?MLB?*s1,9CTB(ew*8<:
!f#zzrbT73
?l)"}Y$iD>c#bI\GhC*(}Z?x+$i
)"xM1D53,rhC*CZbTM&CLr*"?DD
53#
PHf#zz73
?l)"}'$iD>c#bI\GI!MrPMs5hC*
ZrXxO)"$iD53#
sf#zz73
?l)"}'$iD>c#bI\GIsMs5hC*ZrX
xO)"$iD53#,1|2ITGa)Z}= CA ~qxd
|i/D53#
Bm\aKT!f#zz73B(iDzw*s#&y]z$ZD&m
h*4w{5JzwdC#
=( zw`M &mw ELUd Zf
AIX RS/6000 1( 2 3 3
MHz)
4 GB 256 MB
NT PC 1(Intel
<Z® 3 0 0
MHz)
2 GB 256 MB
20r<*sIBM (iTB$w>dC,TKP Tivoli PKI dC!&CLr(20r
<)#
¶ TBomzwhC;
v Intel <Z&mw,RAM AY* 64MB
v 'V 1024x768r|_VfJ,65536+DFczT>w#
¶ TBYw53.;:
21Tivoli PKI hCkKP
|
|
2.53hs
v Microsoft Windows® 95
v Microsoft Windows 98
v Microsoft Windows NT
¶ 'VyZ JDK 1.1 !&CLrD Web /@w,}gTBwn:
v Netscape Navigatorr Netscape Communicator,vf> 4.7x#
":Netscape Navigatorr Netscape Communicator,f> 6 ;\
dC!&CLrr RA @f'V#Netscape Navigatorr
Netscape Communicator,f> 6 v\ngGG"|B"7z
M8]kV4.`D$iYw'V#
v Microsoft Internet Explorer,f> 5.0 r|_f>
Xk20 Netscaper Microsoft V"D/@w}=f>#SZ}=
)&Lq!Df>I\^(}7T>E",XpGT}"oTbD
oTKP!&CLr1#
XZKP20r<MdC Tivoli PKI 53Dj{E",kND6Tivoli
PKI dC8O7#
M'z*s*7($w>Gqzc9C/@w4ksM\m$iDyh*s,kN
D6Tivoli PKI C'8O7#
*7($w>GqzcKP Tivoli PKI RA @fDyh*s,kND
6Tivoli PKI RA @f8O7#
22 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
f. Tivoli PKI
>BV[ Tivoli Public Key Infrastructure(PKI)gNkdX8z7;%
Yw#"T20NNm~.0rdC53.0,k4i:20f.li
m;PDlim#Z7#QzclimPwns,k4i>BPD#`
wb#>B2|,K*9C Tivoli PKI <8Yw73D8<#>B|,
TBwb:
¶ gNomX#$53"#$|9.\b4Z(DgSVk
¶ gN* Web ~qwdC IP p{,T'VzDi/D@p=*s
¶ Tivoli PKI gN4(M9C}]b
¶ Tivoli PKI gNk Directory ;%Yw
¶ Tivoli PKI gNk 4758-&mw;%Yw
¶ Tivoli PKI gNk Policy Director;%Yw
¶ TZ`(zw73PKP Tivoli PKI FvD~qwdC
¶ Zzi/DoT73PKP Tivoli PKI D>XoT"bBn
¶ Tivoli PKI z7V"m~|Pa)D CD DEv
20f.limTBlimj6KYx Tivoli PKI 20I&yhDwn#4iKlim
PDwn,;)zzcd*s,r!P(U)|G#
3
23Tivoli PKI hCkKP
|
|
|
3.f.
Tivoli
PK
I
n? hv "M GqjI?U
z7`5 Tivoli PKI kk IBM r Tivoli zm
*5,Tq!j8E"#
IBM 4758 PCI
Cryptographic Coprocessor
kk IBM r Tivoli zm
*5,Tq!j8E"#
~qwm~*s TBYw53.;:
¶ I B M
AIX/6000(AIX),
f> 4.3.3,$6p 6
¶ Microsoft Windows
NT,f> 4.0(xP
Service Pack 5)
IBM DB2 (C}]bf
> 6.1 ^)| 4
h*;Z Tivoli PKI i
Jm~|Pa)#
IBM WebSphere
Application Server,j<
ff> 3.5 LrY1T^
) 4#|, IBM HTTP
Serverf> 1.3.12.3M
Sun Java Development
Kit(JDK)f> 1.2.2L
rY1T^) 8#
h*;Z Tivoli PKI i
Jm~|Pa)#
IBM Directory f>
3.1.1.5
h*;Z Tivoli PKI i
Jm~|Pa)#
IBM Global Security Kit
SSL Runtime
Toolkit(GSKit)f>
4.0.3.116
h*;Z Tivoli PKI i
Jm~|Pa)#
IBM KeyWorks f>
1.1.3.1
h*;Z Tivoli PKI i
Jm~|Pa)#
¶ I B M 4 7 5 8 P C I
Cryptographic
Coprocessor
¶ IBM 4758 CCA 'V
Lr,f> 2.2.1.0#
I!;vT AIX 53I
C;Xk(}}fD IBM
):~@4):Kz7#
24 f> 3 "Pf 7.1
|||||
|||||
|||||
||||||||
||
|||||
||||||||
|||
|||||
||||
|||
|||||
|||||
|||
|
n? hv "M GqjI?U
~qw2~*s TB=(.;:
¶ A I X : I B M R I S C
System/6000
¶ Windows NT:IBM
Netfinity® Server
¶ 4GB ELUd
¶ 256MB Zf
¶ ;v 233MHz &mw
(AIX),r
¶ ;v 300MHz Intel<
Z&mw(Windows
NT)
20r<*s ¶ Intel <Z&mw,
RAM AY* 64MB
¶ 'V 1024x768r|_
VfJ,65536+DF
czT>w#
TBYw53.;:
¶ Microsoft Windows 95
¶ Microsoft Windows 98
¶ Microsoft Windows NT
'VyZ JDK 1.1 !&
CLrD Web /@w,
}gTBwn:
¶ Netscape Navigatorr
N e t s c a p e
Communicator,TZ
Windows =(,vf
> 4.7x
¶ Microsof t Internet
Explorer,f> 5.0 r
|_f>#
Xk20 Netscaper
Microsoft V"D/@w
}=f>#SZ}=)&
Lq!Df>I\^(}
7T>E",XpGT}
"oTbDoTKP!&
CLr1#
25Tivoli PKI hCkKP
||||
||
||
||
||
|||||||
||
||||||
||
||||
||
|||||||||||
|||||||
|
3.f.
Tivoli
PK
I
n? hv "M GqjI?U
RA @f*s ¶ Intel <Z&mw,
RAM AY* 64MB
¶ 'V 1024x768r|_
VfJ,65536+DF
czT>w#
TBYw53.;:
¶ Microsoft Windows 95
¶ Microsoft Windows 98
¶ Microsoft Windows NT
TB Web /@w.;:
¶ Netscape Navigatorr
Communicator,v"
Pf 4.7x
¶ Microsof t Internet
Explorer,"Pf 5.0
r|_f>
Xk20 Netscaper
Microsoft V"D/@w
}=f>#
TZ Internet Explorer,
Xk_P Javaibz
(JVM),"Pf 5.00,
9(f> 3167r|_f
>#
26 f> 3 "Pf 7.1
||||
||||||
||
||||
||
|||||||
|||
|||||
|
n? hv "M GqjI?U
M'z*s¶ Intel <Z&mw,
RAM AY* 64MB
mb,
¶ 'V 1024x768r|_
VfJ,65536+DF
czT>w#
TBYw53.;:
¶ Microsoft Windows 95
¶ Microsoft Windows 98
¶ Microsoft Windows NT
ngTBD Web /@
w:
¶ Netscape Navigatorr
N e t s c a p e
Communicator,TZ
Windows =(,vf
> 4.7 r|_f>
¶ Microsof t Internet
Explorer,f> 5.0 r
|_f>
Xk20 Netscaper
Microsoft V"D/@w}
=f>#
#$53Tivoli PKI 9CS\"}V){M}V$i4#$BqM#$J4,9.
\b4Z(DVk#;x,Tivoli PKI ~qw>mD2+T!vZdBc
Yw73D2+T#
KZa)K*<20 Tivoli PKI m~.0#$53om73T94Z(
DC'Dx8n!/D(i#
TBG*<GD;)2+Tn?:
tkxr
Z(CZO$PD(CA)n/Dtk?dZ20~qw#g{
I\,K?d&_PSLD=Z,;H5DD>JrVJET
27Tivoli PKI hCkKP
||||
|||
|
|||
||
||||
||
||||||||||
|||
|
|
|
3.f.
Tivoli
PK
I
0;xIp6eD9lHLDl(e#K?d2&_Pn/X
e,T\b'pivB"zEg#
,$xr
K?d&*Fcz"Uwh8"K/=bwT0!/MFd5
3a);dOg4(UPS)#`S?dDBHXF,T7#Pc
;DdUxw4V{h8zIDH?#
\XCJ
I(}m`=(4^FTomxrDCJ,}g,(}9CE
{(r|XEx#*K@9vKDqb[D,&20XFw,
*sAYI=vIEDM1v>}7D>$#
,12&`S?d,Z?NPKCJ2+xr1T0TCJ_
#VzY#*o=nsD2+T,kZEZMEb<20K/
=bw#
\X(E
Tivoli PKI ~qwO&;PUPD*EKZ#&dC53,Tc
vl}w78(xn/ Tivoli PKI &CLrDG)KZODk
s#
9C@p=<uIBM ?R(iz20@p=,}g IBM Firewall,T#$ Tivoli PKI 5
39.\bSxgDm;?VVk#@p=Jmz(}TB=(#$5
3:
¶ XFD)&CLrISrXxCJZ?xg
¶ XFQZ(D&CLrICJZ?xgDD)X7
¶ @9Z?&CLrCJb?xg(rXx)
¶ O$yPdkks4,"`&XmIr\xCJ
*5)CJ^F,&Z@p=sdC Tivoli PKI ~qw#&7#20D
@p=AYa)TB&\:
¶ 8!7Iw,y]zD_TW!n!qTXh{}]|#}g,@
p=&Jmz("X~,^FkX( IP X7MKZD(E#
28 f> 3 "Pf 7.1
¶ zm~qw,#1M'z/~qwks.dDYC_#}g,@p
=&JmzZ+C'D FTPr HTTP ks7I=`&D~qwxL
.0+|GXO#byvI@9M'zM~qw1S`%(E#
¶ \_xg,a)nbD:ex,r;b?xg\p,ItkM#$
Z?xg#
kG!IZ`(zwO20 Tivoli PKI ~qwLr,K2Ea)K8v
EF#}g,(}Z`v&mw.dVd$w:I,IqCT\Dx;
IhC@"D8]wH,"(} IP X73d4XFT;,}LDCJ#
;x,*7#b)LrD2+T,XkZ@p=sdCb)~qw#X
kI!kz#$w~qw`,D@6k)4#$|G#
9C Tivoli PKI }]bTivoli PKI 9C IBM DB2 (C}]bm~4\m}]#Tivoli PKI i
Jm~|P|,D DB2 f>v) Tivoli PKI &CLr9C#g{*(
F}]bm~,r+dCZ} Tivoli PKI TbDz7,rXk:r IBM
DB2 s5fj+f>DmI$#
g{*Z`zdCPhC Tivoli PKI,XkZ?(F.20 Tivoli PKI ~
qwi~DzwO20 Tivoli PKI }]bm~#
w*KPs20dCLrD;?V,Tivoli PKI *dC}]4( cfgdb}
]b"T|2k1!dC5#
dC}LP,Tivoli PKI * CA }]""a}]"sF}]M\?8]
kV4}]4(TB}]b#g{Z AIX O20 Tivoli PKI,XkZ*
<20}L.0*b)}]b4(ELVx#XZj8E",kNDZ
423D:hC AIX miMD~53;#
¶ ibmdb
¶ pkrfdb
¶ adtdb
¶ krbdb
}G|Q-fZ,qr Tivoli PKI 2* Directory4( ldapdb}]b:
29Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
3.f.
Tivoli
PK
I
g{zZ,;zwO20yP~qwi~,rdCLrZs(4(}]
b#g{Z6LzwO20 CA"sFr Directoryi~,20}LPX
kI!;)=h,T7#}75}/}]b#6Tivoli PKI dC8O7V
[Kb)6LdC}L#
g{Z AIX O20 Tivoli PKI,rdC"CA""a"sFM\?8]
kV4}]bZ{* cfguserD5}B4(#}GT04(K Directory
D}]b,qr2Z cfguser5}B4(|#
g{Z Windows NTO20 Tivoli PKI,r Tivoli PKI }]bD5}
{Fk20z7DC'{`%d(FvD5* cfguser,+zD20I\
kK;,)#}GT04(K DirectoryD}]b,qrZ{* ldapInstD
5}B4(|#
*K'V8]kV4,Tivoli PKI PKI *"aM$wB~tCsFG<#
XZgNi5sFU>T0gN8]kV453D8<,kND Tivoli
PKI System Administration Guide#XZgN8]kV4}]bD=SE
",kI/>X DB2 }]b\m1#
dC Web ~qwD IP p{Tivoli Public Key InfrastructureiJm~||,9C Tivoli PKI yhD
Web~qwm~:IBM WebSphere Application Server"IBM HTTP Server
T0 Sun Java Development Kit(JDK)#20Km~s,I\*dCX
bKZCZ&m+CM2+ks#
Z Tivoli PKI 53P,Web ~qwh*'VTB`MDks:
¶ G2+WSVc(SSL),r+Cks
¶ ;hM'zO$D2+ SSL ks
¶ hM'zO$D2+ SSL ks
Z1!dCP,Tivoli PKI 8( Web~qwODKZ4&mwVks#
b9z\9C20sD53,x;hTxgdCxP(Ew{#
Bm\aKCe5a9M1!KZ5:
30 f> 3 "Pf 7.1
|
|
|
-i SSL ~qwO$ M'zO$ KZE
HTTP q q q 80
HTTPS G G q 443
HTTPS G G G 1443
Zm`2+53P,;PKZ 80 M 443 I(}@p=*E,R;PK
Z 443ICZ SSL,S#g{zDi/}GbViv,rXkdC Web
~qw,Tc;,`MDksI(}`,KZ4&m#}g,I\*d
C53Tc=v2+~qw<ZKZ 443 l}ks#
*@9`vCJc(},;KZ=o,;zw,Xk(eibwz{,
"+|Gk IP X7(b) IP X7GzwD5J IP X7Dp{)`X
*#bvEn,F.* IP p{,JmzZ;(zwOKP`v@"D~
qw#
":g{;k9C Web~qwKZD1!dC5,rXkZKP Tivoli
PKI dC!&CLr.0dC IP p{#*534( CA $i1,
dCLr+@5Zb)5#
Z TCP/IPr{~q(DNS)PhC IP p{#TZ Tivoli PKI,k4P
TBYwdC=Vp{:
¶ dC DNS"8(zwDwz{M IP X7#TZKZ 80l}G SSL
ksD+C~qw9CKu?#
¶ mSp{(ib)wz{Mp{ IP X7#TZKZ 443l} SSL"
GM'zO$ksD2+ Web ~qw9CKu?#
¶ mSZ~vp{wz{MZ~vp{ IP X7#TZKZ 443 l}
SSL"M'zO$ksD2+ Web ~qw9CKu?#
k"bb)p{wz{M IP X7XkG(;D,R|GXk3d=,;
omzwO#
XZdCibwz{M IP p{DE",kiDk DNS z7;pa)D
D5#2I4i IBM HTTP Servera)DD5#}g,IZTB IBM
HTTP Server Web>cCJ User AssistanceE":
http://www.ibm.com/software/webservers/httpservers/library.html
31Tivoli PKI hCkKP
3.f.
Tivoli
PK
I
9C DirectoryTivoli Public Key InfrastructureiJm~||,20 IBM Directory y
hDm~#I20k Tivoli PKI ;pa)Dm~,"+|hC*(Ek
Tivoli PKI ;p9C,r_I+ Tivoli PKI kVPD IBM Directory ;
p9C#20 Tivoli PKI ~qwm~1,20Lry] Tivoli PKI i
~h*DE"|B Directory#
dC}LP,Tivoli PKI 4(|h*Du?,Tcs(= Directory""
<E"#}g,dCLr4( Tivoli PKI CA Du?,"8(J1D
Directory CJmI(#
g{zZ,;zwO20yP~qwi~,rdCLrZs(|B
Directory#g{Z6LzwO20 Directory,20}LPXkI!;)=
h,T7#|DdC}7#6Tivoli PKI dC8O7V[KK}L#
Directory #=DirectoryPD?vu?m>I;v(;Rw7D(P{F(DN)4j6
D%vTs(}gK1"i/rh8)#Directory #=(eK DN Df
r,}ggNyw|GT0 DN PITrXk|,DE"`M#
DN |,;itT,PzZ(;Xj6Ts"hvTsX(#}g,tT
Ij6Tsy&Xc"kTsPXDi/T0TsDQ*{F#
*Kozz(e Tivoli PKI h*D Directory u?,dC!&CLra
)K<NC'gf(GUI)#(P{F`-wJmz8( DN tT,x;
XGCe~ Directory #=*s#
Directory CJXFyP Directory u?<G_-Xi/=F* Directory E"w(DIT)D
Vca9P#Cw_P;vyM^^6*Zc#?vZcT&Z;vI
(PtTj6D Directory u?#
Directory Jm*%vu?ru?0d{vSwhCCJXFX(#dC
Tivoli PKI 1,*?v Tivoli PKI DN u?&C`&DX(#\a:
32 f> 3 "Pf 7.1
¶ CA Xk\CJ DirectorycNa9Pd DN kZc&r.BDyP
kZ#Z CA y!6p&r.BDTsG CA \mrDI1#|G
zmQZ(SUI CA O$D+C\?M$iD5e#
¶ r* Tivoli PKI CA ;1Ss(= Directory,|9Czm(F.*
Directory \m1)#Directory \m14P CA"RA M Directory .
dDks#Z(|B Directory P CA SwDyPu?#b|,m
S">}"|D"A!"QwMHO Directory u?D\&#
¶ ?v Tivoli PKI 53(e;v Directory rootC' DN#root C'
DN G;vQdCD5e,+5JO|";fZZ Directory wP#
w* root \m1,_P|B DirectoryPyPZc(x;vvG3v
X( CA SwPDG)Zc)D(^#
root C' DN PDtThvK Directory'VD-iMXF#|tC
ng Tivoli PKI DM'z47(~qwM DirectorywDy>E"#
29 Tivoli PKI \s(= Directory,TT|xP|D#
9C 4758 -&mw!\ IBM 4758 PCI Cryptographic CoprocessorGI!D,+TDxz
9CKz7,Tozns/ CA M RA )p\?D2+T#byvPz
Z9DC0(D53\m1r53Vk_x4p&D)6n!/#
":vZ AIX f>D Tivoli PKI Pa) 4758-&mwD'V#
4758 -&mw9C IBM +2S\e5a9 API 4a)?sDS\~
q#yPS\&m<"zZomS\(2+_gZ#
20}LP,4758dCLrzIw\?,"+.f"Z2~P#Z Tivoli
PKI 53P,-&mw9CKw\?T0 RSAc(,4}XS\ CA r
RA D)p\?#K=ha)2+Tnbc,T\bT<9)rmbFk
CA r RA D){#
}KdS\G\,4758-&mw9\lb[D2~rw\?DT<"g
9MBHD;frTT0}?xdD#;)lb=,M+h*C4CJ
#iP\#$}]D\?F5#
33Tivoli PKI hCkKP
|
|
|
|
|
|
|
3.f.
Tivoli
PK
I
":XZ20"dCMK! 4758-&mwDE",kN< IBM 4758 z
7D5#
+ CA r RA \?f"Z2~Pg{v(9C 4758 -&mw,rXkZdC Tivoli PKI .0Z20
Tivoli PKI CA ~qwr Tivoli PKI RA ~qwDzwO20|#dC
CA r RA 1,k8(|Gq&9C-&mw4f"d)p\?#
Zs`} Tivoli PKI 53P,CA r RA \?"GZomOkw\?;
pf"#;x,P;dC!nJmz2GC1!5,IBM ;DxKYw#
g{ 4758-&mw2~'\,rXk<8"4I!@}Yw#
g{!q+ CA r RA \?f"Z2~P,r&<8VQV4F.#h
KbkKv(`XDgUM@}Yw:
¶ 8] 4758-&mw1,v8]|Dw\?,;8]f"Z2~(P
DNNd|\?#rK,g{(p5,r"zd|2~JO,z+
*' CA r RA D)p\?#
¶ g{ CA r RA D\?Q*'r9),rXk#9 CA r RA,;
sCBD\?t/|#1 CA r RA ;IC1,I CA r RA )
p$iDC';\9Cb)$i,r*^(i$|G#
¶ r*T CA r RA D-<\?)pD$i;YP',yTXkZX
B(" CA r RA .s)"CBD CA r RA \?)pDB$i#
XZT 4758 -&mwDx;=V[,kN< Tivoli PKI System
Administration Guide#
k Policy Director /ITivoli Policy Director*g=XmV"DZ?xMb?xDJ4a)KK
=K2+T#||,O$"Z("}]2+TMJ4\mDc:'V#
(}+ Policy Directork Tivoli PKI /I,I*gSLqn/4(2+
DM$i#$D73#
Policy Director* Web73a)K%vXFc#1C'"TCJ2+>
c1,Policy DirectorI*s?v WebC'xP%;"a"O$C'm
34 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
],"i$C'CJ\#$xrD(^#w*Ki$}LD;?V,I
dC Policy Director4@@ Tivoli PKI $i#
}g,IdC Policy Director vS\G)QIIED CA(T Policy
DirectorQ*))pD$i#(}* Policy Directora) Tivoli PKI CA
$i,IaxWYX("4Z(DC'kh*#$DJ4.dDAO#
XZZ Policy Director73P9C Tivoli PKI DE",kND IBM l
$i,Tivoli SecureWay Policy Director Centrally Managing e-business
Security,SG24-6008–00#
I(}9CL5wLTs(BPO),(F Tivoli PKI Tx;=k Policy
Director/I#}g,;)a)K$iks,MI4 BPO]w,T4(
Policy DirectorC'j6#(}bV=(,+$is(= LDAP P4(
D Policy Director ePersonTs#a)4PK&\D BPO_PnbDf
&:,1* Policy Directora)KyZ Web DGGzF#
kN< IBM l$i Working with Business Process Objects for Tivoli
SecureWay PKI,SG24-6043-00,q!*"M(F BPO D8<,Tzc
zTQ@XDLqhs#
'VD~qwdCIZ;(zwO20yP Tivoli PKI ~qwi~,r+&mVd=`(
zwP#;x,XkzcTB<x:
¶ Web~qw"WebSphereT0|, RA M}]b(#tdCM"a
}])Dw Tivoli PKI ~qw,XkZ,;zwO2f#
¶ CA ~qwMsF~qw,T0|GD}]b,XkZ,;zwO2
f#
¶ Directory ~qw0d}]bXkZ,;zwO2f#
gNdCzD~qwxg*!vZzDi/Z{D$w:IMGq+3
(X(zwCZ`VC>#}g,g{T020K Directory"+.kd
|&CLr;p9C,rI\k#VC~qwkd| Tivoli PKI i~t
k#
35Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3.f.
Tivoli
PK
I
TBdC\aKIVd~qwi~D=(:
¶ w Tivoli PKI ~qw"CA MsF~qwT0 Directory~qwZ;
(zwO#
¶ w Tivoli PKI ~qw"CA MsF~qwT0 Directory~qwZ}
(@"zwO#
¶ w Tivoli PKI ~qwZ;(zwO,CA MsF~qwT0 Directory
~qwZm;(zwO#
¶ w Tivoli PKI ~qwk CA MsF~qwZ;(zwO,Directory
~qwZm;(zwO#
¶ w Tivoli PKI ~qwM Directory~qwZ;(zwO,CA MsF
~qwZm;(zwO#
zJ73"bBnQtC Tivoli PKI i~CZzJ73PD?p:
¶ 9CTBoT-kK{"D~M<NC'gf(GUI)"a)>X
oT'V:"o"(o"Bo"bs{o"w`@o"MwOQ@
o"Uo"+zo"rePDM1ePD#
¶ yPD>dkVN(} UTF-8 `k'V Unicode#
¶ yP(P{F(} UTF-8 `k'V Unicode#
Z Tivoli PKI P,dCD~PDyP?<76vI9C"o,xRXk
T ASCII q=8(#
r*~.vZfB,Tivoli PKI z7T%@DS\^)fV"#@z"@
z\_XxMSCsDzZM'ICDf>|,DS\c(HzJM'
ICDf>&\|?s#z7zkPDS\c(G$H7(D,Z2
0"dCr9Cz71;\|D#
Tivoli PKI iJm~|Tivoli PKI z7Dm~Z|,TB CD DiJm~|PV":
36 f> 3 "Pf 7.1
|
|
¶ IBM WebSphere Application Server AIXf,j<f V3.5 Application
ServerM IBM HTTP Server CD
K CD |, Tivoli PKI yhD Web~qwm~#||, WebSphere
Application ServerM IBM HTTP Server#
¶ IBM WebSphere Application Server AIXf,j<f V3.5 IBM Directory
K CD |, Tivoli PKI yhD}]bM Directory m~#
¶ Tivoli Public Key Infrastructure AIXf,V 3.7.1,CD 1
K CD |, Tivoli PKI yhD}]bm~,"|,TBwn:
v Tivoli PKI "aPD"O$PDMsF~qwLr;k Directory
`XDm~;CZ20"dCM\mz7DLr#
v Tivoli PKI "aPD@f!&CLrD203s#
X(Z=(D CD G* AIX a)D#
¶ Tivoli Public Key Infrastructure AIXf,V 3.7.1,CD 2
K CD |, Tivoli PKI yhm~MLr^)#
¶ 6Tivoli Public Key InfrastructurehCkKP7
¶ 6Tivoli Public Key Infrastructure"P5w7
37Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
3.f.
Tivoli
PK
I
38 f> 3 "Pf 7.1
Z AIX O20 Tivoli PKI
>Ba)KZ AIX =(O20 Tivoli Public Key Infrastructure(PKI)
0dX8z7D}L#
*<20 Tivoli PKI m~0,k7#QDAz7"P5wDnBf>#
*q!"P5wDnBf>,kCJ Tivoli Public Key Infrastructure Web
>c:
http://www.tivoli.com/support
TBP3r20 Tivoli PKI m~:
1. AIX Yw53f> 4.3.3
2. AIX Yw53,$6p 6(dsXB}<zw)
3. IBM DB2 (C}]bf> 6.1 ^)| 4
4. IBM Directory Serverf> 3.1.1.5
5. IBM Developer Kit AIX f,Java<uf,f> 1.2.2LrY1T
^) 8
6. IBM WebSphere Application Serverj<ff> 3.5
7. }6 IBM WebSphere Application Serverj<ff> 3.5 LrY1
T^) 4
8. {CT/t/ IBM HTTP Server
9. t/ WebSphere Application Server
10. IBM KeyWorksf> 1.1.3.1
4
39Tivoli PKI hCkKP
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
11. Tivoli PKI ~qwm~
hC AIXZF.20 Tivoli PKI m~DzwO20 AIX m~1,k9CTB8
<#g{T0Q20 AIX,rk9Cb)8<w*lim,7#Q20y
P Tivoli PKI i~XhDD~#
g{*Z`zdCPhC Tivoli PKI,rXkZ?(F.20 Tivoli PKI
~qwi~DzwO20 AIX#
**<20}L,k4PTBYw:
1. k4PBDMj+20,x;G#t20#
":K1k;*20NN^)6p#TsZ20}LP4PKY
w#
2. k7#Q+zwDoT73hC*F.KP Tivoli PKI &CLrDo
T#
3. Tivoli PKI 'V AIX IEFcb(TCB)#g{k*9CK&\(|
Ix;=a_Yw53D2+T),120 AIX 1!qK!nTtC
C&\#
4. dC TCP/IP1,dk53rL{F,w* HOSTNAME#}g,d
k hostname ,x;G0hostname.mycompany.com1#20 AIX sk
4PTBYw,i$Q}7X8(K{F:
a. dk smitty #
b. !q(E&CLrM~q#
c. !q TCP/IP#
d. !qn!dCMt/#
e. SICDxgSZPm!qJ1DxgSZ#}g,!q en0 j<T+xxgSZ#
f. i$ HOSTNAME 5Dq=}7#
40 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
i$D~/20 AIX "XBt/53s,k7OQ20TBD~/:
bos.adt.base 4.3.3.0 COMMITTED y>&CLr*"bos.adt.debug 4.3.3.0 COMMITTED y>&CLr*"bos.adt.graphics 4.3.3.0 COMMITTED y>&CLr*"bos.adt.include 4.3.3.0 COMMITTED y>&CLr*"bos.adt.lib 4.3.3.0 COMMITTED y>&CLr*"bos.adt.libm 4.3.3.0 COMMITTED y>&CLr*"bos.adt.prof 4.3.3.0 COMMITTED y>E*D~'Vbos.adt.prt_tools 4.3.3.0 COMMITTED r!z'V*"bos.adt.samples 4.3.3.0 COMMITTED y>Yw53y>bos.adt.sccs 4.3.3.0 COMMITTED SCCS &CLr*"bos.adt.syscalls 4.3.3.0 COMMITTED 53wC&CLrbos.adt.utils 4.3.3.0 COMMITTED y>&CLr*"bos.adt.data 4.3.0.0 COMMITTED y>&CLr*"X11.adt.bitmaps 4.3.0.0 COMMITTED AIXwindows &CLrX11.adt.ext 4.3.3.0 COMMITTED AIXwindows &CLrX11.adt.imake 4.3.3.0 COMMITTED AIXwindows &CLrX11.adt.include 4.3.3.0 COMMITTED AIXwindows &CLrX11.adt.lib 4.3.3.0 COMMITTED AIXwindows &CLrX11.adt.motif 4.3.3.0 COMMITTED AIXwindows &CLrX11.apps.aixterm 4.3.3.0 COMMITTED AIXwindows aixterm &CLrX11.apps.clients 4.3.3.0 COMMITTED AIXwindows M'z&CLrX11.apps.config 4.3.3.0 COMMITTED AIXwindows dCX11.apps.custom 4.3.3.0 COMMITTED AIXwindows (F$_X11.apps.msmit 4.3.3.0 COMMITTED AIXwindows msmit &CLrX11.apps.rte 4.3.3.0 COMMITTED AIXwindows KP1X11.apps.util 4.3.3.0 COMMITTED AIXwindows 5CLrX11.apps.xterm 4.3.3.0 COMMITTED AIXwindows xterm &CLrX11.base.common 4.3.3.0 COMMITTED AIXwindows KP1+2D~X11.base.lib 4.3.3.0 COMMITTED AIXwindows KP1bX11.base.rte 4.3.3.0 COMMITTED AIXwindows KP173X11.base.smt 4.3.3.0 COMMITTED AIXwindows KP12mD~X11.compat.lib.X11R5 4.3.3.0 COMMITTED AIXwindows X11R5 f]TX11.fnt.coreX 4.3.0.0 COMMITTED AIXwindows X *OVeX11.fnt.defaultFonts 4.3.2.0 COMMITTED AIXwindows 1!VeX11.fnt.iso1 4.3.3.0 COMMITTED AIXwindows -! 1 VeX11.motif.lib 4.3.3.0 COMMITTED AIXwindows Motif bX11.motif.mwm 4.3.3.0 COMMITTED AIXwindows Motif 0Zifor_ls.base.cli 4.3.3.0 COMMITTED mI$9C\mKP1ifor_ls.client.base 4.3.3.0 COMMITTED mI$9C\mM'zifor_ls.client.gui 4.3.3.0 COMMITTED mI$9C\mM'zifor_ls.msg.en_US.base.cliifor_ls.base.cli 4.3.3.0 COMMITTED mI$9C\mKP1ifor_ls.client.base 4.3.3.0 COMMITTED mI$9C\mM'zxlC.cpp 4.3.0.1 COMMITTED C oT AIX f$&mwJava.rte.bin 1.1.8.0 COMMITTED Java KP173Java.rte.classes 1.1.8.0 COMMITTED Java KP173Java.rte.lib 1.1.8.0 COMMITTED Java KP173
41Tivoli PKI hCkKP
|||||||||||||||||||||||||||||||||||||||||||||||
4.Z
AIXO20
Tivoli
PK
I
g{yPb)D~/4+?20,kZLx20}L020|G#
i$Pc;Dw3UdAYXkP 768MB Dw3Ud#jITB=h,i$Pc;Dw3U
d:
1. dk smitty #
2. !q53f"w\m(omM_-f"w)#
3. !q_-m\mLr#
4. !qw3Ud#
5. !qP>yPw3Ud#
6. g{\s!;G 768MB r|`,k4PTBYw:
a. 4 F3 r!{#
b. !q|D/T>w3UdXw#
c. !q*vSDw3Ud{F#
d. mS*+w3UdvS= 768MB yhD=S_-Vx}#
T AIX &C^)6pQi$ AIX D~/s,k20^)6p ML 4330–06#q! AIX ^)
6p ML 4330–069!Lr"y]=xDD520|#&C ML 4330-06
s,XkXBt/zw#
hC AIX miMD~539C AIX 53\mgf$_(SMIT),hCTBD~53#C(iDd
CyZ+=v_P 4.5GICUdDEL}/wCZ rootvgM datavgm
i#
":>V[YhyP~qwi~<20Z,;(zwO#g{Zk"a
PD~qwV*DzwO20O$PDMsFS53,rh*`&
Xw{}L#
¶ TZ rootvg Vx:
v +y(/)VxhC* 64MB(128,000v 512 VZDi)#
42 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
v + /usr VxhC* 3GB(6,000,000v 512 VZDi)#
v + /tmp VxhC* 200MB(400,000v 512 VZDi)#
v + /var VxhC* 500MB(1,000,000v 512 VZDi)#
v + /homeVxhC* 200MB(400,000v 512 VZDi)#
¶ TZ datavgVx:
v + /local VxhC* 2GB(4,000,000v 512 VZDi)#
v 4( /dbfsibm Vx"+dhC* 500MB(1,000,000v 512 V
ZDi)#
bG Tivoli PKI CA D1!D~53#k"bI\h*y])"
D$i}w{s!#
v 4( /dbfspkrf Vx"+dhC* 300MB(600,000v 512 VZ
Di)#
bG"a$_D1!D~53#k"bI\h*y]"a$iD
C'}w{s!#
v 4( /dbfsadtVx"+dhC* 300MB(600,000v 512VZD
i)#
bGsFS53D1!D~53#k"bI\h*y]G<Ds
FB~}w{s!#
v 4( /dbfskrb Vx"+dhC* 300MB(600,000v 512 VZ
Di)#
bG\?8]MV4$_D1!D~53#k"bI\h*y]
)"D\?8]ks}w{s!#
4( CD-ROM D~53*20 Tivoli PKI 0dX8z7,Xk+ CD-ROM D~5320*
/cdrom#g{h*,k9CTB|n4(KD~53D(e:
crfs -v cdrfs -d /dev/cd0 -m /cdrom -p ro -A no
r_,IT9C SMIT 4(D~53:
smitty crcdrfs
43Tivoli PKI hCkKP
4.Z
AIXO20
Tivoli
PK
I
|D AIX 53C'}dkTB|n|D AIX 53C'}#*9K|nz',XkXBt/5
3#
chlicense -u 100
7#wz{bvk4PTBYwhC AIX,Tc>X~qwIT}7Xbvwz{:
1. Z /etc ?<P4(|{* netsvc.confDD~,D~Pv|,TBP
(k"bKodP;PUq):
hosts=local,bind4
9CD>`-w(g vi)4(KD~,rdkTB|n:
echo hosts=local,bind4 > netsvc.conf
2. `- /etc/hostsD~"7#KD~}C}ZhCD~qw#}g:
127.0.0.1 loopback localhost192.40.168.20 taserver.company.com taserver
O}PDZ~Pj6K IP X7"+^(wz{M}ZhCD AIX ~
qwDrLwz{#
3. 4(r^D /etc/resolv.confD~,v|,TBP:
domain company.comnameserver 10.10.10.90
O}PDZ;Pj6K}ZhCD~qwDr{#Z~Pj6K DNS
{F~qwD IP X7#
4(533sd;;GXhD,+&1ZLx Tivoli PKI 2008] AIX 53dC#
5P8]3s+9zZvVJbDivBIV453#
*4(533s,kw* root C'dkTB|n"!qW!D!n:
smitty mksysbsmitty savevg
44 f> 3 "Pf 7.1
20}]bm~Tivoli PKI 9C IBM DB2 (C}]bm~4\m}]#IBM DB2 (
C}]bm~Gk IBM WebSphere Application Serverj<ff> 3.5.0
;pa)D#k IBM WebSphere Application Server;pa)D IBM
DB2 (C}]bm~rcv) Tivoli PKI &CLr9C#g{k*(F
}]bm~,r+dCZ} Tivoli PKI TbDz7,rXk:r IBM
DB2 s5f,f> 6.1 Dj+f>DmI$#
TBBZa)K20}]bm~D=h#g{Z`zdCPhC Tivoli
PKI,rXkZ?(F.20 Tivoli PKI ~qwi~DzwO20}]b
m~#k"bTB8<:
¶ dCZd,Tivoli PKI +T/4(~qwLrXhD}]b#}G
Directory }]bQ-fZ,qr Tivoli PKI +* Directory 4(}
]b#
¶ 20 Tivoli PKI .0,Xk7#Z?(F.20 Tivoli PKI ~qw
i~DzwOQ20XhD}]bm~f>#20 Tivoli PKI 0,X
k7#}]b53>m}Z}7KP#
20 DB29CTB}L20y>}]bm~#
1. T root C'G<#
2. + IBM WebSphere Application Server AIXf CD Ek CD-ROM
}/w#dkTB|n20 CD:
mount /cdrom
3. dkTB|n|DA CD OD /Db2 ?<:
cd /cdrom/Db2
4. dkTB|nKP}]b20E>:
./db2setup
20Zd,}]b20E>+xPli,Ti4Gq53OfZT
0f>D DB2 T0zwGqPc;DELUd#g{;Pc;DU
d,r+vS /usr D~53A 400 MB ICUd#
5. !q DB2 UDB s5f#
45Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
6. !q DB2 z7{"#
7. !qzDxrD`&oT,;s!q7(#
8. !q DB2 z7b#
9. !qzDxrD`&oT,;s!q7(#
10. !q7(#
11. Z4( DB2 ~qAf,!q4( DB2 5}#
12. 4 Enter |#
13. +C'{hC* db2inst1 "+w?<hC* /home/db2inst1 #y
Pd|5DhCT#V|GD1!5#
14. *\kMi$\kdk5#
15. !qtT#
16. 4 Enter |#
17. TZO$`M,!qM'z#
18. !q7(#
19. !q7(#
20. TZO$,* db2fenc1C'{dk\kMi$\k#
21. !q7(#
22. !q7(#
23. !q7(#
":vT/f{"#
24. !qLx#
25. !q7(#
+ZK&*< DB2 20#
26. !q7(#
27. !q7(Kvri4U>#
28. !qXU#
46 f> 3 "Pf 7.1
|
|
|
29. !q7(#
30. !q7(#
K&QjIC?V20#
31. dkTB|n,60 Tivoli PKI iJ:
umount /cdrom
32. dkTB|n|D?<:
cd /usr/lpp/db2_06_01/cfg
33. dkTB|nhC73d?:
./db2ln
34. N<:20 IBM® Directory;;Z,Lx20#
20 IBM® DirectoryTivoli PKI 9C IBM Directory f"",$XZ(}"a$_)"D$
iDE"#9CTBBZPD=h,20"hC Directorym~#ITZ
6LzwOrZF.20 Tivoli PKI ~qwi~D,;(zwO20K
m~#
20 Directory m~w* root C',k4PTBYw:
1. + Directory Serverf> 3.1.1.5 CDEk53D CD-ROM }/w
P#dkTB|n20 CD:
mount /cdrom
2. dkTB|n|D?<:
cd /cdrom/usr/sys/inst.images
3. dkTB|n:
smitty install
4. !q20"|Bm~#
5. !qSnBICm~20M|B#
6. TZdkm~Dh8/?<!n,k!q .(dc)#
47Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
7. ZSnBICm~20M|B,4 F4 i4ICZ20DD~/Pm#
8. 9C F7 !qCZ20D ldap.clientD~/#
9. 20D~/s,ZSnBICm~20M|B,4 F4 i4ICZ20DD~/Pm#
10. 9C F7 !qCZ20DTBD~/:¶ ldap.server
¶ ldap.html.en_US
":Xk*20!qJ1DoTD~/#
11. dkTB|n6X DirectoryiJ#"vTB|n1,NNxL<;
ITCJ /cdromwDNN?V:
umount /cdrom
":Z`zdCP,KP Tivoli PKI dC!&CLr0,?v Tivoli PKI
~qw<Xk20 DirectoryM'zm~#*20Km~,}KQ2
0 Directory ~qwm~Dzw,XkZd|D?(zwOS
Directory Server CD20 ldap.client!n#Xk20Z?(zwO
DX|D~G libldap.a#
jI1,Q20BPD~:
ldap.client.adt 3.1.1.5 COMMITTED SecureWay Directory Client SDKldap.client.rte 3.1.1.5 COMMITTED SecureWay Directory Clientldap.html.en_US.config 3.1.1.0 COMMITTED SecureWay Directoryldap.html.en_US.man 3.1.1.0 COMMITTED SecureWay Directory *zoz3ldap.msg.en_US 3.1.1.0 COMMITTED SecureWay Directory {"ldap.server.admin 3.1.1.5 COMMITTED SecureWay Directory Serverldap.server.com 3.1.1.5 COMMITTED SecureWay Directory Serverldap.server.rte 3.1.1.5 COMMITTED SecureWay Directory Serverldap.client.rte 3.1.1.5 COMMITTED SecureWay Directory Clientldap.server.admin 3.1.1.5 COMMITTED SecureWay Directory Serverldap.server.com 3.1.1.5 COMMITTED SecureWay Directory Server
20 Java*20 Java,k4PTBYw:
48 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
1. + Tivoli PKI AIX f CD Ek53D CD-ROM }/wP#dkT
B|n20 CD:
mount /cdrom
2. dkTB|n|D?<:
cd /cdrom/aix/Java_1.2.2.ptf8
3. dkTB|n:
smitty install
4. !q20"|Bm~#
5. !qSnBICm~20M|B#
6. TZdkm~Dh8/?<!n,k!q .(dc)#
7. 4 Enter |#
8. 4 Enter |#
9. 4 F10 |#
10. dkTB|n,60 Tivoli PKI iJ#"vTB|n1,NNxL
<;ITCJ /cdromwDNN?V:
umount /cdrom
jI1,Q20BPD~:
Java_dev2.adt.debug 1.2.2.9 COMMITTED Java &CLr*"Java_dev2.adt.includes 1.2.2.0 COMMITTED Java &CLr*"Java_dev2.adt.src 1.2.2.9 COMMITTED Java `4zkJava_dev2.rte.bin 1.2.2.9 COMMITTED Java KP173Java_dev2.rte.lib 1.2.2.9 COMMITTED Java KP173
4( WebSphere Application Server }]b20 WebSphere Application Server0,Xk*d4( DB2 }]b#*
4(}]b,k4PTBYw:
1. T root C'G<#
2. dkTB|n:
su - db2inst1
3. 9CTB|nt/ DB2 XF(:
49Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
4.Z
AIXO20
Tivoli
PK
I
db2
4. dkTB|n,4("dC WebSphere Application ServerD}]b:
create database was_dbupdate db cfg for was_db using applheapsz 256
5. dk quit Kv DB2 XF(#
6. dk db2stop #9 DB2#
7. dk db2start t/ DB2#
8. dk|n exit Kv#
20 Web ~qwm~Tivoli PKI 9C IBM WebSphere Application ServerM IBM HTTP Server
'VdyZ Web D&\#*7#Q}720CZk Tivoli PKI ;p9
CD Web~qwLr,kq-K=hTZ AIX =(O20m~#Xk
ZF.20"aPDi~DzwO20m~#
k"b49 WebSphere_P\m!~qLrD\mgf,+9G;I\
R;h*9C|4\m Tivoli PKI !~qLr#
20 Tivoli PKI s,s20Lr+C Tivoli PKI XhDE"|B Web
~qw#t/ Web ~qw1,|+9C Tivoli PKI *K?Dx4(D
dCD~#
":k7#Q4iKZ303D:dC Web ~qwD IP p{;PXZ
Tivoli PKI gNZ Web~qwOdCKZDV[#g{kT;,D
=(dCKZ,dC Tivoli PKI T0Xkbyv#
20 WebSphere Application Server1. T root C'G<#
2. + WebSphere Application Server AIXf CD Ek CD-ROM }/w#
dkTB|n20 CD:
mount /cdrom
50 f> 3 "Pf 7.1
|
|
|
|
|
3. g{Z6L4P20,rXkZ<N X11 73P20 WebSphere#
dkTB|n<v*r*D WebSphere20LrD DISPLAY 73
d?,dP yourhost:0.0G53DJ15:
export DISPLAY=yourhost:0.0
4. 20 WebSphere:
a. dkTB|n|D?<:
cd /cdrom/aix
b. dkTB|nKP install.shE>#
./install.sh
c. Z06-10ZP,%wB;=#
d. Z020!n10ZP,!q(F20"%wB;=#
e. ZZ;v0!q&CLr~qwi~10ZP,!qyPi~"
%wB;=#
f. ZZ~v0!q&CLr~qwi~10ZP,!q IBM HTTPServer e~"%wB;=#
g. Z0}]b!n10ZP,S0}]b`M1B-Pm!q DB2"n4gBPvDVN:
}]b{:was_dbDB y?<:/home/db2inst1}]bC'j6:db2inst1}]b\k:yourpassword7O\k:yourpassword
dP yourpasswordGKP db2setup1dkD db2inst1\k#
h. Z02+TE"10ZP,dk53D root C'\k,7O|,
"%wB;=#
i. Z0!q?DX?<10ZP,%wB;=#
j. Z020!(!n10ZP,%wB;=#
k. ZB;v0ZP,%w7(,*<20z7#
":jIK=h+(Q8VS#
51Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
l. Z020jI10ZP,%wjI#
5. dkTB|n,60 WebSphereiJ#"vTB|n1,NNxL<
;ITCJ /cdromwDNN?V:
cd /umount /cdrom
jI1,Q20BPD~:
IBMWebAS.base.IBMApache 3.5.0.0 COMMITTED IBMWebAS.base * IBMApacheIBMWebAS.base.ITJ.Info 1.0.0.0 COMMITTED IBMWebAS.base * ITJ E"IBMWebAS.base.WASicon 3.5.0.0 COMMITTED IBMWebAS.base * WASiconIBMWebAS.base.admin 3.5.0.0 COMMITTED IBMWebAS.base * \m1IBMWebAS.base.samples 3.5.0.0 COMMITTED IBMWebAS.base * y>IBMWebAS.base.server 3.5.0.0 COMMITTED IBMWebAS.base * ~qwIBMWebAS.base.tivoli 3.5.0.0 COMMITTED IBMWebAS.base * tivoli
}6 WebSphere Application Server*+ WebSphere Application Server}6ALrY1T^)(PTF)4,
k4PTBYw:
1. + Tivoli PKI AIX f CD Ek53D CD-ROM }/wP#dkT
B|n20 CD:
mount /cdrom
2. dkTB|n|D?<:
cd /cdrom/aix/WebSphere-Standard-ptf4
3. S CD +yP WebSphere PTF4D~4F=zw* root C'_P4
mI(D53OD?<P#
4. dkTB|nKP install.shE>:
./install.sh
5 . a>1,8( W e b S p h e r e y?<#(#,K?<G
/usr/WebSphere/AppServer#
6. a>1,TZJb0kdkGqk*20 IHS WebServerPTF(y/n)1Xp0y1#
7 . a>1,8( W e b S p h e r eD5y76#(#,K?<G
/usr/HTTPServer/htdocs/en_US#Xp0y17O#
52 f> 3 "Pf 7.1
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{C IBM HTTP Server T/t/*{C IBM HTTP Server~qDT/t/&\,kw* root C'4P
TB=h#
1. dkTB|n|DA /etc ?<:
cd /etc
2. `-D~ inittab ">} ihshttpd Du?#>}u?s,#f inittab
D~#
3. #9 WebSphereI\Qt/D IBM HTTP Server~q#*5VK
&\,k4PTBYw:
a. dkTB|n,PvI\DxL:
ps -ef | grep http
b. j6xL /usr/HTTPServer/bin/httpd #
c. iR8xLj6(Ss_}Z~vVN)#
d. dk kill |n,#98xL#}g,
kill pid
dP pid G8xLj6#
t/ WebSphere Application Server20 Tivoli PKI 0,Xkt/ WebSphere Application Server#k4PT
BYw,t/ WebSphere Application Server:
1. dkTB|n|D?<:
cd /usr/WebSphere/AppServer/bin
2. dkTB|n:
./startupServer.sh &
3. dkTB|n|D?<:
cd /usr/WebSphere/AppServer/logs
4. dkTB|n"i4zYD~:
tail -f tracefile
53Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
14={"0*gSLqr* WebSphere Administration Server 1
1,t/ WebSphere Administration Server#
":jIK=h+(Q8VS#
5. 4 Ctrl + C Kv tail |n#
20 4758 -&mwzXkv(Gqk*9C IBM 4758 S\(T#$ CA r RA )p\
?#g{h*,rXkZF.20O$PDr"aPDD~qwOVp
20 47582~0dS\'VLr#g{ CA M RA $tZ,;(zw
O,r|GIT2m 47582~#
XZ20MhC 4758-&mwDE",kN< 4758z7D5#
20 Tivoli PKI*<20 Tivoli PKI 0,kDAz7"P5wDnBf>#*q!>D
5DnBf>,kCJ Tivoli PKI Web >c#
9CTB8<20 Tivoli PKI z7i~:
¶ Z,;v=(O20yP~qwLr(Z>}P* AIX)#
¶ g{T0Q20 IBM KeyWorks f> 1.1.1,rXkZ;,DzwO
20 Tivoli PKI,rZt/ Tivoli PKI 20Lr0}% KeyWorks
m~T0yPX*D&CLr#
¶ g{*Z`zdCPhC Tivoli PKI,rXkX420=h,1=Q
Z*20DzwO20K}7D~qwi~#XZx;=E",k
N<Z573D:`z208<;#
¶ 20 RA @f!&CLr1,WH20;v203s#;sXkV"
3sr9dZxgOIC,TcZC'ITSKP WindowsD>X
zwOKP20Lr#XZgN20"dCM6Xb)LrD8>
E",kND6Tivoli PKI RA @f8O7#
¶ g{20X8m~s,4XBt/53,rVZXBt/#20
Tivoli PKI 0,Xk7#73d?G}7D#
54 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
¶ 9C PING rm;vxg,S$_,i$wz{M IP X7GP'
D,"RTZxgDr{~q(DNS)~qw|GQ*D#
20 KeyWorks*20 IBM KeyWorks,kjITB=h:
1. T root C'G<#
2. + Tivoli PKI AIX f CD Ek53D CD-ROM }/wP#dkT
B|n20 CD:
mount /cdrom
3. dkTB|n|D?<:
cd /cdrom/kw
4. dkTB|n20 KeyWorks:
smitty install_latest
5. TZdkm~Dh8/?<!n,k!q .(dc)#
6. ZSnBICm~20M|B,4 Enter#
7. g{}ZLx20 Tivoli PKI,rITx}K=h#qrdkTB|
n,60 CD-ROM }/w:
umount /cdrom
jI1,Q20BPD~/:
sway.adt 1.1.3.1 COMMITTED IBM KeyWorkssway_vr.cst 1.1.3.1 COMMITTED @zzZ(F
20~qwm~*20~qwm~,k4PTBYw:
1. T root C'G<#
2. + Tivoli PKI AIX fEk CD-ROM }/w#dkTB|n20
CD:
mount /cdrom
3. dkTB|n|D?<:
cd /cdrom/usr/sys/inst.images
4. dkTB|n:
55Tivoli PKI hCkKP
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
smitty
5. !qm~20k,$#
6. !q20"|Bm~#
7. !qSnBICm~20M|B#
8. TZdkm~Dh8/?<!n,k!q .(dc)#
9. Z*20Dm~,4 F4 i4ICZ20DD~/Pm#
10. 9CBmw*8<,!qk*ZKzwO20Di~,"4 Enter#
ta.docD~/|,TBi.D HTML ozD~M Tivoli PKI D5:
¶ 6Tivoli PKI dC8O7
¶ 6Tivoli PKI "aPD@f8O7
ta.srvrD~/|,TBZ]:
¶ 4758-&mw'V
¶ O$PD
¶ KDD~
¶ 20 GUI
¶ 20$_
¶ "aPD
":g{zDzw;|, 47582~,r;*!q 4758-&mw'
V#9C F7,!qTX20h*DD~/#
D~{ i~ hv
tpki.srvr.ra "aPD~qw
(server)
20"aPD~qwm~,|,"a$
_h*DyPD~#
tpki.srvr.ca O$PDMsF
~qw
20O$PDMsFS53Lr#
tpki.srvr.core Tivoli PKI 20w Tivoli PKI b#
tpki.srvr.ic 20$_ 20 Tivoli PKI 20$_#
tpki.srvr.icg 20 GUI 20 Tivoli PKI 20 GUI#
RADInst.exe "aPD@f 20 Tivoli PKI RA @f!&CLrD
203s#(vCZ Windows NT)
56 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|||||
||||
|||
|||
|||
|||||
11. =K&,QjI Tivoli PKI 20#dkTB|n,60 CD-ROM}
/w:
cd /umount /cdrom
jI1,Q20BPD~/:
tpki.srvr.ca 3.7.1.0 COMMITTED IBM Trust Authoritytpki.srvr.core 3.7.1.0 COMMITTED IBM Trust Authority KDD~tpki.srvr.ic 3.7.1.0 COMMITTED IBM Trust Authoritytpki.srvr.icg 3.7.1.0 COMMITTED IBM Trust Authoritytpki.srvr.ra 3.7.1.0 COMMITTED IBM Trust Authoritytpki.doc.cfg 3.7.1.0 COMMITTED IBM Trust Authority dCtpki.doc.rad 3.7.1.0 COMMITTED IBM Trust Authority RA @ftpki.doc.usr 3.7.1.0 COMMITTED IBM Trust C'8O
`z208<>ZV[K20 Tivoli PKI TZ`zdCPKP1,z*<GD8<-
r#yV[DdCgB:
¶ =8 1 * RA ~qwZ;(zwO;CA"sFM Directory~qw
Zm;(zwO
¶ =8 2 * RA M Directory ~qwZ;(zwO;CA MsF~q
wZm;(zwO
¶ =8 3 * RA"sFM CA ~qwZ;(zwO;Directory~qw
Zm;(zwO
¶ =8 4 * RA ~qwZ;(zwO;CA MsF~qwZm;(z
wO;Directory ~qwZZ}(zwO
9CTBkzD Tivoli PKI zwdC`&D208<#
=8 1 * RA ~qwZ;(zwO;CA"sFM Directory ~qwZ
m;(zwO
RA ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Client
57Tivoli PKI hCkKP
|
|
||
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM WebSphere Application Serverj<f,f> 3.5
¶ + IBM WebSphere Application Serverj<f}6Af> 3.5 PTF 4
¶ {C IBM HTTP ServerT/t/
¶ t/ WebSphere Application Server
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic"tpki.srvr.icgM tpki.srvr.ra
CA"sF"Directory ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Serverf> 3.1.1.5
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic M tpki.srvr.ca
=8 2 * RA M Directory ~qwZ;(zwO;CA MsF~qwZm;(zwO
RA M Directory ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Serverf> 3.1.1.5
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM WebSphere Application Serverj<f,f> 3.5
¶ + IBM WebSphere Application Serverj<f}6Af> 3.5 PTF 4
¶ {C IBM HTTP ServerT/t/
¶ t/ WebSphere Application Server
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic"tpki.srvr.icgM tpki.srvr.ra
CA MsF~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
58 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
¶ IBM Directory Client
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic M tpki.srvr.ca
=8 3 * RA"sFM CA ~qwZ;(zwO;Directory ~qwZ
m;(zwO
RA"sFM CA ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Client
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM WebSphere Application Serverj<f,f> 3.5
¶ + IBM WebSphere Application Serverj<f}6Af> 3.5 PTF 4
¶ {C IBM HTTP ServerT/t/
¶ t/ WebSphere Application Server
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic"tpki.srvr.icg"tpki.srvr.ra
M tpki.srvr.ca
Directory ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Serverf> 3.1.1.5
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.coreM tpki.srvr.ic
=8 4 * RA ~qwZ;(zwO;CA MsF~qwZm;(zwO;Directory ~qwZZ}(zwO
RA ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
59Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Client
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM WebSphere Application Serverj<f,f> 3.5
¶ + IBM WebSphere Application Serverj<f}6Af> 3.5 PTF 4
¶ {C IBM HTTP ServerT/t/
¶ t/ WebSphere Application Server
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic"tpki.srvr.icgM tpki.srvr.ra
CA MsF~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Client
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic M ta.srvr.ca
Directory ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Serverf> 3.1.1.5
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.coreM tpki.srvr.ic
|DTYLr5v1k|DNN1!dC5(KPdC!&CLrrQdC53s^(
|DD5),E9CK}L#KP Tivoli PKI s20dCLr0,Xk
TyPTYLrxP|D#g{;k|DTYLr5,rLxZ623D
:KPs20dCLr;#
Tivoli PKI +TYLrw*s20}LD;?VKP#TYLrDdkG
{* createconfig_start.sql(|+1!50kdC}]b"Z ConfigDataTbl
60 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}]bmP4(}]bm(e)D SQL E>#Km|,yP Tivoli PKI
i~D53dC}]#;)Qt/dC}L,r^(|DK SQL E>P
D;)5#
":Z1!5I\ZYw73P<BJbDt1ivB,2ITZdC
0|D Tivoli PKI #eD~#XZ|`E",k*5 IBM 'Vz
m#
*|DTYLr5,k`- createconfig_start.sqlD~#KD~D1!;
CG /usr/lpp/iau/bin#
wvNN|D1,k9CBmw*8<:
¶ *|D DATABASE PATHNAME D5,Xk8(B;CD+76#
}g,/local/dbfsibm#
¶ Tivoli PKI RA"Directory\m1MsFS53D(P{F(DN)T
ZC'G8wD#g{k|D|G,r*7#v|D+2{F
(CN)tT#dCZd8(D CA DN bJCZz!qD CN#
VN{F hv 1!5
WS_RO_KEYSIZE Web~qw\?7\?
s!#KeySize 6YP
(eD!n 0 -3,g
B:
¶ 0 = 512
¶ 1 = 768
¶ 2 = 1024
¶ 3 = 2048
0
DATABASE
_PATHNAME
CA }]b5}5J$
t(CA i~)D+^
(76#
dbfsibm
DATABASE
_PATHNAME
sF}]b5}5J$
t(sFS53i~)
D+^(76#
dbfsadt
DATABASE
_PATHNAME
"a}]b5}5J$
t(RA i~)D+^
(76#
dbfspkrf
61Tivoli PKI hCkKP
4.Z
AIXO20
Tivoli
PK
I
VN{F hv 1!5
APP_DN T i v o l i P K I R A D
DN#;IT^D CN#
/ C = U S / O = Y o u r
Organizat ion/OU=Tivol i
PKI/CN=Tivoli PKI RA
APP_CERT
_LIFETIME
53PD RA $iD9
CZ,TB8(#
36
K5XkG 12 D6}#
APP_LDAP _DIR
ADMIN_DN
D i r e c t o r y \m1D
DN#;IT^D CN#
/ C = U S / O = Y o u r
Organizat ion/OU=Tivol i
PKI/CN=DirAdmin
APP_COMM
_PORT
&m"a$_r\M
Tivoli PKI RA .dD
(ED(EKZ#
29783
APP_SEC_MECH &CLrD2+zF#
1!5{C RA }]b
S\#+5hC* 1 I
tC}]bS\#
0
CA_IBM_CA_CERT
_LIFETIME
Tivoli PKI CA $iD
9CZ,TB8(#
360
K5XkG 12 D6}#
CA_IBM_ADMIN
_PORT
Tivoli PKI CA D\m
KZ#8(D59Xk
ZD~ irgAutoCA.ini.tpl
(;Z cfg ?<)PD
PORTu?8(#
1835
ADT_DN sFS53D DN#;
IT^D CN#
/ C = U S / O = Y o u r
Organizat ion/OU=Tivol i
PKI/CN=Tivoli PKI Audit
KPs20dCLr20 Tivoli PKI ~qwm~s,XkZ|, RA"WebSphereM HTTP
ServerD Tivoli PKI w~qwOKPs20dCLr CfgPostInstall#Z
KP20r<dC Tivoli PKI 0XkKPKLr#
62 f> 3 "Pf 7.1
||
||
KLrI4( Web~qwdCD~(httpd.conf),KD~JmC Tivoli
PKI yhDN}t/ Web ~qw#|,1<8KPdC!&CLrD
Web~qw"4( Tivoli PKI dCC'J'(cfguser)"4(dC}]
b"+1!dC}]2k}]b#
*KPs20dCLr,k4PTBYw:
1. (}dkTB|nT root C'G<:
su - root
2. dkTB|n|D?<:
cd /usr/lpp/iau/bin
3. dkTB|n:
./CfgPostInstall -i
4. a>1,hC cfguserJ'D\k"7O\k#
5. a>1,hCXFLrD\k"7O\k#
6. !q db2inst1w* DB2 5}D{F#dk5 1,k db2inst1T&#
":*jIK}L+(Q8VS#
s20lim9CTBlim,7#QITdC Tivoli PKI#XZKP20r<DE
",kND6Tivoli PKI dC8O7#
1. T root C'G<,"dkTB|n4(8]533s:
smitty mksysbsmitty savevg
2. *KPzZ+4DJbbv,k4(;vPm,CPm|,20Z
?(~qwODyPm~#T root C'G<,"dkTB|n:
#lslpp -al >tmp/sys_software.txt
3. g{;k9C Web ~qwKZD1!dC5,rXkZKP20r
<0dC IP p{#*534( CA $i1,dCLr+@5Zb)
5#XZ Tivoli PKI gNdCM9C Web~qwODKZCZ2+
MG2+BqDV[,kNDZ303D:dC Web ~qwD IP p
{;#
63Tivoli PKI hCkKP
|
|
|
4.Z
AIXO20
Tivoli
PK
I
4. v(zk*CZ Tivoli PKI CA 0dzmLr"Directory \m1M
Directory rootC'D(P{F#b) DN XkG(;D#
4i6Tivoli PKI dC8O7PD8<,T7#b)TsD DN 'V
Z{D$wcNa9#
5. jI;Z6Tivoli PKI dC8O7PD Tivoli PKI dC}]m%,T
ZdC530l$XkKbDE"#9Cm%G<XZ53DE
",}g~qwwz{MW!D(P{F#
KP8]5CLrTivoli PKI 8]5CLr(ta-backup)G#f4f"ZNN DB2 }]b
PDdC}]D$_#9+#f(zD~}](gD~mI()#9C
DB2 5CLr8] DB2 }]b#
8]5CLrS\;vj64k8]}]D?<DN}#K8]?<G
CZ#fyP}]D~Dy?<#*\b8]?<PD{Fe;,8]
5CLr+9CfZZ}#f53OD`,?<a94#fD~#
TB>}5wKLro(:
ta-backup -d backup_directory
dP b a c k u p _ d i r e c t o r yGCZ}]8]D?<#1!76G
/usr/lpp/iau/backup#
q-TBb)=h,QzKP ta-backup5CLr:
1. T root C'G<#
2. !q4( Tivoli PKI dC}]D8]?<#}g:
mkdir /usr/lpp/iau/my_tabackup
3. |DA Tivoli PKI bin ?<#1!76G /usr/lpp/iau/bin#
4. dkTB|n,8(#{+}]8]=N&:
ta-backup -d /usr/lpp/iau/my_tabackup
5. a>1,8(XFLr\k#
64 f> 3 "Pf 7.1
|
|
|
|
|
|
Z Windows NT O20 Tivoli PKI
>Ba)KZ Windows NT =(O20 T ivo l i Pub l i c Key
Infrastructure(PKI)0dX8z7D}L#
":Tivoli PKI f> 3.7.1;'V Windows NT#KE"vw*N<#
*<20 Tivoli PKI m~0,k7#QDAz7"P5wDnBf>#
*q!>D5DnBf>,kCJ Tivoli Public Key Infrastructure Web
>c#
":>BPDw*=hYhzGZ;N20 Tivoli PKI#20 Tivoli PKI
0,RG?RFvZ*<08]}]D~#XZ8]}]D~,k
N<Z793D:KP8]5CLr;PD8>E"#8]s,S|
nPKP CfgUnInstall,;sLx Tivoli PKI 20#
TBP3r20 Tivoli PKI m~:
1. xP Service Pack 5D Microsoft Windows NTYw53f> 4.0
2. Tivoli PKI }]bm~(Tivoli PKI D IBM DB2 (C}]b)
3. Sun Java Development Kit(JDK)f> 1.1.6r|_f>
4. IBM HTTP Server(IHS)f> 1.3.3.1,|,+V~q$_d(GSK)
5. IBM WebSphere Application Serverf> 2.0.3.1
6. IBM Directory Serverf> 3.1.1
7. Tivoli PKI ~qwm~,|,M'z&CLrM RA @fDKD~q
wLrM203s
5
65Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
`zdC
g{;Z,;(zwO20yPD~qwm~,rXhX4TB=
h,Z?vi~zwO20 Windows NTM Tivoli PKI }]bm
~#
hC Windows NTZF.20 Tivoli PKI m~DzwO20 Windows NT m~1,k9
CTB8<#g{T0Q20 Windows NT,rk9Cb)8<w*li
m,7#Q20yP Tivoli PKI i~XhDD~#
g{Z`zdCPhC Tivoli PKI,rXkZ?(F.20 Tivoli PKI ~
qwi~DzwO20 Windows NT#
¶ 20 Windows NT1,Xk20 TCP/IP-i#}G5P/,r{
~q(DNS)~qw,qr^(9C/,wzdC-i(DHCP)#
¶ 9CTB8<tC,S:
v 7#QVd IP X7Mwz{,"R|GGL(D#
v 7#_P IP ,S#}g,bT PING m;(zwD\&#
v 7# DNS Mfr DNS }Z}7Yw#}g,7#|n pinghostname Ibv}7D IP X7,R ping -a IPaddress Ibv
}7Dwz{#
¶ 7#zw_P temp?<#g{ temp?<;fZ,r4(;v#*
lir4( temp?<,dk|n md %temp%#g{?<fZ,53+T>{"0S?<rD~}/w:™EMP Q-fZ1#qr,53
+4( temp?<#
¶ +zwDibZfAYhC* 400 MB:
1. !q*< → hC → XFfe#
2. +w53,"!qT\!n(#
3. ZibZfxr,%w|D#
66 f> 3 "Pf 7.1
4. +u<s!5|D* 400 MB "+nss!|D* 500 MB#
5. %whC#
6. %w7(,XUT0r#
7. %w7(,XU053tT10Z#
8. %wG,XBt/Fcz#
¶ 4(w* Tivoli PKI dCC'D Windows NTC'#dCLr9C
KC'{M\k4(XhD}]b"dC53#9C Windows NT\
m$_hCKC',gBy>:
1. S\m$_Lri,KPC'\mw#
2. (}4F\m1J'(;vT>0\m11u?"4 F8)mSJ' cfguser #C'Xk_P Windows NT\m1X(#
3. dk cfguserD\k,YNdk`,\kT7O#
4. !{!qC'XkZB;NG<1|D\k#
5. %w7(#
*KC'{8(D\k$HXk}C* 8 vV{#*E/2+
T,Xk8(;v;\4v5J%JDV{.#\k2Xk9C
s!4lODV{,RAY|,;v}V#
v 7#G!KC'{M\k#20MdC531,+h*8(|,
KPX( Tivoli PKI 53\m$_12I\ah*|#
v g{F.Z`zdCP20 Tivoli PKI,k7#Z?(zwO4(
`,DC'{M\k#
LxxP Tivoli PKI 200,&1<G8] Windows NT 53#5P
8]3s+9zZvVJbDivBIV453#IT9C Windows NT
\m$_a)D8]Lr4(533s#2IT9Cm;vz!qDJ
CZ WindowsD8]Lr#
67Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
20}]bm~Tivoli PKI 9C IBM DB2 (C}]bm~\m}]#k Tivoli PKI ;
pa)Dm~rcvCZ Tivoli PKI &CLr#g{k*(F}]bm
~,r+dCZ} Tivoli PKI TbDz7,rXk:r IBM DB2 s5
f,f> 5.2 Dj+f>DmI$,"&C^)| 10#
9CTB}L20}]bm~#g{Z`zdCPhC Tivoli PKI,rX
kZ?(F.20 Tivoli PKI ~qwi~DzwO20 Tivoli PKI }
]bm~#
1. + Tivoli Public Key Infrastructure NTf CD Ek CD-ROM }/
w#
2. !q*< → KP#
3. %w/@,|DA CD-ROM }/w#
4. KP setup.exe#
5. Z0!q20oT10ZP,!qK20DoT,"%w7(#
6. 4i06-10ZPDE","%wB;=#
":g{KzwOQ-fZ DB2 "R|D6p}7,rLr+0x
A020jI10Z#ZK&,%wjI,jI20#
7. Z0!q?DX;C10Z,%wB;=T9C1!2076,r
!qk*20m~D}/wM?DXD~P,;s%wB;=#
(1!76,c:\Program Files\IBM\Trust Authority,GIS\D#)
8. Z08(}]b\m110ZP,dk}]b\m1DC'{M\
k,YNdk\k7O,"%wB;=#b=vu?D(i5G
db2admin #
9. Lr*<20}]bm~#K}LI\h*8VS#
10. Z020jI10ZP,%wjITjI20#
68 f> 3 "Pf 7.1
20 Web ~qwm~Tivoli PKI 9C IBM WebSphere Application ServerM IBM HTTP Server
'VdyZ Web D&\#*7#Q}720 Web ~qwLrCZk
Tivoli PKI ;p9C,kq->ZPD=hTZ Windows NT=(O2
0m~#XkZF.20"aPDi~DzwO20m~#
Z Tivoli PKI AIX fM NT f CD O,Tivoli PKI |, WebSphere
Application ServerD|Bf>#9C WebSphere Application Serverf
> 2.02 CD 20 IBM HTTP Server,"9C Tivoli PKI CD 20
WebSphere Application Server#
k"b49 WebSphere_P\m!~qLrD\mgf,+9G;I\
R;h*9C|4\m Tivoli PKI !~qLr#
20 JDK*20 JDK,k4PTBYw:
1. + WebSphere Application Serverf> 2.0.2 CDek CD-ROM }
/w#
2. |DA \NT\jdk ?<,"KP JDK setup.exeLr#
3. Z06-10ZP,%wB;=#
4. Z0m~mI$-i10ZP,DA-i"%wGS\|#
5. Z0!qi~10ZP,S\1!!q(LrD~"bM7D~T
0]>!&CLr)#%wB;=9C1!2076,r!qk*2
0 JDK D}/wM?DXD~P,;s%wB;=#(1!76I\
GIS\D#)
6. Z0*<4FD~10ZP,4iz!qD!n"%wB;=L
x#
7. Z020jI10ZP,%wjI#
8. T>TvD~1,k4i|#
20 IBM HTTP Server*20 IBM HTTP Server,k4PTBYw:
69Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
1. + WebSphere Application Serverf> 2.0.2 CDek CD-ROM }
/w#
2. |DA \NT\httpd ?<,"KP IHS setup.exeLr#
3. Z06-10ZP,%wB;=#
4. Z0m~mI$-i10ZP,DA-i"%wGS\|#
5. Z0!q?DX;C10ZP,!q1!2076r8(;v#
6. %wB;=#
7. Z020`M10ZP,!q(F"%wB;=#
8. Z0!qi~10ZP,P=v0q:s0qPvKi~/D{
F;R0qPvKiIx(i~/Di~#!qs_Db"!{!
qR_D Apache 4#g{;k20D5,,1!{!q|#%w
B;=Lx#
9. Z0!qLrD~P1K%P,%wB;=,S\1!LrD~
P,rdkk*9CDD~P{F,;s%wB;=#
10. Z0~qE"2010ZP,dkC'j6 cfguser,"dk*KJ'4(D\k,7O\k,;s%wB;=#
11. Z020jI10ZP,IT!qVZXB}<9GTsXB}
<#!qTsXB}<(q),;s%wjI#
":20 IBM HTTP Servers,Xk+~qw~qhC*V/,Tc~
qw;w*~qt/#k4PTBYw:
1. !q*< → hC → XFfe#
2. +w~q"!q IBM HTTP Server ~q#
a. %w#9(g{Q-t/)#
b. %wt/,"+t/`M|D*V/#
c. %w7(#
d. %wXU,Kv0XFfe1#
20 WebSphere Application Server*20 WebSphere Application Server,k4PTBYw:
70 f> 3 "Pf 7.1
1. + Tivoli Public Key Infrastructure AIXfM NT f CD Ek
CD-ROM }/w#
2. |DA \WinNT\WebSphereAS-2031?<,"KP was2031.exeLr#
3. Z WebSphere Application Server0ZP,%wB;=#ITvTX
Z#9 HTTP ServerD/f#
4. Z0!q?j?<10ZP,%wB;=S\1!2076,r!
qk*20m~D}/wM?DXD~P,;s%wB;=#
5. Z0!q&CLr~qwi~10ZP,I!q!{!qD5My
>;yPd|i~<GXhD#%wB;=Lx#
6. Z0!q Java Development KitrKP17310ZP,7#!q
K Java Development Kit 1.1.6 ,;s%wB;=#
7. Z0!q&CLr~qwe~10ZP,!q IBM HTTP Server f> 1.3.3.x,;s%wB;=#
8. Z0!qLrD~P10ZP,%wB;=,S\1!LrD~
P,rdkk*9CDD~P{F,;s%wB;=#
9. Z0dC IBM HTTP Server10ZP,7#T>Q20 IBM HTTP
Server \conf?<;CD}776,;s%w7(#
10. Z020jI10ZP,%wjI#
11. T>TvD~1,k4i|#
12. Z0XBt/ Windows10ZP,IT!qVZXB}<9GTsX
B}<#!qG,VZXB}<,;s%w7(#
hC IP p{Z303D:dC Web~qwD IP p{;V[K Tivoli PKI gNZ Web
~qwOdCKZT&m2+MG2+Bq#g{k9C;,DdC,
r9C IP p{(eG)KZ#
71Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
20 IBM DirectoryTivoli PKI 9C IBM Directory f"",$XZ(}"a$_)"D$
iDE"#9CTBBZPD=h,20"hC Directorym~#ITZ
6LzwOrZF.20 Tivoli PKI ~qwi~D,;(zwO20K
m~#
20 Directory m~*20 Directory m~,k4PTBYw:
1. + IBM Directory Server CDek CD-ROM }/w"KP setup.exe
Lr#
2. Z!q20oT0ZP,!q20oT"%wB;=#
3. Z06-10ZP,%wB;=#
4. Z0!qi~10ZP,!q20 SecureWay Directory MM'
z SDK "%wB;=#
5. Z0!q?DX;C10Z,%wB;=T9C1!2076,r
8(;,D;C,;s%wB;=#g{SU=XZ20Vx;G
NTFS VxD{",r%w7(Lx#
6. Z0D~P!q10ZP,%wB;=S\1!LrD~P,r8
(;,DD~P{F,;s%wB;=#
7. Z0dC10ZP,e}+?Dr"%wB;=#
8. Z0*<4F SecureWay DirectoryMM'z SDK DD~10ZP,
4i!q"%wB;=#
9. a>1,%wG,i4TvD~#4is,XU0Z#
10. Z020jI10ZP,IT!qVZXB}<9GTsXB}
<#!qG,VZXB}<,;s%wjI#
":Z`zdCP,KP Tivoli PKI dC!&CLr0,?v Tivoli PKI
~qw<Xk20 DirectoryM'zm~#*20Km~,}KUE
Q20 Directory ~qwm~Dzw,XkZd|D?(zwOS
Directory Server CD-ROM20 Directory Client!n#Xk20Z
?(zwODX|D~G ldap.dll M ldaploc1.dll#
72 f> 3 "Pf 7.1
k Tivoli PKI ;p9C Directory20rdC Tivoli PKI ~qwi~0,h*Kb Tivoli PKI GgNk
Directory;%wCD#*Kb Directory#=hsT0gN* Tivoli PKI
dC Directory,kN<6Tivoli PKI dC8O7#
7O53hC20 Tivoli PKI 0,k4PTBYwT7#~q&ZgBy>D4,#
1. w* Tivoli PKI dCC'(dMivB* cfguser)G< Windows
NT#
2. !q*< → hC → XFfe#
3. +w~q"7OTB4,#=v;vT>D~qhCGX|D:
DB2 - DB2 Qt/ T/DB2 - DB2DAS00 Qt/ T/DB2 Governor V/DB2 JDBC Applet Server V/DB2 Security Server V/IBM HTTP Server V/WebSphere Servlet Service V/
4. %wXU,Kv0XFfe1#
20 Tivoli PKI9CTB8<20 Tivoli PKI z7i~#
¶ XkZ,;v=(O20yP~qwLr(Z>}P* Windows
NT)#
¶ g{T0Q20 IBM KeyWorks f> 1.1.1,rXkZ;,DzwO
20 Tivoli PKI,rZt/ Tivoli PKI 20Lr0}% KeyWorks
m~T0yPX*D&CLr#
¶ g{*Z`zdCPhC Tivoli PKI,rXkX420=h,1=Q
Z*20DzwO20KyP~qwi~#
¶ 20 RA @f!&CLr1,WH20;v203s#;sXkV"
3sr9dZxgOIC,TcZC'ITSKP WindowsD>X
zwOKP20Lr#XZgN20"dCM6Xb)LrD8>
E",kND6Tivoli PKI RA @f8O7#
73Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
¶ g{20X8m~s,4XBt/53,rVZXBt/#20
Tivoli PKI 0,Xk7#73d?G}7D#
¶ 9C PING rm;vxg,S$_,i$wz{M IP X7GP'
D,"RTZxgD DNS ~qw|GQ*D#
20~qwm~*20~qwm~,k4PTBYw:
1. 9C*K?Dj6DC'{M\k(dMivB* cfguser),G<
Windows NT#g{h*,kNDZ663D:hC Windows NT;q
!oz#
2. XUyPn/DLr#
3. + Tivoli Public Key Infrastructure AIXfM NT f CD Ek>X
,SD CD-ROM }/w#
4. !q*< → KP,%w/@,|DA CD-ROM }/w"KP
setup.exe#}g:
}/w:\WinNT\TrustAuthority\setup
g{*ZsZ 256 MB ZfDzwOKP20Lr,rXkmS /z
*XT{CZfli#}g:
}/w:\WinNT\TrustAuthority\setup /z
5. Z0!q20oT10ZP,!qK20DoT,"%w7(#1
!5*"o#
6. 4i06-10ZODE","%wB;=#
7. g{Q20 IBM DB2 D@"f>,x;Gf Tivoli PKI a)Df
>,rvV0!q?DX;C10Z#g{kZ1!;C
(c:\Program Files\IBM\Tivoli PKI)20m~,r%wB;=#q
r,k%w/@,!qrdk;,D?jD~P,;s%wB;
=#
8. Z0!qi~10ZP,9CBmw*8<#lik*20Di
~,e};k20Di~,"%wB;=#
74 f> 3 "Pf 7.1
i~ hv
Tivoli PKI M"aPD
~qw
20w Tivoli PKI LrM"aPD~qwm~,|
,"a$_h*DyPD~#
O$PDMsF~qw 20O$PDMsFS53Lr#
Directory ~qw 20 Tivoli PKI i~k Directory `%wCyhDm
~#
"aPD@f 20 Tivoli PKI RA @f!&CLrD203s#
":
¶ K&,+I20Lr7(Gq*20!qDi~yhDm~"
9C}7Df>6p#g{X8Lr;IC,r20Lr+K
v#20X8m~,;sYNt/20}L#
¶ *<8}]bdC,20Lr9*i$TdG<DC'{#g
{C'{$Z 8 vV{,r20LrKv#CHZ 8 vV{r
YZ 8 vV{DC'{G<,;sYN*<20}L#
¶ g{!q Tivoli PKI M"aPD~qw,R20Lrlb=`vf>D IBM WebSphere Application Serverr IBM HTTP
ServerIC,r+a>z!q*9CDf>#
9. g{*Z1!LrD~P(Tivoli PKI)P4(Lr<j,kZ0!
qLrD~P10ZP%wB;=#qr,dkr!qz*9CD
D~PD{F,;s%wB;=#
10. Z020jI10ZP,%wjIT*<20}L#53+D~4
F=ksD;C"KP8vLrjI Tivoli PKI 20#
11. 20m~s,XBt/53#
|DTYLr5v1k|DNN1!dC5(KPdC!&CLrrQdC53s^(
|DD5),E9CK}L#KP Tivoli PKI s20dCLr0,Xk
TyPTYLrxP|D#
Tivoli PKI +TYLrw*s20}LD;?VKP#TYLrDdkG
{* createconfig_start.sql(|+1!50kdC}]b"Z ConfigDataTbl
75Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
}]bmP4(}]bm(e)D SQL E>#Km|,yP Tivoli PKI
i~D53dC}]#;)Qt/dC}L,r^(|DK SQL E>P
D;)5#
":Z1!5I\ZYw73P<BJbDt1ivB,2ITZdC
0|D Tivoli PKI #eD~#XZ|`E",k*5 IBM 'Vz
m#
*|DTYLr5,k`- createconfig_start.sqlD~#KD~D1!;
CG c:\Program Files\IBM\Trust Authority\bin#
wvNN|D1,k9CBmw*8<:
¶ TZ Windows NT,;\|D DATABASE PATHNAME 5#
¶ Tivoli PKI RA"Directory\m1MsFS53D(P{F(DN)T
ZC'G8wD#g{k|D|G,r*7#v|D+2{F
(CN)tT#dCZd8(DO$PD(CA)DN b+JCZz!
qD CN#
VN{F hv 1!5
WS_RO_KEYSIZE Web~qw\?7\?
s!#KeySize6YP(
eD!n 0-3,gB:
¶ 0 = 512
¶ 1 = 768
¶ 2 = 1024
¶ 3 = 2048
0
APP_DN Tivoli PKI RA D DN#
;IT^D CN#
/ C = U S / O = Y o u r
Organization/OU= Tivoli
PKI/CN= Tivoli PKI RA
76 f> 3 "Pf 7.1
VN{F hv 1!5
APP_CERT_LIFETIME 53PNNG CA $i
(}gC'"~qwr
RA $i)D9CZ,T
B8(#8(D59X
kZ jonahca.ini.tplM
jonahra.ini.tplD~P8
(#
36
APP_LDAP _DIRADMIN
_DN
D i r e c t o r y \m1D
DN#;IT^D CN#
/ C = U S / O = Y o u r
Organization/OU =Tivoli
PKI/CN= DirAdmin
APP_COMM_PORT &m"a$_r\M
Tivoli PKI RA .dD(
ED(EKZ#
29783
APP_SEC_MECH &CLrD2+zF#
1!5{C RA }]b
S\#+5hC* 1 I
tC}]bS\#
0
C A _ I B M _ C A _ C E R T
_LIFETIME
Tivoli PKI CA $iD9
CZ,TB8(#
360
CA_IBM_ADMIN_PORT Tivoli PKI CA D\mK
Z#8(D59XkZ
D~ irgAutoCA.ini.tpl
(;Z cfg ?<)PD
PORTu?8(#
1835
ADT_DN sFS53D DN#;
IT^D CN#
/ C = U S / O = Y o u r
Organization/OU =Tivoli
PKI/CN =Tivoli PKI
Audit
KPs20dCLr20 Tivoli PKI ~qwm~s,XkKPs20dCLr CfgPostInstall#
ZKP20r<dC Tivoli PKI 0XkKPKLr#
KLrI4( Web~qwdCD~(httpd.conf),KD~JmC Tivoli
PKI yhDN}t/ Web ~qw#|,1<8KPdC!&CLrD
Web ~qw"4(dC}]b"+1!dC}]2k}]b#
77Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
*KPs20dCLr:
1. T Tivoli PKI dCC'm] cfguserG<#
2. 7#~qwOfZ temp?<,"GI73d? %TEMP%(eD#
3. !q*< → Lr → Tivoli Public Key Infrastructure → s20dC#
4. dkKv,XU0Z#
CfgPostInstalla>zi$ cfguserJ'\k(|G4(J'1hCD),
;sa>zhC"7OXFLr\k#cfguser\k+XFT cfguserJ
'M CfgAppletr<3fDCJ#XFLrD\kI^FTXFLrDC
J#RGFvXFLr9Ck cfguser;,D\k#z4(D cfguser\
kXkGP'D53\k,d$H;,} 8 vV{#
s20lim9CTBlim,7#QIT*<dC Tivoli PKI#XZKP20r<D
E",kND6Tivoli PKI dC8O7:
1. 9CW!D Windows NT$_8]1053#
2. *KPzZ+4DJbbv,k4( Windows "amD8]1>T
7#_PyPQ20m~DPm#
3. g{;rc9C Web ~qwKZD1!dC5,rXkZKP20
r<0dC IP p{#*534( CA $i1,dCLr+@5Zb
)5#XZ Tivoli PKI gNdCM9C Web~qwODKZCZ2
+MG2+BqDV[,kNDZ303D:dC Web~qwD IP p
{;#
4. v(zk*CZ Tivoli PKI CA 0dzmLr"Directory \m1M
Directory rootC'D(P{F(DN)#
4i6Tivoli PKI dC8O7PD8<,T7#b)TsD DN 'V
Z{D$wcNa9#
5. jI;Z6Tivoli PKI dC8O7PD Tivoli PKI dC}]m%,T
ZdC530l$XkKbDE"#9Cm%G<XZ53DE
",}g~qwwz{MW!D(P{F#
78 f> 3 "Pf 7.1
6. *KozdC,4PTB=hZF.KP20r<DzwOhC;
vOsD,Iv/D MS DOS73#ZdM73P,DOS0Z^v
/u,xRvITT> 24 PE":
a. w* Tivoli PKI dCC'G<(dMC'* cfguser)#
b. !q*< → hC → XFfe#
c. +w MS DOSXF(#
d. !q<V!n(#
e. ZA;:exs!?V,+_HAYhC* 1000(IT8(ns
5 9999TZDNN})"%w7(#
KP8]5CLrTivoli PKI 8]5CLr(ta-backup)G#f4f"ZNN DB2 }]b
PDdC}]D$_#9+#f(zD~}](gD~mI()#9C
DB2 5CLr8] DB2 }]b#
8]5CLrS\;vj64k8]}]D?<DN}#K8]?<G
CZ#fyP}]D~Dy?<#*\b8]?<PD{Fe;,8]
5CLr+9CfZZ}#f53OD`,?<a94#fD~#
TB>}5wKLro(:
ta-backup -d backup_directory
dP -d backup_directory GCZ}]8]D?<#1!76G
/usr/lpp/iau/backup#
k4PTBYw,QzKP ta-backup5CLr:
1. T cfguserm]G<#
2. !q4(k*8] Tivoli PKI dC}]D?<#}g:
mkdir "c:\Program Files\IBM\Trust Authority\my_tabackup"
3. |DA Tivoli PKI bin ?<#1!76G c:\Program Files\IBM\Trust
Authority\bin#
4. dkTB|n,8(k*8]}]DxT76:
79Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
ta-backup -d "c:\Program Files\IBM\Trust Authority\my_tabackup"
80 f> 3 "Pf 7.1
dC Tivoli PKI
20 Tivoli Public Key Infrastructure(PKI)~qwm~s,Xk8(d
C5,TXFi~ZzD>cgNhC#}g,h*j6~qwLrD
;C,8((P{F(DN),"hC"ar#
dC}LP,53+5#fZIdvDD~P#K&\ThC`v9C
,;=(R_P`FdCD Tivoli PKI 5}GPCD#20BD Tivoli
PKI 5}1,I<k#fD5,TCwdCB53Dy<#
Tivoli PKI z7|,20r<,|G;v8(dC!nD!&CLr#*
<dC Tivoli PKI 53.0,h*KbdC}L,"v(*gNhCz
73PD53#zh_8XZzD53ZKP20r<1ICD*6#
9h*7#Z"T9C53.0,53Q}7dC#
6Tivoli PKI dC8O7hvKgN<8dC"8(dC!nM<8CZ
z773PD53#}g,||,:
¶ $wm,ozzZt/20r<.0U/E"#
¶ 9C DN `-w48(P'(P{FD8<#
¶ + Tivoli PKI "<xC'Ee.0,z&I!D=hD(i#k"b
3)X(=h(}g|D~qw\kM8]BdCD53)GG#
X|D#
¶ 6Xm~D}L#
hFCZ Web 73PD6dC8O7a):
6
81Tivoli PKI hCkKP
6.dC
Tivoli
PK
I
¶ frNqDE",}g0gNhC6Li~?1r0gNi$d
C?1
¶ EnTDE",}g02vXZ"arDE"1r02vXZ
Directory DE"1#
¶ N<E",}g9C20r<1I8(D5Dj8hv#
I(}TBNN==CJ6dC8O7:
¶ t/20r<s,%wNNoz4%,;sZi4*zoz1%w
CiD<j#
¶ S Tivoli Public Key Infrastructure Web>c:
http://www.tivoli.com/support
82 f> 3 "Pf 7.1
kE
20MdC Tivoli Public Key Infrastructure(PKI)53.s,zh*K
bXZ\m|"9C|a)D<NC'gfDE"#TBBZ*z8v
IozzkE Tivoli PKI DD5#z&4ib)D5,TKbgN4P
TB`MDNq:
¶ w{53Yw,G+.#$p4Tczz9G4P}ZxPDT\
w{#
¶ KP RA @f,T\m)"D$iM$iks#
¶ 9C"a$_a)D/@wGGm%4q!$i#
¶ (F"a}L,}g^DCZGGD HTML m%r|,;,$i`
MD'V#
53\mTivoli Public Key Infrastructurea)K8V$_,Tozz\m53#|
|,:
¶ CZZ2+"\k#$D==Bt/M#9~qwi~D5CL
r#
¶ CZhCIEi~LrD2+\kD5CLr#
¶ CZZ(\mC'T9C RA @fD5CLr#
¶ 9 Tivoli PKI O$PD(CA)\km; CA ;fO$r(" CA c
Na9D5CLr#
¶ CZlisF}]bMi5DsFG<j{TD5CLr#
7
83Tivoli PKI hCkKP
7.kE
¶ CZi5M)psF}]bD5CLr#
¶ <B root C' CA \?S;vG9\D\?T*v=B;v CA \
?TD5CLr#
¶ *O$DC'T Tivoli PKI wC;NM\ks`v}V$ia)K2
+=(D5CLr/#
Tivoli PKI System Administration GuideG<Kb)5CLr"a)\m
D8<#}g,||,\m~qwi~0dwT}]bD(i#|2G
<K(853hC"+.#$p4TCZzz73XkI!D=h#
hF*CZ Web 73P,System Administration Guidea):
¶ frNqDE",}g0gN#953?1r0gNi5sF}]
b?1
¶ EnTDE",}g02vXZ;f$wDE"1"02vXZ
Tivoli PKI CA DE"1,r02vXZIsFB~DE"#1
¶ N<E",}gdCD~N}Dj8hv#
*CJ System Administration Guide,kCJ Tivoli Public Key
Infrastructure Web>c:
http://www.tivoli.com/support
RA \m
RA ~qw+XZGGksMQ)"$iDG<f"ZS\D"a}]b
P#@@GGksM\m}]bG<DNqI(}LrT/&m,rI
\m1K*&m#
Tivoli PKI a)!&CLr RA @f,b9Z(D"a1&m$iks
MTQ)"$ixPYwdC]W#
RA @f'VTBdMD\mNq:
¶ &m}ZH}K<DGGks
¶ |D+*''D$iDP'Z
¶ 7($iGq\|B
84 f> 3 "Pf 7.1
|
|
|
|
¶ Y1]R$i
¶ @C7z$i
6Tivoli PKI "aPD@f8O7hvK RA @f!&CLr#
hF*CZ Web 73P,6RA @f8O7a):
¶ frNqDE",}g0gN20 RA @f1"0gNlw+*''
$i/?1r0gNi4T$iI!DYwz7?1
¶ EnTDE",}g02vXZ"arDE"1r02vXZ$i
P'ZDE"#1
¶ N<E",}g9C RA @f1"a1I8(D5Dj8hv#
I(}TB==CJ6RA @f8O7:
¶ t/ RA @fs,%wNNoz4%,;sZi4*zoz1%wC
iD<j#
¶ S Tivoli Public Key Infrastructure Web>c:
http://www.tivoli.com/support
"aM$w9Ck"a$_;pa)D/@wGGm%,I=cX"a/@w"~
qwMh8$i#ksK<1,T/BX$i#2I9C/@wm%4
$"aIC PKIX &CLr49CD$i#$"aksK<1,a)D
E"9z\Z=c1dq!$i#
6Tivoli PKI C'8O7hvK/@wGGm%"|,:
¶ frNqDE",}g0gNGG/@w$i?1r0gN|B+
*''D$i?1
¶ EnTDE",}g02vXZ$"aDE"1r02vXZ~q
w$iDE"1#
ISTB Tivoli Public Key Infrastructure Web>c4CJ6C'8O7:
http://www.tivoli.com/support
85Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
7.kE
(F
Tivoli PKI *zkgN5Vzi/D"a}La)KinT#}g,|J
mzXFTB`MDn/:
¶ /@wGGm%O9CDoTb[
¶ $w_T
¶ "Mx"a$iDC'D(*EZ]
¶ &m;,`MT/&mD_TvZ
Tivoli PKI Customization GuidehvKI(F"a$_D;,=("|
,:
¶ frNqDE",}g0gNmSGGVN?1r0gN|D$i
E*D~?1
¶ EnTDE",}g02vXZ$"aDE"1"02vXZ5q
_TDE"1,r02vXZCJXFDE"#1
¶ N<E",}g$i`MM"a$_dCD~Dj8hv#
*CJ Customization Guide,kCJ Tivoli Public Key Infrastructure Web
>c:
http://www.tivoli.com/support
86 f> 3 "Pf 7.1
|
|
Jcm
>Jcm(eK>iPBDr;#CDuoMu4T0A_PK$Du
o#UkDuoM(e4T:
¶ 6nB IBM Fcz<uGd7,&<:McGraw-Hill,1994#
¶ 6@zzRj<E"53Vd7,@zzRj<-a X3.172–1990,
@zzRj<-a(ANSI),1990#
¶ 6#{Jbbp7,f> 3 . 0,S{#aG:R S A D a t a
Security,Inc.,1998#
2A3
2+gS;W(Secure Electronic Transaction ,SET)G;VZ;IExgOxP=c2+DEC(rhG('6D$5j<#IZ
Cj<+*s$iD"P,yT|aOKV(K"LRM"(xPDm]O
$#
2+"Pc((Secure Hash Algorithm ,SHA-1)|GI NIST M NSA hFD;Vc(,M}V){j<;p9C#Kj<G2
+"Pj<;SHA GKj<9CDc(#SHA zz;v 160 ;D"P5#
2+WSVc(Secure Sockets Layer ,SSL)xPTnUC'!I\8wDZC2+~qD IETF j<(E-i#|a)K;
u}V/2+(E(@#
P SSL &\D~qw(#Zk HTTP j<;,DKZOS\ SSL ,Sks#
Z=(wFbwwd;;EET("(EZd,SSL4(a0,K}L;h"z
;N#ZK.s,(EMS\K#E"j{Tli+;1Lx= SSLa0ax#
2+Tr(security domain )I,;v CA 4O$$iDi(+>"$wirES"L}gr~.)#I CA
)p$iDC'ITENd{IK CA )p$iDC'#
2B3
#\T(privacy )@94Z(D}]96#
87Tivoli PKI hCkKP
Jcm
>XoT'V(National Language Support ,NLS)z7Z?T;,oT73D'V,b|(oT"uR"UZM1dq=T0}
Vm>==#
j<(CjGoT(Standard Generalized Markup Language )
CZhvjGoTD;Vj<#HTML MGyZ SGML D#
;IqOT(non-repudiation )9C}V(C\?\bD~"PLJbqOTD5D)p#
2C3
Ywz7(action history )>$P'ZP}[DB~#
_TvZ(policy exit )Z"a$_P,I"a&CLrwC"i/(eDLr#Z?v_TvZP8
(Dfr,|Qi/DLqM2+T!n&C=GG}LP#
cNa9(hierarchy )EN4PDO$PD(CA)Di/,TT)p CA r%KDy*<,"T)"$
ixnUC'D CA ax#
,D>(hypertext )|,%J"Lor<NDD>,A_IT(}sjcwTlwMT>m;vD
5#byD%J"Lor<NF*,4SD>#y=lw,D>,MG4S=
CD>#
,D>jGoT(Hypertext Markup Language ,HTML)T Web 3f`kDjGoT#|yZ SGML#
,D>Bq&m-i(Hypertext Transaction Protocol ,HTTP)(} Web *F,D>D~DrXxM'z/~qw-i#
iso(m>( 1(Abstract Syntax Notation One ,ASN.1);V ITU F(Dm>(,CZ(eE"}]Do(#|(eKm`r%D}]`
M,R*j6b)`MM5w|GD58(Km>(#1h*(eE"Dis
o(1,<IT&Cb)m>(,+;C\+Mb)E"D`k==D<x#
+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol ,TCP/IP);i'V>XxMcrxDcTc,S&\D(E-i#
88 f> 3 "Pf 7.1
2D3
zm~qw(proxy server )ZksCJDFcz(Fcz A)M;CJDFcz(Fcz B).dDPi#
rK,g{nUC'ksFcz A DJ4,rks;(r=zm~qw#zm~
qwrFcz B ks"q!l&,YQl&*"xUKC'#(}Z?@p=4
CJr,xJ4D}LPzm~qwpEX*DwC#
zk)p(code signing );VC}V){)pI4PLrD<u#zk)phFC4DxV<ZrXx
ODm~DI?T#
GG(enrollment )Z Tivoli PKI P,q!ZrXx9CD>$D}L#GG|($iDks"a"
|BM7z#
GGd?(enrollment variable )kNDGGtT(enrollment attribute)#
GGtT(enrollment attribute )
|,ZGGm%PDGGd?#|D543KGGZd6qDE"#GGtT
D5Z>$9CZZG;dD#
gS3W(e-commerce )LR=LRD;W#|,(kKM"a)L")&LMd{K)ZrXxOr
tL7M~q#|GgSLqDw**X#
gSLq(e-business )(}xgMFczxPL5;W#||(rtL7M~q#9|((}}V(
E*FJp#
%c CA(top CA)Z PKI CA cNa9%cD CA#
TF\ku(symmetric cryptography )
9C`,D\?4S\Mb\D\ku#|D2+T!vZ\? * \?9\M
b6NNK<IT`kMbk{"#;P1\?#\,(EEG#\D#kT
UGTF\ku(asymmetric cryptography)#
TF\?(symmetric key )ITS\`Ib\D\?#m{TF\ku(symmetric cryptography)#
89Tivoli PKI hCkKP
Jcm
Ts(object)ZfrTsDhF`LP,k}]`XDisb0}]MYw#m{`
(class)#
Tsj6(object identifier ,OID)y>Z\m,8(xiso(m>( 1(ASN.1)P(eD`MD}]5#
Ts`M(object type )ITf"Z Directory PDTs#}g:i/"aiR"h8"K1"Lrr}
L#
`&\rXxJ~)9(Multipurpose Internet Mail Extensions ,MIME);WTIICDf6,9CT;,V{/`kDD>IT`%;;#,129
`=egSJ~JCZ9CrXxJ~j<D`V;,Fcz53#}g,}
K US-ASCII"v?D>"<qMytb8VV{/,gSJ~{"9IT|,d
|V{/#
2F3
@p=(firewall )xgdDxX,CZ^Fxg.dDE"w/#dMX,@p=D?DG#$
Z?Dxg,@94Z(Db?C'9C#
CJXFm(access control list ,ACL);VTQZ(C'^F9CX(J4DzF#
GTF\ku(asymmetric cryptography )
\kuGC;,D"GTF\?xPS\Mb\#?vC'IU=;T\?:
;vyPKICJD+C\?M;vvC'*@D(C\?#1+C\?M`
&D(C\?`%d1,t/;Wb\,byM\xP2+;WK#b2F*
\?T\ku#kTUTF\ku(symmetric cryptography)#
qO(repudiate )IZ;f5x\x;}g,qO"MK8({"ra;K8(ks#
~qw(server)(1)ZxgP,*d|>ca)&\D}]>c,}g,D~~qw#(2)
Z TCP/IPxg53P*d|>c53Dksa)&mD53,F*M'z/~
qw#
90 f> 3 "Pf 7.1
~qw$i(server certificate )I CA )"D}V$i,9 Web ~qw\&myZ SSL DBq#1/@wC
SSL-ik~qw,S1,~qwa"x/@w;v+C\?#K\?I'V~
qwm]O$#,1|2'V*"Mx~qwDS\E"#m{ CA $i(CA
certificate)"}V$i(digital certificate)M/@w$i(browser certificate)#
2G3
+2S\e5a9(Common Cryptographic Architecture ,CCA)IBM m~,|9s`} IBM Fc=(\T;BD=(IC\ku#|'VIC
;,D`LoT`4D&CLrm~#&CLrm~ITwC CCA ~q4jI
s6'DS\&\,|( DES M RSA S\#
+2}]2+Te5a9(Common Data Security Architecture ,CDSA)*yZFczD2+T&CLrx4(Dfr2+T~qM2+T\m(eD
[O=(#|I Intel hF,T9Fcz=(T&CLrxT|*2+#
+2xXSZ(Common Gateway Interface ,CGI)Z Web 3fM Web ~qw.d+ME"Dj<=(#
+C/(C\?T(public/private key pair )+C/(C\?TG\?T\kuEnD;?V(1976j,I Diffie M Hellman
*bv\?\mJbx}k)#Z{GDEnP,?KqC;T\?,;vF*
+C\?,m;vF*(C\?#?vKD+C\?G+*D,x(C\?G
#\D#"M=MSU=;h*2m#\E":+?(Ef0D;G+C\
?,R(C\?"4+dr2m#;Yh*EN(E(@D2+,T@9T}
r9\#;*s+C\?k|GDC'T;VIE(O$)D==(}gZI
E?<P)`X*#(}9C+2E"NNK<\"Mz\{"#;x,C{
";\I(C\?b\,$ZDSU=(;5PK(C\?#Kb,\?T\
ku;vCZ#\T(S\),9CZO$(}V){)#
+C\?(public key )(C/+C\?TPTd{KP'D\?#|9d{K\k\?DyP_xP
Bq&mri$}V){#C+C\?S\D}];\(}`&D(C\?4
b\#kTU(C\?(private key)#m{+C/(C\?T(public/private key
pair)#
+C\?y!a9(public key infrastructure ,PKI)yZ+C\?\kuD2+Tm~Dj<#PKI G}V$i"O$PD""aP
D"$i\m~qMV<=?<~qD53#C4i$rXxOf0BqDw
91Tivoli PKI hCkKP
Jcm
=Dm]M(^#b)BqI\f0=h*i$m]DYw#}g,|GI\
*7Oav6jDp4"gSJ~{"Dw_rpZLq#
PKI CC'D+CS\\?M$iTP'vKri/DO$P'#|a)D*z
?<|,CZi$}V$i">$M}V){D+CS\\?M$i#
PKI *+CS\\?Di$i/Mksa)lYP'Dl&#|96p53P1
ZD2+T~2",$J4T&m2+%f#ns,PKI 9*X*DL5Bqa
)K}V1dAG~q#
+C\?\kuj<(Public Key Cryptography Standards ,PKCS)G}=D)&L.dDj<,|GI RSA 5iR0;,Fcz)&LDzmZ
1991j*"#Cj<|, RSA S\"Diffie-Hellman -("yZ\kDS\"
)9D$io("S\{"o("(C\?E"o(M$wo(#
¶ PKCS #1hvK9C RSA +C\?\k534S\}]D=(#<ZCZ
}V){M}VEbD9l#
¶ PKCS #78(\k{"D;cq=#
¶ PKCS #108($wksDj<o(#
¶ PKCS #11*\kh8(}g:G\()(e<u^XD`LSZ#
¶ PKCS #12*f"r+MC'D(C\?"$i"d|X\E"H8(;VI
F2q=#
zJj</i/(International Standards Organization ,ISO)*""+<j<DzJi/#
zJgE*K(International Telecommunication Union ,ITU)~.M(E?E-w+r6L(ExgM~qDzJi/#|G6L(E<
u"\mMj<E"Dnw*"<_#
zR2+z9(National Security Agency ,NSA)@z~.Y=D2+zX#
2J3
z\T(confidentiality );+E"96x4Z(=DXT#
y>`kfr(Basic Encoding Rules ,BER)Z ISO 8825P8(DCZT}]%*`kDfr,C}]%*GCiso(m
>( 1(ASN.1)4hvD#fr8(`k<ux;Giso(#
92 f> 3 "Pf 7.1
S\(encrypt )rRE"3r,by9C;PG)5PJ1Db\zkDKE\(}b\q!
-<E"#
S\/b\(encryption/decryption )
9CSU=D+C\?*KKS\}],xSU=9CdTD(C\?4bk
}]#
r%J~+M-i(Simple Mail Transfer Protocol ,SMTP)ZrXxO*FgSJ~D;V-i#
;f$w(cross-certification )
EN#=,yZ|;v CA *m;v CA )"$i,C$i|,k(C){\
?`%dD+C\?#;f$wD$iJm;v\mrODM'z53rUK
5eITkm;vrODM'z53rUK5e2+(E#
b\(decrypt )CZ7zS\}L#
2K3
*E=}]b,S(Open Database Connectivity ,ODBC);VCJ;,}]b53Dj<#
*E53%,(Open Systems Interconnect ,OSI)IzJj</i/K<DFczxgj<{F#
IEFczy!(trusted computer base ,TCB)2,5)i/Fcz2+T_TDm~M2~*X#0l2+T_T5)D*
Xr*XD;?VG2+T`XDrG TCB D;?V#TCB GI2+T6'<
xDTs#5V2+T_TDzFXkG;IFPD,Xk\h9LrqCT
4Z(D53X(DCJ#
M'z(client)(1);vSU4T~qwD2m~qD&\%*#(2);vFczr_L
r,|ksm;vFczr_Lr*|~q#
M'z/~qw(client/server )V<=&mPD#M,Zbv#MP&Z;v>cDLrTm;v>cDLr
"vks"RH}|Dl&#RGQksLrF*M'z;xQl&=F*~
qw#
93Tivoli PKI hCkKP
Jcm
2L3
`(class)ZfrTsDhFM`LP,;i2m+2(eRrK22m+2XT"Yw
MP*DTs#
`M(type)kNDTs`M(object type)#
4i$(chain validation )ZENcNa9PTZyP CA ){Di$,(}|)";v8(D$i#}
g,g{m;v CA *;v CA )"K)p$i,G4=v){ZC'a;$
ii$1<hi$#
/@w(browser )kND Web /@w(Web browser)#
/@w$i(browser certificate )
}V$i,2F*M'zK$i#|GI CA (}tC SSL D Web ~qw4
)"D#S\D~PD\?9$iVP_ITS\"b\M)p}]#dMD
iv,Web/@wf"b)\?#;)&CLrJmZG\(rd|iJOf"
\?#m{}V$i(digital certificate)#
2M3
@zzRj<-a(American national standard Institute ,ANSI)G@zD;vi/,|F(;OIDi/Z4(M,$GY=$5j<1yq
XD}L#|Izz_"{Q_M;c{f/EiI#
@zzRE";;j<zk(A m e r i c a n N a t i o n a l S t a n d a r d C o d e f o rInformation ,ASCII)
Z}]&m53"}](E53M`Xh8PxPE";;yICDj<z
k#ASCII V{/I 7 ;`kV{(8 ;|,;;f<#i)iI#V{/|(
XFV{M<NV{#
\k==(cryptographic )XZ*;}]T~Xd,eD==#
\ku(cryptography )ZFcz2+TP,CZS\wDMb\S\D>D-m"=(MVN#
94 f> 3 "Pf 7.1
\?(key)\kuP9CDCZ`kMbkD?#
\?8]kV4(Key Backup and Recovery )Tivoli PKI D&\,9z\8]MV4nU5e$i0dI Tivoli PKI O$D`
&+CM(C\?#$iM\?f"Z PKCS #12D~P#CD~\\k#$#
8]$iM\?1+hC\k#
\?T(key pair)ZGTF\kuP9CD`&D\?#;v\?CZS\xm;vCZb\#
wkD>(cleartext )4S\D}]#wD(plaintext)D,eJ#
wD(plaintext )4S\D}]#wkD>(cleartext)D,eJ#
#=(schema)k Directory `X,(e;,Ts`M.dX5DZ?a9#
#}(modulus )Z RSA +C\k53P,=vsX}(p M q)DK}(n)#RSA #}DnQ
s!!vZ2+Th*##}=s2+T=_#10D RSA 5iR(iD\?
s!&!vZT\?DF.9C:vK9C* 768;,+>9C* 1024;,x
+*X*D\?(g CA D\?T)r* 2048;#AYZ 2004jT0,768
;D\?;O*G2+D#
?j(target)8(Dr!(D}]4#
2N3
Z?a9(internal structure )
kND#=(schema)#
Z?x(intranet )s5Z?Dxg,(#;Z@p=.s#|GTrXxDIz"9C`FD<
u#S<uO5,Z?xvvGrXxD)9#HTML M HTTP G|GD;)
2,c#
95Tivoli PKI hCkKP
Jcm
2P3
>$(credential )ZO$;;PCZ$wvKm]Dz\E"#ZxgFc73P,n#{D>
$`MGQI CA 4(M)pD$i#
2Q3
)p(sign)9CzD(C\?zI){#){Gi$zGIE5D;V==,RK<}Z
)pD{"#
)p/i$(signing/verifying )
)pG9C(C}V\?zI){#i$G9C`&D+C\?i$){#
a?6?<CJ-i(Lightweight Directory Access Protocol ,LDAP);vCZCJ Directory D-i#
ksj6(request ID);v 24 = 32 V{D ASCII 5,|\(;j6T RA D$iks#C5IT
&CZ$iksBqP,TlwCksD4,r`X*D$i#
2R3
O$(authentication )I?X7((E=m]D}L#
O$PD(certificate authority ,CA);Vm~,:pq-i/2+T_TMT$iN=8(2+gSm]#CA &m
4T RA DksT)""|BM!{$i#CA M RA ;%$wTZ Directory
P"<$iM CRL#m{}V$i(digital certificate)#
2S3
}X DES(triple DES)}NTwDS\DTFc(#d;fZm`==I5ZK?D,+`XS\D
n2+N=Gx}v`l\?D}X DES#
96 f> 3 "Pf 7.1
L5wLTs(business process objects )
;5PCZ5VX("aYwDzk,}gliGGks4,ri$+C\?
Q"M#
L5wL#e(business process template )
48(3rKPD;5PL5wLTs#
sF~qw(Audit server );v Tivoli PKI ~qw,|SsFM'zSUsFB~,"+d4ksFU>#
sFzY(audit trail )}]T_-76DN=44SB~rP#sFzY'VBqrx(n/Dz7
DzY#
sFM'z(audit client )53PC4"MsFB~x Tivoli PKI sF~qwDNNM'z#ZsFM'z
"MB~xsF~qwT0,|HksF~qw(",S#,S("s,M'
z9CsFS53M'zbxsF~qw+ME"#
sFU>(audit log )Z Tivoli PKI P,|G}]bD;vm,+?vsFB~f"*;uG<#
sFS53(audit subsystem )
Z Tivoli PKI P, *G<2+T`XYwa)'VDS53#|{O*pZ~q
z5D+C\?\kuDj</PDj< X9.57 FvZ]#
5}(instance )Z DB2 P,5}Gf"}]MKP&CLrD_-}]b\m73#|Jm*
`}]b(e;i+2DdCN}#
Bqj6(transaction ID )I RA a)Dj6,Tl&$"aGGks#|9C'\KP Tivoli PKI M'
z&CLr4qC$HK<D$i#
X$Lr(daemon);vZ&ms(NqDLr#1vVh*|ozDiv1,53+a~=wC
|#C';h**@X$Lr,r*|(#GI53T/zzD#X$LrI
\@6Gn/D,r_|adtXXBzI#
uo("t* demon)4Tq0#s4,|;]mbM*WV8uTJ
DAEMON:Disk And Execution MONitor#
97Tivoli PKI hCkKP
Jcm
Z((authorization )CZCJJ4DmI(#
}]f"b(Data Storage Library ,DL)w*;v#i,|a)T$i"CRL"\?"_TMd|k2+T`XTsD
VC}]f"DCJ#
}]S\j<(Data Encryption Standard ,DES)w*}=Dj<,Z 1977jI@z~.(eMz<DVi\kS\c(#nu
I IBM *"#TS DES +<T4C=Kc:DP?,VZ|QI*Zy\*
"Rc:9CD\k53#
DESG;vTF\k53#1|CZ(E1,"M=MSU=Xk5P,;v\
?#C\?CZS\Mb\{"#DES2ITCZ%C'DS\,}gTS\D
q=QD~f"=2LO#DESP 64 ;Dis!,|ZS\Zd9C 56 ;\
?#|-H*2~5VxhF#NIST ?tejXBO$;N DESw*@z~.
Y=DS\j<#
}V){(digital signature );vmS=D5r_}]D`k{",|7#K"M=Dm]#
}V){ITa)Hom){|_6pD2+T#bGr*}V){;GS\
{Fr;5Pr%Dj6zk#|z.TQ)p{"DS\**#by,Z{
"O=S}V){ITa)"M=DLPj6#(;P"M=D\?EIT4(
C){#)|,y9L(KQ)p{"DZ](S\D{"**XkM{"DZ
]`%d,qr){+^')#by,}V){M^(S{"P4F"R&C=
m;v{"P%,r***r"PE"+;%d#NNTQ)p{"DD/<
a9){^'#
}V){c((Digital Signature Algorithm ,DSA)+C\?c(,Cw}V){j<D;?V#|^(CZS\x;\CZ}V
){#
}V$w(digital certification )
kND$w(certification)#
}V$i(digital certificate )
IEDZ}=)"xvKr5eDgS>$#?v$iC CA D(C\?4)
p#|xpvK"L5r_i/Dm]#
y] CA DG+,$iIT$5VP_ZrXxOxPgS;WD(^#Z3V
beO,}V$i`FZ];mI$r_='D>#|O$K5P`&(C\
?DVP__P-*3)gSLqn/D(^#
98 f> 3 "Pf 7.1
$i|,dO$D5eDE",^[GK1"zwrFczLr#||,C5
eDQO$D+C\?#
fz}(nonce)I~qwr&CLr"vDV{.,|*sC'Z(#C'C(C\?4)p
fz}#C'D+C\?M)pDfz}"MXAksZ(D~qwr&CL
r#;s~qw"TCC'+C\?4bkQ)pDfz}#g{fz}Db
ka{k"MD-~;y,rCC';O$#
m@(tunnel)Z VPN <uP,(}rXx("Dks~qibc=c,S#;),S,6L
C'\9Cm@kZ+>D(CxgO~qw;;2+"S\Mb0DE"#
2T3
3;J4(;w(Uniform Resource Locator ,URL)CZrXxJ4`7D;V=8#URL 8(-i,wz{r IP X7#,12|
,KCJX(zwDJ4yhDKZE"76MJ4j8E"#
2W3
b?x(extranet)9CMrXx`FD<uDIzzo#ws+>}*<TKM"oiMZ?K
1`vEe&C Web "<"gS;W"{"+MM:~#
j{T(integrity )#$}]j{TD53,h94Z(D^D(;,Z#$}]Dz\T,h9
4Z(D96)#
j{Tli(integrity checking )
TIb?i~-,Bq&mzzDsFG<Dli#
r,x(World Wide Web ,WWW)Z|,,=eDODFcz.diIxg,SDG?VrXx#b)JOa)
E""a)=r,xMrXxPd|JOD4S#RGIT(} Web /@wL
rCJr,xJ4#
xX(gateway);V&\%*,Jm%;f]Dxgr&CLr%`xP(E#
99Tivoli PKI hCkKP
Jcm
D5S\\?(document encrypting key ,DEK)dMX,D5S\\?G;TTFDS\/b\\?,}g DES#
D~+d-i(File Transfer Protocol ,FTP)rXxM'z/~qw-i,CZZFcz.d*FD~#
2X3
{"O$zk(message authentication code ,MAC)"M=MSU=d2mD#\\?#"M=O$,xSU=i$#Z Tivoli PKI
P,MAC \?fEZ CA MsFi~D KeyStoreP#
{"**(message digest )S\Nb$HD{";szIL($HD?D;If&\#MD5 MG;V{"*
*c(#
!~qLr(servlet);V~qwKDLr,xh'V JavaD~qwT=S&\#
!&CLr(applet)GC Java`4DFczLr,IKPZk Javaf]D Web/@wP#2I1
w Java!&CLr#
-i(protocol )Fcz.d(ED;B<(#
EN4(trust chain );i$i,ISC'$i=yrT)p$iDIEcNa99I#
EN#M(trust model )\mO$PDgNO$d|O$PDDa9<(#
ENr(trust domain );i5e,|GD$iI`,D CA O$#
ib(Cxg(Virtual Private Network ,VPN)9CrXxx;Gg0_4("6L,SD(C}]xg#r*C'(}rX
x~qa)Lx;Gg0+>CJ+>xgJ4,i/ITs?uY6LCJ
I>#VPN 9v?K}];;D2+T#Z+3D@p=<uP,{"Z]IT
S\,+G;ITS\?DX7M4X7#Z VPN <uP,C'IT(";v
(@,S,dP{vE"|(Z]M(7)<xPS\Mb0#
100 f> 3 "Pf 7.1
2Y3
Q)"$iPm(issued certificate list ,ICL)Q)"D$i0|G104,DjIPm#$iGIrPEM4,4w}D#
KPmI CA ,$,"#fZ CA }]bP#
l=(E(asynchronous communication )
;h*"M=kSU=,=D(E#=#
rXx(Internet)|G@g6'Dxg/O,Ta)Fcz.dDgS,S#9|GIT(}n
ggSJ~r Web /@wHm~h84`%(E#}g:;)s'hPT:D
xg,(}k`Fxg4S,i(I3;DrXx#
rXx$LNqi/(Internet Engineering Task Force ,IETF)Y]M*"rXx-iD;vi#|zmK|(xghF_"Yw_")&L
MP?1ZZDzJi/#IETF f0=rXxe5a9D*"MrXxD3{9
C#
C'O$(user authentication )
CZi$3v{"D4w_GC{"IxpRO(DyP_#|9i$z}Z
kZ{DUKC'r53xP(E#
$"a(preregistration )Z Tivoli PKI P,Jm;vC'(dMDG\m1)GGd{C'#g{ks;
K<,RA a)E",JmC'ZTs9C Tivoli PKI M'z&CLrqC$
i#
r(domain)kND2+Tr(security domain)M"ar(registration domain)#
2Z3
v?#\TJ~(privacy-enhanced mail ,PEM)IrXxe5a9DhF_(IAB)ICDrXxv?#\TJ~j<4#$r
XxOgSJ~#PEM -ia)KS\"O$"{"j{TM\?\m#
>c$i(site certificate )`FZ CA $i,+GvCZ8(D Web >c#m{ CA $i(CA
certificate)#
101Tivoli PKI hCkKP
Jcm
$w(certification )IEDZ}=)"CZ##vK"L5ri/m]DgS>$D}L#
$i_T(certificate policy )fr|{/,|mw$iT_P+22+ThsD&CLrX(`DJCT#
}g,$i_TI\amwX(D$w`MGqJmC'Z;vx(D[q6
'ZxP;W#
$i7zPm(certificate revocation list ,CRL)O$PDQ7zDT}V)pRjP1dAGD$iPm#ZPmPD$i&
1O*;IS\#m{}V$i(digital certificate)#
$iE*D~(certificate profile )
(eyh$i`MD;iXT(}g:SSL$ir IPSec$i)#E*D~oz
\m$if6M"a#"PLIT*ksPD$i|DE*D~{FM8(X
T,}gP'Z"\?C(M DN <xHH#
$i)9(certificate extension )
X.509v3$iq=DI!&\,|a)Z$iP|,=SVN#|_Pj<)9
MC'T(e)9#j<)9*wV?DxfZ,|,\?M_TE""wb
M"PLtTT0O$76<x#
G\((smart card );if"C'}V\?D2~,dMD;PEC(s!#G\(ITIC\k
#$#
"a$_(registration facility )
;v Tivoli PKI &CLrr\,*GG5e(}g:/@w"7Iw"gSJ~
M2+M'zLr)a)(CVN"RZ{vP'ZZ\m$i#
"a}L(registration process )
Z Tivoli PKI Pi$C'm]D=h,Sx9C'Md+C\?CTO$"Nk
Bq#C}LITG>XrGyZ WebD,|ITT/xPrK$;%4\m#
"a}]b(registration database )
|,K$iksMQ)"$iDE"#C}]bf"KGG}]M{vP'Z
PDT$i}]|D#}]bII RA }LM_TvZr"a14|B#
"ar(registration domain )
;iMX(D$iGG}L`XDJ4"_TMdC!n#Cr{G URL D;
vS/,CZKP"a$_#
102 f> 3 "Pf 7.1
"a1(Registrar )QZ(CJ RA @fDC',{\\m$iMks$i#
"aPD(RA);V\m}V$iDm~,|7#SGGksDnuSU=$i7zZdi/
DL5_T<CT&C#
(C\?(private key )(C/+C\?TP;T\?yP_P'D\?#9yP_\SU=KDBq
&mrxP}V){#9C(C\?)pD}];\I`&D+C\?4i
$#kTU+C\?(public key)#m{+C/(C\?T(public/private key
pair)#
(P`kfr(Distinguished Encoding Rules ,DER)a)Z BER OD<x#DER SG)`kfrJmD`k`M(E}yP"M=
!n)P!qD;V`M#
(P{F(distinguished name ,DN)f"Z DirectoryPD}]nD(;{F#DN (;Xj6 DirectoryDcNa9
PDu?D;C#
VZk(bytecode )I Java`kwzI,RI JavabMw4PDkzw`M^XDzk#
nU5e(end-entity )|G$iwb,+;G CA#
}V
4758 PCI Cryptographic Coprocessor;VI`LD,Ifl&D PCI \_S\(,C(a)_T\D DES M RSA
S\&m#S\}LZ(D2+bGZ"z#K(Oq{O FIPS PUB 140-16
p 4 j<#m~ITZ2+bGZKP#}g,EC(;W&mI9C SETj
<#
A
ACLCJXFm#
103Tivoli PKI hCkKP
Jcm
ANSI@zzRj<-a(American National Standards Institute)#
ASCII@zzRE";;j<zk(American National Standard Code for Information
Interchange)#
ASN.1iso(m>( 1(Abstract Syntax Notation One)#
B
base64 `k(base64 encoding )IC MINE +M~xF}]D+2=(#
BERy>`kfr(Basic Encoding Rules)#
C
CAO$PD(Certificate Authority)#
CAST-64;v9C 64 ;i$M 6 ;\?DVi\kc(#GI Carlisle AdamsM
Stafford TavareshFD#
CA cNa9(CA hierarchy )Z Tivoli PKI PD;vENa9,|D%KP;v CA,Z|DBfP`oDc
DS CA#1 CA "aC'r~qw1,C'M~qw+U=C CA D)p$
i"+LPdOcD$wcNa9#
CA ~qw(CA server)CZ Tivoli PKI O$PD(CA)i~D~qw#
CA $i(CA certificate )ZzDksB,Web /@wS|^(6pD CA S\D$i#;s/@w9C
C$iO$kVP CA )"D$iD~qw.dD(E#
CCAIBM +2S\e5a9(IBM Common Cryptographic Architecture)#
104 f> 3 "Pf 7.1
CDSA+2}]2+Te5a9(Common Data Security Architecture)#
CGI+2xXSZ(Common Gateway Interface)#
CRL$i7zPm(Certificate revocation list)#
CRL "<1ddt(CRL publication interval )hCZ CA dCD~P,(Z"< CRL = Directory D1ddt#
D
DEKD5S\\?(Document encrypting key)#
DER(P`kfr(Distinguished Encoding Rules)#
DES}]S\j<(Data Encryption Standard)#
Diffie-HellmanZ;I?iJO("2m\?D=(,T"w_(Diffie M Hellman)|{#
Directoryk(E`XDCZE"+VJ4b(}ggSJ~r\k;;)DcNa9#
Directory f" PKI a9yXhDX(n?,|,+C\?"$iM$i7zP
m#
DirectoryPD}]GTwDN=Vc\m,wD%KMGDy#(#O_cND
i/zm@"DzRrXx"~.r+>#?CwD6Zc#CZm>C'M
h8#b)C'"i/"yZX"zRrXxT0h8<PwTDu?#?v
5eI_8`MDtTiI#b)a)K5eyzmTsDE"#
Directory PD?vu?<s(=X*D(P{F(DN)#TZV5@gPDT
s,15e|(DtT(;1,b2G(;D#<GTBD>} DN#dP,z
RrXx(C)G US,i/(O)G IBM,i/?E(OU)G TrustT0+2
{F(CN)G CA1#
C=US/O=IBM/OU=Trust/CN=CA1
105Tivoli PKI hCkKP
Jcm
Directory ~qw(Directory server )Tivoli PKI P,IBM Directory#Directory 'V LDAP j<"9C DB2 w*|
Dy!#
DL}]f"b(Data Storage Library)#
DN(P{F(Distinguished name)#
DSA}V){c((Digital Signature Algorithm)#
F
FTPD~+d-i(File Transfer Protocol)#
H
HTML,D>jGoT(Hypertext Markup Language)#
HTTP,D>Bq&m-i(Hypertext Transaction Protocol)#
HTTP ~qw(HTTP server){C/@wMd|LrZxgP&myZ Web (ED~qw#
I
ICLQ)"$iPm(Issued certificate list)#
IniEditorZ Tivoli PKI P,CZ`-dCD~D$_#
106 f> 3 "Pf 7.1
IPSecI IETF *"D;VrXx-i2+Tj<#IPSecGxgc-i,CZa)\
k2+T~q,|TO$"j{T"CJXFMz\TDiOa)inD'
V#r*|?sDO$&\,m` VPN z7)&LIC|w*-iT("Zr
XxOD2+cTc,S#
ISOzJj</i/(International Standards Organization)#
ITUzJgE*K(International Telecommunication Union)#
J
JavaI SUN Microsystems, Incorporated*"D;5PyZxgDg=(Fcz<u#
Java73I Java OS";,=(Dibz"frTsD Java`LoTM8v`
b9I#
Java `(Java class )JavaLrzk%*#
Java !&CLr(Java applet )kND!&CLr(applet)#kTU Java&CLr(Java application)#
Java ibz(Java Virtual Machine ,JVM)JavaKP173PD;?V,:pbMVZk#
Java &CLr(Java application )9C JavaoT`4D@"Lr#|KPZ Web /@w73.b#
Java oT(Java language );V`LoT,GI SUN Microsystems*Z!&CLrMzmLr&CLrP
9CxhF#
K
KeyStoreTS\q=f" Tivoli PKI i~>$(}g\?M$i)D DL#
107Tivoli PKI hCkKP
Jcm
L
LDAPa?6?<CJ-i(Lightweight Directory Access Protocol)#
M
MACE"O$zk(Message authentication code)#
MD2;VI Ron RivesthFD 128;{"**"P/}#|Z PEM -iPk MD5
;p9C#
MD4;VI Ron RivesthFD 128 ;{"**"P/}#Z4PYHO,MD4 *
H MD2 lC86#
MD5;VI Ron RivesthFD%r{"**"P/}#bG MD4 DDxf>#MD5
}LT?i 512;(VI 16 v 32 ;Si)dkD>#Kc(DdvG;iD
v 32 ;Di,b)i,SINI;v%@D 128 ;"PE"5#|2ITZ
PEM -iPk MD2 ;p9C#
N
NISTzRj<M<u-a(National Institute of Standard and Technologe),T02
F* NBS(zRj<V)#|YxKyZFczDz5*Ej<M%CT#
NLS>XoT'V(National language support)#
NSAzR2+z9(National Security Agency)#
O
ODBC*E=}]b,S(Open Database Connectivity)#
108 f> 3 "Pf 7.1
OSI*E53%,(Open Systems Interconnect)#
P
PC ((PC card)`FZG\((smart card),2F* PCMCIA (#HG\(sR&\|?#
PEMv?#\J~(Privacy-enhanced Mail)#
PKCS+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #1kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #7kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #10kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #11kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #12kND+C\?\kuj<(Public Key Cryptography Standards)#
PKI+C\?y!a9(Public key infrastructure)#
PKIXyZ X.509v3 D PKI#
PKIX l}w(PKIX listener )IX(DGGr9CD+C HTTP ~qw,C4l} Tivoli PKI M'z&CL
rDks#
109Tivoli PKI hCkKP
Jcm
PKIX $i\m-i(PKIX certificate management protocol ,CMP)5Vk PKIX `]&CLrD,SD-i#PKIX CMP 9C TCP/IPw*|D
w*+MzF,+GZWSVOP;visc#|5VT=SV/+MD'
V#
PKIX CMPPKIX $i\m-i(PKIX certificate management protocol)#
R
RA"aPD(Registration authority)#
RA ~qw(RA server)CZ Tivoli PKI "aPDi~D~qw#
RA @f(RA Desktop );v Java!&CLr,T<Ngfa) RA 4&m>$ksM\m|GD{v
9CZ#
RC2Id\?s!i\k,GI Ron Rivest* RSA }]2+TxhFD#RCzm
Ronzk r Rivest\k#|H DES |l,RhFw* DES D0kf;#y
ZnY\?Qw_T,(}9CJ1D\?s!,RC2ITH DES|2+,2
IT|;2+#|P;v$ 64 ;Di,Zm~KPP*H DES s<l==}
6#RC2 ITCk DES `,D==9C#
m~vfL-a(SPA)M@z~..dD-(7(K RC2DXbX;#b9C
ZvZz<}LH(#D\kz7vZ}L|r%|lY#;x,*zclY
vZz<Jq,z7Xk^F RC2 \?s!* 40 ;,1;2P}biv#I
T9C=SDV{.4h9;)%w_,{GT<$HFcCI\S\DsM
i/m#
RSAT"w_(Rivest"ShamirM Adelman)|{D+C\?\kc(#|CZS\
M}V){#
S
SET2+gS;W(Secure Electronic Transaction)#
110 f> 3 "Pf 7.1
SGMLj<(CjGoT(Standard Generalized Markup Language)#
S/MIME'V)pMS\ZrXxO+dDgSJ~D;Vj<#kND MIME#
SMTPr%J~+M-i(Simple Mail Transfer Protocol)#
SSL2+WSVc(Secure Sockets Layer)#
T
TCP/IP+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol)#
Tivoli PKI'V}V$iD"P"|BM7zD/I IBM 2+Tbv=8#b)$iIT
Z\s6'ZDrXx&CLrP9C,a)TC'O$M7#IE(ED=
(#
TPEN_T(Trust Policy)#
U
UnicodeI ISO 10646(eD 16 ;V{/#UnicodeV{`kj<GE"&mD;Vz
JV{zk#Unicodej<|,@gODw*DV,"a)Km~zJ/M>X
/Dy!#Java`L73PDyP4zk<T Unicode`4#
URL3;J4(;w(Uniform Resource Locator)#
UTF-8;V*;q=#|9;\&m 8 ;V{/DE"&m53\+ 16 ; Unicode*
;* 8 ;H'zk,"RY4r*;x;ap'E"#
111Tivoli PKI hCkKP
Jcm
V
VPNib(Cxg(Virtual Private Network)#
W
WebSphere Application ServerIBM z7,ozC'*"M\m_T\ Web>c#|r/KSM6D Web"
<=_6gSLq Web&CLrD*;#WebSphere Application ServerI@"
Z Web ~qw0dBcYw53DyZ JavaD!~qLr}f9I#
Web ~qw(Web server)~qwLr,|lp4T/@wLrDE"J4ks#m{~qw(server)#
Web /@w(Web browser )KPZ(= PCzDM'zm~,9C'\/@r,xr>X HTML 3f#b
G;vlw$_,|a)T Web MrXxPIC,=eDODsM/OD(C
CJ#P)/@wITT>D>M<N,xP)v\T>D>#s?V/@w
I&mrXx(E(}g FTP Bq)Dw*m%#
X
X.500I%,Fcz53)P5V`?D"V<=M?<4F~qDj<#IzJg
E*K(ITU)(4T0DzJg(g0I//1a CCITT)"zJj</i/
MzJg/'/1a(ISO/IEC)*O(e#
X.509 f> 3 $i(X.509 Version 3 certificate )X.509v3$i_PC4f"Mlw$i&CLrE""$iV"E""$i7z
E""_TE"M}V){D)d}]a9#
X.509v3}L*yP$i4(P1dAGD CRL#?N9C$i1,X.509v3D
\&Jm&CLrli$iDP'T#|9Jm&CLr47(C$iGqZ
CRL O#I*X(P'Z9l X.509v3 CRL#|G2IyZd|I\9$i^
'D73#}g,g{M1k*i/,d$i+E= CRL P#
X.509 $i(X.509 certificate );c:S\D$ij<,C4(}2+rXxxg'V2+\mM}V)p$
iDV"#X.509 $i(e}]a9,a)V"IIEDZ}=}V)pD+C
\?D}L#
112 f> 3 "Pf 7.1
w}
[A]2+T
@p= 28
om 27
53 27
2+ Web ~qw 30
20
s20lim,AIX 63
s20lim,NT 78
7O NT 53 73
AIX 40
AIX OD~qwi~ 54
AIX OD}]bm~ 45
AIX OD 4758-&mw 34, 54
AIX OD Directory ~qw 47
AIX OD Web ~qw 50
AIX OD WebSphere Server 50
NT OD~qwi~ 73
NT OD}]bm~ 68
NT OD Directory ~qw 72
NT OD HTTP Server 69
NT OD JDK 69
NT OD Web ~qw 69
NT OD WebSphere Server 70
Windows NT 66
20Lr,~qwm~ 74
20f.lim 23
20r<
oz 82
Ev 81
D5 81
53*s 21
swing b 22
[B]oz
20r< 82
GG 86
RA @f 85
#tD}]b{F 29
8]MV4,\? 11
8]3s
AIX 44, 64
NT 67, 79
>XoT'V
Ev 36
S\f> 36
S\c( 36
oTnp 36
XAA_ xii
j<
S\ 15
Z Tivoli PKI P'V 15
j<$i)9 16
[C]Yw53
20r< 21, 25
TZ AIX ~qw 19
TZ NT ~qw 19
_TvZ
(e 5
(F 6
cNa9,CA 8
z7b0 36
113Tivoli PKI hCkKP
w}
Iz$i)"
hv 12
vfo
hv xii
dC8O 81
C'8O 85
Customization Guide 86
RA @f8O 84
System Administration Guide 83
Tivoli 2+Tz7 xv
vZ\&,S\c( 36
&mw
T AIX D(i 21
T NT D(i 21
ELVx
TZ AIX ~qw 42
dbfsadt 43
dbfsibm 43
dbfskrb 43
dbfspkrf 43
ELUd
T AIX D(i 21
T NT D(i 21
uE<r<m 20
uE8< 42
[D]zk)p 14
GG
_TvZ 5
(F 6
Ev 4
/@wm% 4
(*E 4
53*s 22
$"a 4
GG (x)
$i`M 4
(eD(P{F(DN) 32
(eD DN 32
(eD PKI 12
(eD PKIX 12
(F
_TvZ 6
$iE*D~ 6
$i)9 17
"ar 6
A_ xii
Tsf" 13
[F]"P5w 19
@p=2+T 28
CJXF
53 28
CA X( 32
Directory \m1X( 33
Directory X( 32
Directory rootC'X( 33
RA @fX( 5
~qwdC 35
~qwhs
TZ AIX 21
TZ Windows NT 21
I!Dm~ 19
I!D2~ 19
yhm~ 19
yh2~ 20
~qw$i 4
114 f> 3 "Pf 7.1
[G]+2)9 16
+2}]2+Te5a9(CDSA) 12
+C Web ~qw 30
XZ>8O xi
f.lim,20 23
zJS\f> 36
zZS\f> 36
[H]s20dCLr 62, 77
V4,\? 11
[J]zw`M
T AIX D(i 21
T NT D(i 21
S\c( 36
lim
AIX ODs20 63
NT ODs20 78
lim,20f. 23
;f$w 8
mi,hC AIX 42
[K]M'zO$ 30
M'z&CLr
20 54, 73
D5 85
53*s 22
M''V xiv
XF~qwCJ 28
b,Tivoli PKI Web >c xii
[L]/@w$i 4
7_<
AIX 20 39
NT 20 65
[M]\k
20r< 21, 25
TZ AIX ~qw 19
TZ NT ~qw 19
\?V4 11
{F,8( TCP/IPwz 40
#='V 13
[N]Zf(RAM)
T AIX D(i 21
T NT D(i 21
[P]dC
@p= 28
~qwe5a9 35
}LEv 81
}]/Om% 64, 78
115Tivoli PKI hCkKP
w}
dC (x)
Z AIX O<8 63, 81
Z NT O<8 78, 81
AIX PDmi 42
AIX PDD~53 42
Directory ~qw 32
DOS 73hC 78
NT ODTYLr5 60, 75
Web ~qw 30
dC}]m% 64, 78
dC8O
CJ 82
Ev 81
ANsFB~ 8
[Q](F
AIX OD8]5CLr 64
NT OD8]5CLr 79
0TE" xi
[R]O$PD(CA)
#$\? 33
cNa9 8
Ev 7
+\?f"Z2~P 34
;f$w 8
)"D$iPm 7
}]b 7
rPE 7
k 4758-&mw/I 33
Z AIX O20 55
Z NT O20 74
O$PD(CA) (x)
$i7zPm 7
T)p$i 7
4758-&mw 7, 10
DN kZ 32
KeyStore 14
MAC 7
kE
9CGG 85
9C(F 86
9CdC 81
9C53\m 83
9C RA \m 84
9C Tivoli PKI 83
m~hs
20r< 21
20r<D Web /@w 22, 25
z7 CD-ROM 36
V" 36
I!D~qw 19
yh~qw 19
4758-&mw 19
Directory ~qw 19
JDK 19
Web ~qw 19
[S]sFS53
Ev 8
i5 9
B~AN 8
}]b 8
j{Tli 9
Z AIX O20 55
Z NT O20 74
KeyStore 14
116 f> 3 "Pf 7.1
sFS53 (x)
MAC 8
}]b
208< 45
#tD{F 29
Ev 10
\?8]MV4 11
sF}] 8
53*s 19
"a}] 4
CA }] 7
Directory }] 10
[T]e5a9
Tsf" 13
LDAP -i 13
PKIX CMP -i 12
[W]j{T#$
XZsFG< 9
XZ CA G< 7
xg2+T 27
D~53
TZ AIX ~qw 42
i$ 41
CD-ROM 43
D~53,hC AIX 42
om2+T 27
[X]532+T 27
53uE
<r<m 20
T AIX D(i 21
T NT D(i 21
53e5a9
~qwdC 35
<m 2
53<m 2
53hs
20r< 21
I!Dm~"~qw 19
I!D2~"~qw 19
/@wGG 22
m~,~qw 19
2~"~qw 20
4758-&mw 19
DB2 19
Directory 19
RA @f 22
Web ~qwm~ 19
533s,dC 44
{")p 14
-i
Z Tivoli PKI P'V 15
HTTP 30
HTTPS 30
LDAP 13
PKIX CMP 12
SSL 30
ENcNa9 8
EN#M
zk)p 14
}]S\ 14
{")p 14
KeyStore 14
rPE 7
117Tivoli PKI hCkKP
w}
[Y]i$wz{ 40
Q)"$iPm(ICL) 7
2~2+T#M 11
2~hs
20r< 21
I!D~qw 19
yh~qw 20
4758-&mw 19
C'8O
CJ 86
Ev 85
oT
z7np 36
'VD 36
$"a
/@wGG 4
<( xiv
<x,~qwdC 35
[Z]Z AIX P(eELVx 42
Z AIX PuEELVx 42
**
9CD<( xiv
$i
Iz 12
)9 17
ENcNa9 8
T)p CA 7
X.509v3 'V 16
$i7zPm(CRL) 7
$iE*D~
(F 6
hv 4
$i)9{
j< 16
(F 17
+2 16
Z Tivoli PKI P 17
(C 16
$i`M 4
'V,Tivoli M' xiv
wz{bv,AIX 44
wz{,8( TCP/IP 40
"a$_
(F 6
hv 4
"a}]b 4
"ar
(e 3
(F 6
hv 4
"a1 5
"aPD(RA)
_TvZ 5
GG 4
(F 6
Ev 3
M'zO$ 30
Z AIX O20 55
Z NT O20 74
$iE*D~ 4
RA @f 5
Web ~qw/I 9
(C)9 16
TYLr5
Z AIX O 60
Z NT O 75
T)p CA $i 7
i,hC AIX m 42
118 f> 3 "Pf 7.1
[}V]4758-&mw
20 34, 54
f" CA \? 34
Ev 10
S\ CA \? 33
hC 33
53*s 19
k CA /I 33
CA 'V 7, 10
CA KeyStore 14
AAIX
2+T"bBn 27
207_< 39
208< 54
20 4758-&mw 54
20 Directory ~qw 47
8] 44
8]5CLr 64
Yw536p 19
@p="bBn 28
CJXF 28
~qw=( 19
s20lim 63
mi 42
m~*s 19
hC 40
D~53 42
533s 44
53C' 44
i$D~/ 41
2~dC 21
wz{bv 44
TYLr5 60, 75
AIX (x)
CD-ROM D~53 43
cfguserC'{ 30, 62, 78
AIX/6000 Yw53 19
CCDSA 12
CD-ROM D~53 43
CD-ROM,z7 36
cfgPostInstallLr 62
cfguserC'{ 30, 62, 67, 78
createconfig_start.sqlD~ 60, 75
CRL 7
Customization Guide
CJ 86
Ev 86
Ddatavgmi 42
DB2
20 45
#tD{F 29
sF}]b 8
}]S\ 14
53*s 19
EF 10
Z AIX O20 45
Z NT O20 68
CA }]b 7
db2adminC' 68
Directory }]b 10
db2adminC' 68
Directory ~qw
CJXF 32
119Tivoli PKI hCkKP
w}
Directory ~qw (x)
Ev 10
#= 32
dC 32
m~*s 19
k Tivoli PKI ;p9C 73
Z AIX O20 47, 55
Z NT O20 72, 74
CA DN 32
Directory \m1 DN 33
root C' DN 33
Directory \m1
DN kZ 33
KeyStore 14
Directory #= 32
DNS 31, 32
DOS 73 78
FFirstSecure
f.M/I 34
k Policy Director/I 34
HHSM h8 11
HTTP -i 30
httpd.confD~ 62, 77
HTTPS-i 30
IIBM HTTP Server
Z AIX O20 50
IBM HTTP Server (x)
Z NT O20 69
ICL 7
installp Lr 55
InstallShieldLr,~qw20 74
IP p{
hv 30
Z NT OhC 71
IPSec$i 4
JJava
Z AIX O20 48
JDK
yh6p 19
Z NT O20 69
KKeyStore 14
KeyWorks,20 55
MMAC
TZsFG< 8
TZ CA G< 7
Z KeyStoreP 14
NNetfinity ~qw 20
120 f> 3 "Pf 7.1
PPKCS #12D~,V4 11
PKIX CMP $i 4
Policy Director 34
RRA @f
20 54, 73
oz 85
Ev 5
9C 84
mS"a1 5
D5 84
53*s 22
RA @f8O
CJ 85
Ev 84
RISC System/6000 20
root C' CA 8
root C' DN kZ 33
rootvg mi 42
RS/6000~qw 20
SSMIT Lr 42, 55
SSL -i 30
SSL $i 4
swing b 22
System Administration Guide
CJ 84
Ev 83
S/MIME $i 4
Tta-backup5CLr 64, 79
TCP/IPwz{,i$ 40
temp?< 66
Tivoli
2+\m Web E" xv
2+Tz7 Web >c xv
Customer Support xiv
Tivoli PKI
Web E" xv
Tivoli PKI dCC' 67
Tivoli PKI 53
S\j< 15
hv 1
O$PD~qw(server) 7
sFS53 8
}]b53 10
Xw 1
53<m 2
Z AIX O20 54
Z NT O20 73
w~qw 3
"aPD~qw(server) 3
4758S\'V 10
Directory ~qw 10
Web ~qw 9
UUnicode'V 36
URL
HTTP ~qwvfo 31
Tivoli PKI b3f xii
Tivoli PKI w3 xii
UTF-8 `k 36
121Tivoli PKI hCkKP
w}
VVPN $i 4
WWeb ~qw
2+wz 30
vfo 31
Ev 9
+Cwz 30
dC 30
m~*s 19
Z AIX O20 50
Z NT O20 69
DNS 31
HTTP -i 30
HTTPS-i 30
SSL -i 30
Web >c
2+\mE" xv
Tivoli 2+Tz7 xv
Tivoli Customer Support xiv
Tivoli Public Key Infrastructure xv
WebSphere Application Server
Z AIX O20 50
Z NT O20 69, 70
WebSphere Application server,}6 52
Windows NT
2+T"bBn 27
207_< 65
208< 73
20 Directory ~qw 72
8]5CLr 79
XhDhC 73
Yw536p 19
@p="bBn 28
CJXF 28
Windows NT (x)
~qw=( 19
s20lim 78
m~*s 19
hC 66
2~dC 21
cfguserC'{ 30, 67
IP p{ 71
XX.509v3 $i 16
122 f> 3 "Pf 7.1
LrE:
Pz!"
GB84-0414-00