tivoli pki ÉèÖÃÓëÔËÐÐ -...
TRANSCRIPT
![Page 1: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/1.jpg)
Tivoli® Public Key InfrastructurehCkKP
f> 3 "Pf 7.1
GB84-0414-00
2001j9B27U
![Page 2: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/2.jpg)
![Page 3: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/3.jpg)
Tivoli ® Public KeyInfrastructurehCkKP
f> 3 "Pf 7.1
![Page 4: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/4.jpg)
![Page 5: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/5.jpg)
Tivoli ® Public KeyInfrastructurehCkKP
f> 3 "Pf 7.1
![Page 6: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/6.jpg)
Tivoli Public Key Infrastructure hCkKP
f(yw
Copyright © 1999, 2001 by Tivoli Systems Inc., an IBM Company, including this documentation
and all software. All rights reserved.vI@U Tivoli Systemsm~mI$-i9C,r_w*
IBM M'-irmI$-iPX Tivoli z7D=<9C#4- Tivoli SystemsBHifmI,
{9TNNN=rNNVN(gSD"z5D"E'D"b'D"/'D"K$DHH)T>i
DNN?VxP4F"+%"*<"f"Zlw53Pr-kINNFczoT#Tivoli Systems
ZhzFwv)zT:9CD2=4rNNICFcz&mDD5DP^mI,0aG?vby
D4F7y&XP Tivoli +>Df(yw#4- Tivoli SystemsBHifmI,;Zhf(PD
d|({#>D5;G*zz<8D,"RGT0vK4,1Dy!a)D,;PNNN=D#
$#
rKT>D5;wNN#$yw,|(JzTMJCZ3X(C>D#$#
![Page 7: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/7.jpg)
Lj
TBz7{FG Tivoli Systems Inc.rzJL5zw+>Z@zM/rd|zRrXxDLj:
AIX"DB2"DB2 Universal Database"IBM" Netfinity"RS/6000"SecureWay"Tivoli M
WebSphere#
Tivoli PKI Lr(0Lr1)|(?V IBM WebSphere Application ServerM?V IBM HTTP
Web Server(0IBM ~qw1)#}G!CKLrDmI$sE\9C,qrz^(20r9C
IBM ~qw#IBM ~qwMLrXk$tZ,;zwP,z^(ZkLrVkDivB%@20
r9C IBM ~qw#
Lr|(?V DB2 (C}]b#}G!CKLrM IBM WebSphere Application ServerDmI
$sE\9C,"RLrM IBM WebSphere Application ServerGCZ|GyzIr9CD}]
Df"M\m,xGCZd|}]\m?D,qrz^(20M9Cb)i~#}g,KmI$
;|(Sd|&CLr=}]bDCZi/r(mzIDk>,S#z;P(ZLryZD,;
(zwO20M9Cb)i~#
Microsoft"Internet Explorer"Windows"Windows NTM WindowsUjG Microsoft Corporation
DLjr"aLj#
UNIX GZ@zMd|zRrXxI The Open Group@Rd"D"aLj#
JavaMyPyZ JavaDLjrUjG Sun Microsystems,Inc.DLj#
PentiumG Intel CorporationZ@zMd|zRrXxD"aLj#
iiiTivoli PKI hCkKP
![Page 8: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/8.jpg)
KLr|,4T RSA Date Security, Inc.D2+Tm~#Copyright © 1994 RSA
Data Security, Inc. All rights reserved.
KLr|,4T Hewlett-Packard Companyj<#eb(STL)m~#Copyright (c) 1994.
¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5DP*bQZkmI,+0a
GTOf(ywXkvVZyP1>P,"Rf(ywMKmIyw<XkvVZ'VD5
P#Hewlett-Packard Company;TNN?DTKm~DJOT"mNN4(#Km~GT0v
K4,1Dy!a)D,;=Pw>r,>D#$#
KLr|,4T Silicon Graphics Computer Systems, Inc.Dj<#eb(STL)m~#Copyright
(c) 1996–1999#
¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5DP*bQZkmI,+0a
GTOf(ywXkvVZyP1>P,"Rf(ywMKmIyw<XkvVZ'VD5
P#Silicon Graphics;TNN?DTKm~DJOT"mNN4(#Km~GT0vK4,1
Dy!a)D,;=Pw>r,>D#$#
d|+>"z7M~q{FI\Gd|+>DLjr~qjG#
iv f> 3 "Pf 7.1
![Page 9: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/9.jpg)
yw
>vfoPya=D Tivoli Systemsr IBM z7"Lrr~q";5>b)z7"Lrr~q
+ZyPP Tivoli Systemsr IBM 5qDzRrXxPa)#NNTb)z7"Lrr~qD
}C";5>v\9C Tivoli Systemsr IBM Dz7"Lrr~q#;*;V8 Tivoli
Systemsr IBM DP'*6z(rd|\(I#$D({,NN,H&\Dz7"Lrr~q,
<ITC4zfya=Dz7"Lrr~q#Zkd|z7aO9C1,}KG)I Tivoli
Systemsr IBM w78(Dz7.b,d@@Mi$yIC'TP:p#
Tivoli Systemsr IBM I\Q5Pr}Zksk>D5Z]PXDwn({#a)>D5"4Z
hC'9Cb)({DNNmI$#PXmI$i/DBK,C'ITk IBM Director of
Licensing, IBM Corporation, North Castle Drive, Armonk, New York 10504-1785, USAif*
5#
>un;JCZ*OuzrNNbyDunk>X(I;;BDzRrXx#
zJL5zw+>T0vK4,1Dy!a)>vfo,;=PNNN=D(^[Gw>D,9
G,>D)#$,|((+;^Z)TGV(T"JzTMJCZ3X(C>D,>#$#3)
zRrXxZ3);WP;Jmb}w>r,>D#$#rK>unI\;JCZz#
>E"PI\|,P<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b)|D+
|,ZBf>P#IBM ITf1T>E"PhvDz7M/rLrxPDxM/r|D,x;m
P(*#
>E"PTG IBM Web >cD}C<;G*K=cp{Ea)D,;TNN==P#TG)
Web >cD#$#C Web >cPDJO;G IBM z7JOD;?V,9CG) Web >cx
4DgU+IzTPP##
vTivoli PKI hCkKP
![Page 10: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/10.jpg)
vi f> 3 "Pf 7.1
![Page 11: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/11.jpg)
?<
0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
>8ODA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
`XE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
>8O|,DZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
K"PfPDBZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
>8OP9CD<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
*5M''V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Tivoli PKI Web E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Z1B Kb Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
24G Tivoli PKI? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
i~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Tivoli PKI ~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
"aPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
O$PD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
sFS53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Web ~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
}]b53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Directory ~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4758 Cryptographic Coprocessor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
\?8]MV4$_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Iz$i)"$_. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
e5a9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
+C\?y!a9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
PKIX CMP -i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
LDAP -i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Tsf" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
EN#M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
zk)p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
viiTivoli PKI hCkKP
||
||
||
||
||
||
||
||
||
||
![Page 12: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/12.jpg)
{")p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
}]S\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
KeyStore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
\'VDj< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
X.509 f> 3 $i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Z2B 53hs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
~qwm~*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
~qw2~*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
20r<*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
M'z*s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Z3B f. Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
20f.lim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
#$53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
9C@p=<u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
9C Tivoli PKI }]b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
dC Web ~qwD IP p{. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
9C Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Directory #= . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Directory CJXF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
9C 4758-&mw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
+ CA r RA \?f"Z2~P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
k Policy Director/I. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
'VD~qwdC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
zJ73"bBn. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Tivoli PKI iJm~| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Z4B Z AIX O20 Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
hC AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
i$D~/. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
viii f> 3 "Pf 7.1
||
![Page 13: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/13.jpg)
i$Pc;Dw3Ud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
T AIX &C^)6p. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
hC AIX miMD~53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4( CD-ROM D~53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
|D AIX 53C'}. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
7#wz{bv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4(533s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
20}]bm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
20 DB2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
20 IBM® Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
20 Directory m~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
20 Java. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
4( WebSphere Application Server}]b . . . . . . . . . . . . . . . . . . . . . . . . . . 49
20 Web ~qwm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
20 WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
}6 WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
{C IBM HTTP ServerT/t/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
t/ WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
20 4758-&mw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
20 Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
20 KeyWorks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
20~qwm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
`z208< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
|DTYLr5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
KPs20dCLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
s20lim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
KP8]5CLr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Z5B Z Windows NT O20 Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . 65
hC Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
ixTivoli PKI hCkKP
||
||
||
||
||
||
![Page 14: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/14.jpg)
20}]bm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
20 Web ~qwm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
20 JDK. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
20 IBM HTTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
20 WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
hC IP p{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
20 IBM Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
20 Directory m~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
k Tivoli PKI ;p9C Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7O53hC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
20 Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
20~qwm~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
|DTYLr5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
KPs20dCLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
s20lim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
KP8]5CLr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Z6B dC Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Z7B kE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
53\m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
RA \m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
"aM$w. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
(F. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Jcm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
x f> 3 "Pf 7.1
||
![Page 15: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/15.jpg)
0T
>i*za)K&C Tivoli Public Key Infrastructure(Tivoli PKI)53
yhDE"#|V[KTBwb:
¶ zDi/gN9C Tivoli PKI ZrXxO+MS\D"O$DMz\
DBq#9C Tivoli PKI "a$_,ITrcX*IE=)"}V$
i"XFGq*|Br7z$i#
¶ ozzf. Tivoli PKI D8<,}ggN+ Tivoli PKI i~k20
ZzD>cODd|z7/I#
¶ Z IBM® AIX ® =(OrZ Microsoft® Windows NT® B20>z
7D=h#
¶ d|D5D8>,Iozz9C Tivoli PKI C'gfM\m$_#
":>z7D"Pfv'V AIX =(#&1vSyPV[ Microsoft
WindowsDDO#
>8ODA_>ifrwVA_#
¶ g{zGP!?E-m,>i+8<zgN+ Tivoli PKI O"ki/
DgSLq(e-business)_T#
¶ g{zG2+?E-m,>i+8<zgN+ Tivoli PKI O"ki/
Dxg2+_T#
¶ g{zG53\m1,>iYhzQ_PZxg73P20MdC
z7D-i#&1_8TBEnD`X*6:
v 2~20MdC
v rXx(E-i,XpG TCP/IPM2+WSVc(SSL)
v Web ~qw\m
v +C\?y!a9(PKI)<u,|( Directory #=,X.509 f
> 3 j<Ma?6?<CJ-i(LDAP)
v X5}]b53,XpG IBM DB2 (C}]b®
xiTivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 16: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/16.jpg)
`XE"Tivoli Web >ca)K Tivoli PKI z7D5DIF2D5q=(PDF)
M HTML q=#;)vfoD HTML f>GMz7;p20D,"R
IIC'gfCJ#
"bTvfovfs,z7PI\"zd/#XZnBDz7E"T0
XZgNTz!qDoTMq=TvfoxPCJ,kND6"P5
w7#nBf>D6"P5w7IZ Tivoli Public Key Infrastructure Web
>cqC:
http://www.tivoli.com/support
Tivoli PKI b|,TBD5:
hCkKP
Kia)Kz7Ev#|a)Kz7Dhs,|(20}L,
"a)gNCJ?vz7i~ICD*zoz#Ki+Z!"
skz7;pV"#
System Administration GuideKi|,XZ\m Tivoli PKI 53D;cE"#||,t/MX
U~qw"|D\k"\m~qwi~"4PsFT0KP}
]j{TliH}L#
dC8O
Ki|,XZgN9C20r<4dC Tivoli PKI 53DE"#
Zi4r<D*zoz1,z\CJK8OD HTML f>#
"aPD@f8O
Ki|,XZgNZ$iP'ZZ9C RA @f4\m$i#Z
i4@fD*zoz1,z\CJK8OD HTML f>#
C'8O
Ki|,XZgNqCM\m$iDE"#|a)K9C Tivoli
PKI /@wGGm%4ks"|BM7z$iD}LDE"#,
12V[KgN$"af] PKIX $i#
Customization GuideKiT>KgN(F Tivoli PKI "a$_,T'V5q_TD"
xii f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 17: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/17.jpg)
ak$w?j#}g,zI'agN(F HTML M Java® Server
3f"(*E"$iE*D~M_TvZ#
>8O|,DZ]>8O|,TBE":
¶ Z13D:Kb Tivoli PKI;r%hvK Tivoli PKI D&\MT\0
di~"e5a9M\'VDj<#
¶ Z193D:53hs;hvKI&20MYw Tivoli PKI XhD2~
Mm~hs#
¶ Z233D:f. Tivoli PKI;xvKXZ Tivoli PKI &\D;cE
"MXZXkdCDi~Dj8E"#
¶ Z393D:Z AIX O20 Tivoli PKI;xvKZ AIX =(O20
Tivoli PKI D}LE"#
¶ Z653D:Z Windows NT O20 Tivoli PKI;xvKZKP
Windows NTDzwO20 Tivoli PKI D}LE"#
¶ Z813D:dC Tivoli PKI;EvKCZ4PdCNqDdC}LM
D5#
¶ Z833D:kE;V[KCZ\mM(F Tivoli PKI D;,=fDw
b"=hM$_#
¶ Z873D:Jcm;(eK>iPI\GBDr;#CDuoMu
4T0A_I\PK$Duo#
K"PfPDBZ]Tivoli PKI 3.7.1 ITBBXwM&\9I:
¶ Iz$i)"#KXw*O$DC'a)KwC Tivoli PKI ;NM\
ks`v}V$iD2+=(#
¶ $i\m-i(CMP),f> 2#}6= CMP f> 2 * Tivoli PKI
a)K CMP 4,}IP`T CMP f> 1 |?DI?TT0v?
D2+T6p,CMP f> 1 T0GZ Tivoli PKI P5VD#
xiiiTivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 18: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/18.jpg)
¶ Root C' CA \?*v#KXw9O$PD(CA)\S;vG[
TD CA \?Tj+Dd*B;v CA \?T(F.* CA \?|
B)#
¶ LDAP f> 3 f]T#KXwa)Kka?6?<CJ-i
(LDAP)f> 3 D#=f]T#XpX,|(}9C RFC 2256(
eD?<#=,a)K"<tTx LDAP D\&#@;'V4T
PKIX LDAP f> 2 D#=#
¶ RA \?D HSM f"#KXw9 RA \?\f"Z2~2+T#
i(HSM)i~P,* RA )p\?a)Kv?D2+T\&#
K"PfD5PD|DI3_UWPD^)8j6#
":Tivoli PKI 3.7.1 v'V AIX#K"Pf;'V Windows NT#
>8OP9CD<(>8OTXbuoMYw9C;,DVM<(#b)<(_PTB,
e:
<( ,e
VeV|n"X|V"j>Md|Xk9CDE",TVeVT
>#
1eVXka)Dd?MBuoT1eVT>#?wDJMLo2
,yT>*1eV#
HmVe zk>}"dvM53{"THmVeT>#
*5M''Vg{9CNN Tivoli z71v='Q,<ITxk
http://www.support.tivoli.com i4 Tivoli Supportw3#4SA"a
;M'"am%s,4ITZ Web OCJ\`M''V~q#
Z@z9CTBg0Ek*5M''V:Tivoli EkG
1–800–848–6548(1-800–TIVOLI8),IBM® EkG 1–800–237–5511(&
rKEks4 8 rXp 8)#b=vEk<a1S+zDg0*A Tivoli
M''Vg0PD#
xiv f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|||
|||
|||
|
|
|
|
|
|
|
|
![Page 19: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/19.jpg)
RG.VVZ}=XZz9C Tivoli z7MD5D-i#RG6-za
vDxb{#g{zPXZ>D5Db{r(i,k"MgSJ~A:
Tivoli PKI Web E"Tivoli M IBM Tivoli M'ITR=XZNN Tivoli 2+Tz7M Tivoli
PKI DZ_E"#
XZ Tivoli PKI DnBz7|BM~qE"DX*E",kCJK Web
> c :
http://www.tivoli.com/support/secure_download_bridge.html
XZ Tivoli Public Key Infrastructurez7DE",kCJK Web>c:
http://www.tivoli.com/products/index/secureway_public_key/
XZd| Tivoli 2+\mz7DE",kCJK Web ;C:
http://www.tivoli.com/products/solutions/security/
xvTivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 20: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/20.jpg)
xvi f> 3 "Pf 7.1
![Page 21: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/21.jpg)
Kb Tivoli PKI
>Ba)K Tivoli Public Key Infrastructure(Tivoli PKI)DEv#|V
[K Tivoli PKI DXwMT\0di~"e5a9M\'VDj<#
24G Tivoli PKI ?Tivoli Public Key Infrastructure*&CLra)O$C'D=("7#I
ED(E#TBG Tivoli PKI D;)Xw:
¶ |Jmi/@U|GD"aM$w_T4)"""<M\m}V$
i#
¶ T X.509 f> 3(PKIX)D+2\?y!a9M+2}]2+a9
(CDSA)S\j<D'V<GK)&LD%YwT#
¶ }V)pM2+-ia)KZ;WPO$yPEeD=(#
¶ yZ/@wD"a\&a)KnsDinT#
¶ S\(EM"aE"D2+f"PzZ7#z\T#
Tivoli PKI 53IZ IBM AIX/6000(AIX)M Microsoft Windows NT
~qw=(OKP#|,TBw*Xw:
¶ IEO$PD(CA)\m}V$iDP'Z#*Ki$$iDf5
T,CA T}V==)p?;])"D$i#CA 2)p$i7zP
m(CRL),T7O$i;YP'#*x;=#$ CA D)p\?,
I9CS\2~,}g IBM 4758 PCI Cryptographic Coprocessor#
¶ "aPD(RA)&mC'"aD\mNq#RA 7#v)"'V5q
n/D$i,Rb)$iv)"xQZ(DC'#\mNqI(}
1
1Tivoli PKI hCkKP
|
|
|
1.Kb
Tivoli
PK
I
![Page 22: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/22.jpg)
T/}LrK$v_==bv#k CA `F,RA 2I9CS\2~
(}g IBM 4758 PCI Cryptographic Coprocessor)4x;=#$d
)p\?#
¶ yZ WebDGGgf9q!$idCO*]W,b)$iICZ/
@w"~qw"ib(Cxg(VPN)h8"G\(M2+gSJ
~#
¶ w*yZ Web D\mgf,RA @f9QZ("a1\;K<r\
xGGks,"Z)"$is\m$i#
¶ sFS53\*?vsFG<FcdE"i$zk(MAC)#g{
sF}]Z4ksF}]bs;^Dr>},MAC Iozzlbk
V_#
¶ _TvZML5wLTs(BPO)9&CLr*"_\;(F"a
}L#
¶ *S\}fa)/I'V#*KO$(E,KD Tivoli PKI i~IC
$'zID(C\?xP)p#2+TTs,g\?M MAC,<;
S\,"f"ZF* KeyStoreD\#$xrZ#
¶ * IBM Directory a)/I'V#DirectoryT{O LDAP Dq=f
"XZP'MQ7{$iDE"#
¶ * IBM WebSphere™ Application ServerM IBM HTTP Servera)
/I'V#Web ~qwk RA ~qw-,$w,TS\E""K<
ksM*$ZDSU=*F$i#
¶ * IBM DB2 (C}]ba)/I'V#
i~
TB<mT>K Tivoli PKI 53,~qwLrV<ZdPD}(zwP#
ZzDi/P,yP}(~qwI\<2fZ;(zwO2f#
2 f> 3 "Pf 7.1
|
|
|
![Page 23: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/23.jpg)
Tivoli PKI ~qwTivoli PKI ~qwGPk~qw,+d|i~,aZ;p#|,$dC}
]b,"a)\m53D5CLr#
"aPD"aPD(RA)G\m"a}LD~qwi~#RA 7#$iv)"xK
<D5e#RA 27#$ivCZK<DC>#RA Dw*Nq|,TB
wn:
¶ 7Oks5eDm]
¶ i$Q+|,ksDtTMmI(D$iZhjkK
¶ K<r\xksT4("|Br7z$i
< 1. Tivoli PKI i~dC
3Tivoli PKI hCkKP
|
|
|
1.Kb
Tivoli
PK
I
![Page 24: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/24.jpg)
¶ i$T<CJ2+&CLrrJ4D5eVPk$i+C\?`X
*D(C\?#
k Tivoli PKI CA `F,RA I9CS\2~(}g IBM 4758 PCI
Cryptographic Coprocessor)4*d)p\?a)|`D2+T#
Z Tivoli PKI P,20Z RA ~qwOD"a$_a)'V6'\cD
"an/Dr\#dC531,("\;\m5q_T"$i_TMJ
4D"ar(kzi/DW!"aM$w_};B)#
GG
RA *`VGG-iM$i`Ma)K'V#GG&\|,:
¶ 9C DB2 }]b4G<S\D"aM$i}]#
¶ 'VV/rT/D"aK<}L#
¶ yZ JavaDGGm%/O,b)m%JmC'(}{GT:D Web
/@w4ksMq!$i#GG}LO$M'zM~qwm]"+
$i;6xK<5e,TyPksD}]xPK=KS\#GG}
L|,:
v (}2+WSVc(SSL);6$i,T9CS Web /@wr
Web ~qwCJD&CLr#
v (} PKIX $i\m-i(CMP);6$i,TCZ PKIX M'
z&CLrP,rf"ZG\(O#
v ;6'VxJ-i2+Tj<(IPSec)D$i,T9C2+ VPN
&CLrrtC IPSecDh8#
v ;6'V2+`C>rXxJ~)9(S/MIME)D$i,T9
C2+gSJ~&CLr#
v ;6(*E,(*jkKXZK<r\xksDE"#
¶ $iE*D~/O,b)E*D~c{KC'q!{Gh*D$i
`M#KE*D~(eK$iD$Z?DT0$iDP'Z#yZ
#ePDE",RA \;T}7q=;6_PX*$iZ]D$i#
XZ\ RA 'VD$i`MM$i)9DE",kNDZ153D:\
'VDj<;MZ163D:X.509 f> 3 $i;#
4 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 25: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/25.jpg)
¶ 'V$"a,K}L9;vC'(dMDG\m1)\*m;vC
'ksJ& PKIX D$i#
¶ 'V_TvZML5wLTs(BPO),9i/ZGG}LP\w
C|GT:DLr#RA |,;v4PT/K<&mDy>_Tv
Z#
kN< IBM l$i Working with Business Process Objects for Tivoli
SecureWay PKI,SG24-6043-00,q!*"M(FL5wLTs
(BPO)D8<,TzczTQ@XDLqhs#
XZ9C Web/@w4GG$iDj{E",kND6Tivoli PKI C'
8O7#Ki2hvK Tivoli PKI 1!20Pa)D$i`M#
\m
"aPD@f(RA @f)!&CLrJmQZ(D\m1(2F.*"
a1)4i$iD&CLr"K<r\xks"|B$iT0@CrY
17z$i#|'VngTBDNq:
¶ lw}ZszDGGks
¶ i/"a}]b,Tlw{OX(u~DG<"T|GxPYw
¶ 4iXZ$irksDj8E",}gZ;Na;ks.sI!D
yPYwDz7
¶ hC$iDP'Z
¶ TG<xP"M,T5wYwD-r
RA @fG2+!&CLr#*CJ|,C'XkWHI*QZ(D"a
1#Tivoli PKI a)c{K}LD$_#ImSNb}?D"a1,T'
V"a$w:I#
mS"a11,kj6"ar"8(C'X(#}g,ITJm;v"
a1vK<"\xks,+,1Jmm;v"a17z$i#
¶ XZ20"CJM9C RA @f!&CLrDE",kND6Tivoli
PKI RA @f8O7#
¶ XZZ("a1DE",kND Tivoli PKI System Administration
Guide#
5Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
1.Kb
Tivoli
PK
I
![Page 26: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/26.jpg)
(F
I9Ck Tivoli PKI ;pa)D"a$_,x;XT|xP(F#;x,
zI\k*|D;)GGm%r"a}LT43i/D}V$wDX(
?j#}g,zI\kZ/@wGGm%OT>+>Uj#2I\k|
D$iE*D~,T'VkzF.GGDC'V`"~qwV`rh8
V``XD)9#
20MdC Tivoli PKI s,I4Fm`(e"arDD~,"*5qC
>(F|G#k7#Z|DD~.0("8]1>#
I4Fr|BTB"a$_D~#dC}LP,Z*zD"ar("D
?<76P4(b)D~#
¶ 20Z etc S?<PDdCD~(D~`M .cfg)#}g,zI\k
w{ RA ~qwr RA @fDKP1hC#
¶ 20Z etcS?<PDy>(*E(D~`M .ltr)#Tivoli PKI a)
y>D>T(*C'N1K<r\xks,+zI\k4T:DD
>#
¶ 20Z Web 3fS?<PD HTML D~(D~`M .html)"<
(D~`M .gif)M Java Server Page(D~`M .jsp)#}g,zI
\k^DT>Z/@wGGm%PDD>M<N#2IT(FVP
D$iE*D~r(eBDD~T'Vi/D$i_T#
¶ _TvZ(policy_exit)20Z bin S?<B#Tivoli PKI a)Kv
Zw*gN&mT/K<&mD>}#IT4d|vZT+"a&
mkd|&CLr/Ir_C4&mT:D"aYw#
XZITT"aM$w}LxPD|DDE"T0XZgN|DD8>
E",kND Tivoli PKI Customization Guide#
XZ(FwbD=SE",kN< IBM l$i Working with Business
Process Objects for Tivoli SecureWay PKI,SG24-6043-00,q!*"M
(FL5wLTs(BPO)D8<,TzczTQ@XDLqhs#
6 f> 3 "Pf 7.1
|
|
|
![Page 27: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/27.jpg)
O$PDO$PD(CA)G\m$w}LD~qwi~#CA GSBgSLqC'
DIEDZ}=#CA (}d)"D$i4i$C'm]#}K$wC'
m].b,$i2|,;+C\?,9C'\i$"S\(E#
w=DI?T!vZDh)"$iD CA DEN#*K7#$iDj{
T,CA T}V==)p$i#"T|D$ia<B){^',"9d;
IC#
Tivoli PKI CA (}4PTBwn,a)K2+;W73:
¶ 7#$iD(;T#CA *?vBD$iM?v|BD$izIrP
E#CrPEG(;j6,|;w*(P{F(DN)D;?Vf"
Z$iP#
¶ zY|)"D$i#CA ,$Q)"$iPm(ICL)#ICL +?v$
iD2+1>TrPE("w},f"Z DB2® }]bP#
¶ zY7zD$i#CA 4("|B$i7zPm(CRL)#;"z7
z,CA M RA M;;{",bM9 RA ZB;N(ZT|B}L
P\|B Directory#CA T}V==)pyP CRL,Ti$dj{
T#
¶ #$}];;[D#CA *4k=}]bPD?vG<zI{"O$
zk(MAC)#MAC (}9z\lbdPD}]N1Py^Dr>
},Sxoz7#}]bDj{T#
¶ #$ CA ){#CA Ik IBM 4758 PCI Cryptographic Coprocessor
/I#47589Cf"Z2~PDS\\?4S\"#$ CA D)p
\?#
¶ 'V CA \?TM$iD|B(*v),T@9}Z#
¶ 'VsFM}]V4#CA *m`IsFDB~zIsFG<#sF
~qw+b)G<f"Z DB2 }]bP#
¶ g{zDi/_P%v CA 4\zcDk"&CLr,r Tivoli PKI
'VT)p CA $i#K=8P,CA Td\mrPDyP$wn/
:PpN#
7Tivoli PKI hCkKP
|
1.Kb
Tivoli
PK
I
![Page 28: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/28.jpg)
¶ g{zDi/_P;frVcD(^53,rIdC CA kd| CA
;p$w#
v Tivoli PKI CA Ikm;v CA ;fO$,",bS\K CA )
pD$iw*I?TD$w#;f$wJm CA \mrPD5e
km; CA \mrPD5e2+(E#
v Tivoli PKI CA Iw* root C' CA,T)pd| CA $i#|
2'V4Td|#{)pd CA $iD CA Dks#bM9 CA
\NkENcNa9;CA ,bS\IcNa9PZ|.ODNN
CA )pD$iw*I?TD$w#
byDEN#MGPCD,}g,TZ+XmxrMi/%;Vt
IX;;,D\mr#|29z\+;,D$i_T&C=i/D
;,?E#
¶ g{zDi/h*$iCZP4(} Tivoli PKI $iE*D~'VD
?D,r CA IzI"i$_PM'(eD)9D$i#
XZ(eBD$iE*D~M$i)9DE",kND Tivoli PKI
Customization Guide#
XZ Tivoli PKI CA D|`j8E",kND Tivoli PKI System
Administration Guide#Ci|,w{ CA ~qwKP1!nD8OT0
(";%O$MVc CA EN#MD}L#
sFS53Z Tivoli PKI P,sFS53*G<2+T`XYwa)'V#sF~
qw&mTBksF`Xn/:
¶ SU4TsFM'z(}g"aPDMO$PD)DsFB~#
¶ +B~4ksFU>,dMX,sFU>f"Z DB2 }]bP(I
!q+U>w*}]D~f")#?vsFB~ZU>PP;vG
<#
¶ JmsFM'zAN3)sFB~#!\\GG<;)B~,+2
I9CAN(Th9(fd|B~#bJmzXFsFU>Ds
!,"7#G<DB~GZzD73PP0lDB~#
8 f> 3 "Pf 7.1
![Page 29: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/29.jpg)
¶ *?vsFG<Fcd{"O$zk(MAC)#MAC PzZ7#}]
bZ]Dj{T#}g,I7(TG<xPU>G<.s,CG<
GqQ;^D"[Dr>}#
¶ a)TsF}]bMi5DsFG<4Pj{TliD$_#
¶ a)i5M)psF}]b104,D$_#vZ2+T?D,&
i5sF}]b"T\Z*y!+}]bk_f"#i5}]b2
Ix4T\EF"Z!ELUd#
sF~qwXk20ZkO$PD`,DzwO#20"dC53.
s,XZ9CsF$_M\msF~qwDE",kND Tivoli PKI
System Administration Guide:
Web ~qwTivoli PKI 9C IBM WebSphere Application Server4*xg;Wa)
IEDy!#WebSphereGb6=2+TDz7/O,|,'V_6gS
Lq&CLr?pD IBM HTTP Server#
Z Tivoli PKI 53P,XkZk"aPD`,DzwO20 Web ~q
wm~#|a)K\#$DLrMT<CJ|GDC'.dD2+_
g#9C,D>+d-i(HTTPM HTTPS)M2+WSVc(SSL)<
u,Web ~qwIS\M'zM~qw.dD(E#|2IO$,S,
T@94Z(DCJr}][D#
Web ~qw9C;,KZ4&m;,`MDks:
¶ CZ;h*S\rO$DksD+CKZ
¶ CZh*S\M~qwO$DksD2+KZ
¶ CZh*S\"~qwO$MM'zO$DksD2+KZ
Z Tivoli PKI 53P,Web~qw&m|S Web/@wSU=DyP
ks#dP|,|,B$iks"|Br7zVP$iDksT0KP
2+!&CLrDks#g{h*,|ZJmE""zNN;;.04
PO$#
9Tivoli PKI hCkKP
1.Kb
Tivoli
PK
I
![Page 30: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/30.jpg)
}]b53IBM DB2 (C}]b(DB2)G Tivoli PKI f"b#~qwi~,$
dC}]""a}]"$i}]"sF}]M Directory}]wTD}]
b#DB2 a)Kc:D2+T&\Ms?Df"]?#}g,DB2 9
Tivoli PKI \TS\q=f""a}],"Tf"DsFG<4Pj{T
li#
Tivoli PKI h*D DB2 f>|,Z Tivoli PKI iJm~|P#20
Tivoli PKI ~qwzk.0,Xk7#C}]bm~ZF.20~qwi
~D?(zwO<IC#20MdC}LP,Tivoli PKI *z4(yhD
}]b#
Directory ~qwIBM Directory ZPD;C,$PX$iDE"#(}k IBM DB2 D/
I,DirectoryI'V}YrD?<u?#|2JmM'z&CLr(}g
Tivoli PKI)4P}]bf""|BMlwBq#
Z Tivoli PKI P,RA ~qw"< Directory PDTBE":
¶ CZS\MO$D+C\?$i
¶ k(P{FX*DtT(yP_DG+MX()
¶ |,yPQ7z$iDrPED$i7zPm
¶ XZ)p$iD CA DE",|,k$iX*D5qM$i_T
4758 Cryptographic CoprocessorCA )"$i1,CA D){O$QZ(CC'CJd"aD~q#*@
94Z(DC'q!$iMCJtPJ4,Xk#$ CA D)p\?#
XZI RA zID\?T,&C`FD2+T"bBn#
m~bv=8(}S\,I*)p\?a)_H2+T#;x,r*\
?Xk)6,TzI){,yTK>69\?)6x;4-Z(DC'
6q#
IBM 4758 PCI Cryptographic CoprocessorGICZ Tivoli PKI 53P
T#$ CA M RA \?D(C2~#4758-&mwZ2~O=SD"
Ilb[D"_P_2+TD&mwP4Pc:DyZ RSA M DESD
10 f> 3 "Pf 7.1
|
|
|
|
|
|
![Page 31: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/31.jpg)
S\&\#-&mwa)S\D}]#$"\?\mM(F&CLr'
V#-&mw2'V MD5 M SHA-1 "Pc(#b)&\9 4758-&
mw\J&Z$5j<Mh*2~2+T#i(HSM)T\D&CL
r#
Z%vzw Tivoli PKI 20P,CA M RA I5PwTD 4758-&m
w(,r_I2m,;v 4758-&mw(#kZKP20r<18(g
NdC(#
":vZ AIX f>D Tivoli PKI Pa) 4758-&mwD'V#
XZ 4758-&mwD=SE",kN< Tivoli PKI System Administration
GuideMz7D5#
(i
!\ 4758-&mw;GXhD,IBM T(izZF.20O$P
DD,;~qwO20|#g{@5Zm~4#$ CA \?,rT
st4XB20 Tivoli PKI m~,;\202~'V#
\?8]MV4$_Tivoli PKI a)K\?8]MV4ks$_,|JmTUK5e$i0`
&DI Tivoli PKI O$D(C\?xP8]MV4#
K$_JmT*'D"E|Dr_mb;Iq!D$i?DV4#<G
TB=8:;vM1}P+BX8]$iM(C\?,;s;;k*+
>,xs4^(5XCJ$iyhDyP(C\?#(}"vV4k
s,IlwKE"#
8]}L*sC'4( PKCS #12D~#KD~|,C'D$iM(C
\?#C'9C PKCS #12D~w*dkS'VD/@w"v8]ks#
\?V4}]b krbdb C=|B"|,KCJE"#\?V4T`FD
=($w:k"vV4ks,*Q8]D PKCS #12D~8(\k#;
) RA \m1K<Kks,MIBXKD~#
11Tivoli PKI hCkKP
|
|
|
|
1.Kb
Tivoli
PK
I
![Page 32: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/32.jpg)
Iz$i)"$_Tivoli PKI a)Iz$i)"$_,9M'\9C;v%;D"T/D}
L,GG"4("ra?6?<CJ-i(LDAP)+<m`UK5e
$i#K$_h*|,$i}](|,+C\?)Dq=}7DdkD
~#K}L+dkAkGG}]b,;s"Mksx CA,TzI$i,
ns+C'}]M$ir Directory+<#y]M'D5q#M,Iz$
i)"$_Iw*%v}LKP,rVIwTD`v}L#Tivoli PKI
System Administration GuidePj8hvKK$_#
e5a9TBBZV[K Tivoli PKI e5r\0d'VD-i#
+C\?y!a9+C\?y!a9(PKI)*&CLra)K4PTB`MD2+T`
Xn/Dr\:
¶ O$SBgS;WDyP=#
¶ Z(CJtP53MJ4b#
¶ (}{"D}V){i$?v{"Dw_#
¶ S\yP(EDZ]#
PKIX j<S PKI "9x4,T'VgSLq&CLrD%YwT#|
Dw*EFGI9i/\\m2+gS;W,x;X<GYw=(r&
CLrm~#
Tivoli PKI PD PKIX 5V("Z4T Intel D+2}]2+Te5a
9(CDSA)Dy!O#CDSA 'V`vEN#M"$iq="S\c(
M$ib#|Dw*EFGI9i/\`4'Vd5q_TDJ& PKI
D&CLr#
PKIX CMP -iTivoli PKI 9C PKIX $i\m-i(CMP)CZ RA M CA ~qw
.dD(ET0CZ RA ~qwMM'z.dD(E#1 CMP 9C
TCP/IPw*|Dw*+MzF1,ZWSVOP;visc#|5VT
=SV/+MD'V#
12 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 33: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/33.jpg)
CMP (e'V{v$iP'ZD{"q=#|28(KXkgN&m{
"#$,x;@5Z+MzF#
1`v)&L CA 4Png)""^)M7z}V$i.`D&\1,
ZK Tivoli PKI P\'VD CMP f> 2 PzZYx`v)&L CA
D%YwT#K'V2a)Kv?D2+TMvSD{"s!#
LDAP -i*Kr&CLra)CJd/P=~qw~qD(^,IBM Directory '
Va?6?<CJ-i(LDAP)#LDAP GI X.500 j<IzD-i#
LDAP 9C TCP/IP,"(}9C(P{FM\k4XFT?<DCJ#
r*'V SSL ,S,yT LDAP IS\{""4PM'zM~qwD
`%O$#
Z Tivoli PKI P,RA ~qw9C LDAP 4k Directory~qw(E#
RA y]QwHD\Z,"<$i"$i7zPmMXZ DirectoryPQ
"a5eM$w_TDd|E"#
Z Tivoli PKI DK"PfP,a)Kk LDAP f> 3 Ts`M#=D
f]T#9C PKIX LDAP f> 2 #=DVP Tivoli PKI &CLrI
Lx9CVPD#=MTs`#
Tsf"?v Tivoli PKI i~<P;vTsf"#Tsf"GCZVCTsDy
ZELDb#|f"x9PDBqMPXG)BqD4,E"#TsI
TGn/XFTs(}g$i"ksM CRL)rzm#zmG#fPX
TsD4,}]Dxr#
r*Tsf"PDTsGT ASN.1`kq=f"D,yTlwMf"I
\Gz[`TO_DYw#Tsf"_Y:fTTsD^D,R;|B
ELf",1="zTs4,|D,r_1=C'gfDdKTs#
*K9 ASN.1Vv`XD*zn!/,Tivoli PKI Z4PTsf"DT
sD4k_Y:f.O9CTs_Y:fc#a{G,vZXBt/~
qw.s,Z;N}C=Ts1,Eh**xPVv#
13Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
1.Kb
Tivoli
PK
I
![Page 34: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/34.jpg)
Ts_Y:fca)K=SD";yZELD?;Tsf"xr#
Tivoli PKI 9CKxrC4f"2,"2+T`XE",}g#$$"a
G<D\k#Ts_Y:f2Ix(G<Ts,T#$;;`v_L,
1CJ#
EN#MTivoli PKI 53PD2+T(}9Czk)p"{")p"}]S\M\
?k\kD2+f"45V#
zk)pKD Tivoli PKI zkGZFl(S$)1)pD#9CFl'zID(
C\?)pzk1,zkcI*2,DM\#$DTs#4-lb,;
\|Drf;|#d|zkTsI9C`&D+C\?MZ?i$b,
TZ"zNN}];;.0O$(E#
{")p*Ka)|CDO$~q,dC}L* RA"CA MsF~qwzI)p
\?,7#)pKyPi~.dD(E#}g,IZ?vi~){Dy
!OO$yPZ RA M CA .d;;D{"#
}]S\f"Z KeyStorePDyPE"<-}S\#DB2 2S\ Tivoli PKI }
]bPf"Dm`E"#
KeyStoreTivoli PKI *f"(C\?"$i"{"O$zk(MAC)T0d|2
+T`XTsD KeyStoreM2+xra)K'V#@XD KeyStoreG
* CA MsFi~T0;)~qwzXfZED KeyStorePzZ4P~
qwBq#?v KeyStore PDE"<-}S\,"vI(}*C
KeyStore("D\k4CJ#
KEN#M(}#$f"Z KeyStorePDTs,PzZ7#53Dj{
T#|,12(};JmIED53i~ * 9CFl'zID\?4)
pD * CJ KeyStoreMdPS\D}],PzZ7#G)TsDz\
T#
14 f> 3 "Pf 7.1
![Page 35: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/35.jpg)
dC}LP,khC=v\k:cfguser\kMXFLr\k#b)\k
IT`,,2I;,#dCs,Xk*?v KeyStorehC(;D\k#
XZ9C|D\k5CLr4xPb)|DDE",kND Tivoli PKI
System Administration Guide#
\'VDj<Tivoli Public Key Infrastructure'VTB+C\?\kuj<#
i~ j<
"aPD ¶ xPM'zO$D2+WSVc(SSL)f> 2 Mf> 3
¶ PKCS #10/@wMxP Base64`kD PKCS #7l&D~qw$iq
=
¶ xP PKIX CMP l&D PKIX CMP $iq=
¶ IPSec$iq=
¶ S/MIME $iq=
¶ TBwnD/@w$i:
v Microsoft Internet Explorerf> 4.x M 5.x
v Netscape NavigatorM Netscape Communicatorf> 6.x
¶ TBwnD~qw$i:
v Netscape Enterprise Server
v Microsoft Internet Information Server
¶ Netscape NavigatorM Netscape Communicatorf> 6.x DG\($i
(PKCS #11SZ)
¶ k Directory (ED LDAP j<
¶ (} TCP/IPxPkO$PD(ED PKIX CMP
O$PD ¶ X.509v3 $i
¶ $i7zPm(CRLv2)
¶ TZS\M\?;;\?,\?$HA`* 1024;
¶ TZ CA )p\?,\?$HA`* 2048;
¶ RSA DS\M)pc(
¶ MD5 M SHA-1 "Pc(
¶ (} TCP/IPxPk"aPD(ED PKIX CMP
IBM Directory LDAP f> 3.2,xP RFC 1779o(
15Tivoli PKI hCkKP
|||
||
1.Kb
Tivoli
PK
I
![Page 36: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/36.jpg)
i~ j<
IBM 4758 PCI
Cryptographic
Coprocessor2~
¶ V9om%wD FIPS 1406p 4 *s
¶ TP5OID\kuj<D'V:
v S\/b\D DES
v )p/){i$D RSA
v PKCS #1i`M 00
v PKCS #1i`M 01
v PKCS #1i`M 02
v MD5 M SHA-1 "Pc(
v X9.9 M X9.23 ANSI
v ISO 9796
IBM CCA
Cryptographic
Coprocessor'V
Lr
* 4758-&mwa)~q,|, RSA \?T(#}$H* 2048;$)
D2+zIT0:
¶ SET™(2+gS;W)
¶ S\Mb\D DES
¶ )pM){i$D RSA
¶ MD5 M SHA-1 "Pc(
X.509 f> 3 $iTivoli PKI $i'V X.509f> 3(X.509v3)j<P(eDs`}VN
M)9#C'V9$i\CZs`}S\?D,}g SSL"IPSec"VPN
M S/MIME#
Tivoli PKI $iI|,TB`MD)9:
j<)9
j< X.509v3$i)9,}g\?9C"(C\?9CZ"wb
I!{F"y><xM{F<x#
+2)9
T Tivoli PKI (;D)9,}gwzm]3d#K)9kwz5
3O_P`&m]D$iwb`X*#
(C)9
&CLrC4j6Z_i$~q('V)" CA)D)9#
16 f> 3 "Pf 7.1
![Page 37: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/37.jpg)
*K'Vzi/D"a_T,Tivoli PKI 2*za)K(FM(e$i)
9D=(#}g,I|D1!$iE*D~P8(D)9,r4(5X
_;,)9D$iDE*D~#
XZ4(r(F$i)9M$iE*D~Dj{E",kND Tivoli PKI
Customization Guide#
17Tivoli PKI hCkKP
1.Kb
Tivoli
PK
I
![Page 38: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/38.jpg)
18 f> 3 "Pf 7.1
![Page 39: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/39.jpg)
53hs
zDYw73XkzcTBBZV[Dm~M2~*s#XZ53*s
DnBE",kND6Tivoli Public Key Infrastructure(PKI)"P5
w7#C6"P5w7I\|,z7"P.sDE"#
*q!nBD6"P5w7,kCJ Tivoli Public Key Infrastructure Web
>c#
~qwm~*s*Z&mw.dVd$w:I,"R*'VzDi/VPD53dC,
IZ`(zwO20 Tivoli PKI ~qwLr#XZZzD73PhC
Tivoli PKI I\D;,=(DV[,kNDZ353D:'VD~qwd
C;#
Bm\aK Tivoli PKI Yw53Mm~*s#
z7 "M
TBYw53.;:
¶ IBM AIX/6000®(AIX),f>
4.3.3,$6p 6
¶ Microsoft Windows NT,f> 4.0
(xP Service Pack 5)
¶ h*#
¶ XkZ,;=(O20yP Tivoli
PKI ~qwLr#;\Z%;D
Tivoli PKI 20PlO AIX M
Windows NTzw#
2
19Tivoli PKI hCkKP
||
2.53hs
![Page 40: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/40.jpg)
z7 "M
IBM DB2 (C}]b,f> 6.1 ^)
| 4¶ h*;Z Tivoli PKI iJm~|P
a)#
¶ ?v Tivoli PKI ~qwi~<fZ
(;D}]b#20 Tivoli PKI .
0,XkZF.Cw Tivoli PKI ~
qwD?(zwO20 DB2#
IBM WebSphere Application Server,
j<f,f> 3.5 LrY1T^)
(PTF)4#|, IBM HTTP Server,
f> 1.3.12.3M Sun Java
Development Kit(JDK),f> 1.2.2
LrY1T^)(PTF)8
¶ h*;Z Tivoli PKI iJm~|P
a)#
¶ 20 Tivoli PKI .0,XkZF.
20"aPDD,;zwO20
Web ~qwm~#
IBM Directory,f> 3.1.1.5 ¶ h*;Z Tivoli PKI iJm~|P
a)#
¶ 20 Tivoli PKI .0,Xk20
Directory m~#IZ_P Tivoli
PKI D,;zwO20|,rZ6
LzwO20#
¶ IBM 4758 PCI Cryptographic
Coprocessor
¶ IBM 4758 CCA 'VLr,f>
2.2.1.0
¶ I!;vT AIX 53IC;Xk(
}}fD IBM ):~@4):K
z7#
¶ 20 Tivoli PKI .0,XkZF.
20O$PDr"aPDD~qw
O20 47582~M'VLr#
¶ 4758 S\(Z RS/6000® Oh*
PCI \_#
~qw2~*s* Tivoli PKI !qDzwdC!vZ$ZD5qn/T0Gq*Z AIX
r Windows NTO9C Tivoli PKI.
¶ g{F.Z AIX 53OKP Tivoli PKI,XkZ IBM RISC
System/6000®(RS/6000®
)zwO20|#
20 f> 3 "Pf 7.1
||||||
|||||
|||
![Page 41: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/41.jpg)
¶ g{F.Z Windows NT53OKP Tivoli PKI,IBM (iZ IBM
Netfinity®
ServerO20|#
@@]?MLB?*s1,9CTB(ew*8<:
!f#zzrbT73
?l)"}Y$iD>c#bI\GhC*(}Z?x+$i
)"xM1D53,rhC*CZbTM&CLr*"?DD
53#
PHf#zz73
?l)"}'$iD>c#bI\GI!MrPMs5hC*
ZrXxO)"$iD53#
sf#zz73
?l)"}'$iD>c#bI\GIsMs5hC*ZrX
xO)"$iD53#,1|2ITGa)Z}= CA ~qxd
|i/D53#
Bm\aKT!f#zz73B(iDzw*s#&y]z$ZD&m
h*4w{5JzwdC#
=( zw`M &mw ELUd Zf
AIX RS/6000 1( 2 3 3
MHz)
4 GB 256 MB
NT PC 1(Intel
<Z® 3 0 0
MHz)
2 GB 256 MB
20r<*sIBM (iTB$w>dC,TKP Tivoli PKI dC!&CLr(20r
<)#
¶ TBomzwhC;
v Intel <Z&mw,RAM AY* 64MB
v 'V 1024x768r|_VfJ,65536+DFczT>w#
¶ TBYw53.;:
21Tivoli PKI hCkKP
|
|
2.53hs
![Page 42: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/42.jpg)
v Microsoft Windows® 95
v Microsoft Windows 98
v Microsoft Windows NT
¶ 'VyZ JDK 1.1 !&CLrD Web /@w,}gTBwn:
v Netscape Navigatorr Netscape Communicator,vf> 4.7x#
":Netscape Navigatorr Netscape Communicator,f> 6 ;\
dC!&CLrr RA @f'V#Netscape Navigatorr
Netscape Communicator,f> 6 v\ngGG"|B"7z
M8]kV4.`D$iYw'V#
v Microsoft Internet Explorer,f> 5.0 r|_f>
Xk20 Netscaper Microsoft V"D/@w}=f>#SZ}=
)&Lq!Df>I\^(}7T>E",XpGT}"oTbD
oTKP!&CLr1#
XZKP20r<MdC Tivoli PKI 53Dj{E",kND6Tivoli
PKI dC8O7#
M'z*s*7($w>Gqzc9C/@w4ksM\m$iDyh*s,kN
D6Tivoli PKI C'8O7#
*7($w>GqzcKP Tivoli PKI RA @fDyh*s,kND
6Tivoli PKI RA @f8O7#
22 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 43: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/43.jpg)
f. Tivoli PKI
>BV[ Tivoli Public Key Infrastructure(PKI)gNkdX8z7;%
Yw#"T20NNm~.0rdC53.0,k4i:20f.li
m;PDlim#Z7#QzclimPwns,k4i>BPD#`
wb#>B2|,K*9C Tivoli PKI <8Yw73D8<#>B|,
TBwb:
¶ gNomX#$53"#$|9.\b4Z(DgSVk
¶ gN* Web ~qwdC IP p{,T'VzDi/D@p=*s
¶ Tivoli PKI gN4(M9C}]b
¶ Tivoli PKI gNk Directory ;%Yw
¶ Tivoli PKI gNk 4758-&mw;%Yw
¶ Tivoli PKI gNk Policy Director;%Yw
¶ TZ`(zw73PKP Tivoli PKI FvD~qwdC
¶ Zzi/DoT73PKP Tivoli PKI D>XoT"bBn
¶ Tivoli PKI z7V"m~|Pa)D CD DEv
20f.limTBlimj6KYx Tivoli PKI 20I&yhDwn#4iKlim
PDwn,;)zzcd*s,r!P(U)|G#
3
23Tivoli PKI hCkKP
|
|
|
3.f.
Tivoli
PK
I
![Page 44: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/44.jpg)
n? hv "M GqjI?U
z7`5 Tivoli PKI kk IBM r Tivoli zm
*5,Tq!j8E"#
IBM 4758 PCI
Cryptographic Coprocessor
kk IBM r Tivoli zm
*5,Tq!j8E"#
~qwm~*s TBYw53.;:
¶ I B M
AIX/6000(AIX),
f> 4.3.3,$6p 6
¶ Microsoft Windows
NT,f> 4.0(xP
Service Pack 5)
IBM DB2 (C}]bf
> 6.1 ^)| 4
h*;Z Tivoli PKI i
Jm~|Pa)#
IBM WebSphere
Application Server,j<
ff> 3.5 LrY1T^
) 4#|, IBM HTTP
Serverf> 1.3.12.3M
Sun Java Development
Kit(JDK)f> 1.2.2L
rY1T^) 8#
h*;Z Tivoli PKI i
Jm~|Pa)#
IBM Directory f>
3.1.1.5
h*;Z Tivoli PKI i
Jm~|Pa)#
IBM Global Security Kit
SSL Runtime
Toolkit(GSKit)f>
4.0.3.116
h*;Z Tivoli PKI i
Jm~|Pa)#
IBM KeyWorks f>
1.1.3.1
h*;Z Tivoli PKI i
Jm~|Pa)#
¶ I B M 4 7 5 8 P C I
Cryptographic
Coprocessor
¶ IBM 4758 CCA 'V
Lr,f> 2.2.1.0#
I!;vT AIX 53I
C;Xk(}}fD IBM
):~@4):Kz7#
24 f> 3 "Pf 7.1
|||||
|||||
|||||
||||||||
||
|||||
||||||||
|||
|||||
||||
|||
|||||
|||||
|||
|
![Page 45: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/45.jpg)
n? hv "M GqjI?U
~qw2~*s TB=(.;:
¶ A I X : I B M R I S C
System/6000
¶ Windows NT:IBM
Netfinity® Server
¶ 4GB ELUd
¶ 256MB Zf
¶ ;v 233MHz &mw
(AIX),r
¶ ;v 300MHz Intel<
Z&mw(Windows
NT)
20r<*s ¶ Intel <Z&mw,
RAM AY* 64MB
¶ 'V 1024x768r|_
VfJ,65536+DF
czT>w#
TBYw53.;:
¶ Microsoft Windows 95
¶ Microsoft Windows 98
¶ Microsoft Windows NT
'VyZ JDK 1.1 !&
CLrD Web /@w,
}gTBwn:
¶ Netscape Navigatorr
N e t s c a p e
Communicator,TZ
Windows =(,vf
> 4.7x
¶ Microsof t Internet
Explorer,f> 5.0 r
|_f>#
Xk20 Netscaper
Microsoft V"D/@w
}=f>#SZ}=)&
Lq!Df>I\^(}
7T>E",XpGT}
"oTbDoTKP!&
CLr1#
25Tivoli PKI hCkKP
||||
||
||
||
||
|||||||
||
||||||
||
||||
||
|||||||||||
|||||||
|
3.f.
Tivoli
PK
I
![Page 46: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/46.jpg)
n? hv "M GqjI?U
RA @f*s ¶ Intel <Z&mw,
RAM AY* 64MB
¶ 'V 1024x768r|_
VfJ,65536+DF
czT>w#
TBYw53.;:
¶ Microsoft Windows 95
¶ Microsoft Windows 98
¶ Microsoft Windows NT
TB Web /@w.;:
¶ Netscape Navigatorr
Communicator,v"
Pf 4.7x
¶ Microsof t Internet
Explorer,"Pf 5.0
r|_f>
Xk20 Netscaper
Microsoft V"D/@w
}=f>#
TZ Internet Explorer,
Xk_P Javaibz
(JVM),"Pf 5.00,
9(f> 3167r|_f
>#
26 f> 3 "Pf 7.1
||||
||||||
||
||||
||
|||||||
|||
|||||
|
![Page 47: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/47.jpg)
n? hv "M GqjI?U
M'z*s¶ Intel <Z&mw,
RAM AY* 64MB
mb,
¶ 'V 1024x768r|_
VfJ,65536+DF
czT>w#
TBYw53.;:
¶ Microsoft Windows 95
¶ Microsoft Windows 98
¶ Microsoft Windows NT
ngTBD Web /@
w:
¶ Netscape Navigatorr
N e t s c a p e
Communicator,TZ
Windows =(,vf
> 4.7 r|_f>
¶ Microsof t Internet
Explorer,f> 5.0 r
|_f>
Xk20 Netscaper
Microsoft V"D/@w}
=f>#
#$53Tivoli PKI 9CS\"}V){M}V$i4#$BqM#$J4,9.
\b4Z(DVk#;x,Tivoli PKI ~qw>mD2+T!vZdBc
Yw73D2+T#
KZa)K*<20 Tivoli PKI m~.0#$53om73T94Z(
DC'Dx8n!/D(i#
TBG*<GD;)2+Tn?:
tkxr
Z(CZO$PD(CA)n/Dtk?dZ20~qw#g{
I\,K?d&_PSLD=Z,;H5DD>JrVJET
27Tivoli PKI hCkKP
||||
|||
|
|||
||
||||
||
||||||||||
|||
|
|
|
3.f.
Tivoli
PK
I
![Page 48: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/48.jpg)
0;xIp6eD9lHLDl(e#K?d2&_Pn/X
e,T\b'pivB"zEg#
,$xr
K?d&*Fcz"Uwh8"K/=bwT0!/MFd5
3a);dOg4(UPS)#`S?dDBHXF,T7#Pc
;DdUxw4V{h8zIDH?#
\XCJ
I(}m`=(4^FTomxrDCJ,}g,(}9CE
{(r|XEx#*K@9vKDqb[D,&20XFw,
*sAYI=vIEDM1v>}7D>$#
,12&`S?d,Z?NPKCJ2+xr1T0TCJ_
#VzY#*o=nsD2+T,kZEZMEb<20K/
=bw#
\X(E
Tivoli PKI ~qwO&;PUPD*EKZ#&dC53,Tc
vl}w78(xn/ Tivoli PKI &CLrDG)KZODk
s#
9C@p=<uIBM ?R(iz20@p=,}g IBM Firewall,T#$ Tivoli PKI 5
39.\bSxgDm;?VVk#@p=Jmz(}TB=(#$5
3:
¶ XFD)&CLrISrXxCJZ?xg
¶ XFQZ(D&CLrICJZ?xgDD)X7
¶ @9Z?&CLrCJb?xg(rXx)
¶ O$yPdkks4,"`&XmIr\xCJ
*5)CJ^F,&Z@p=sdC Tivoli PKI ~qw#&7#20D
@p=AYa)TB&\:
¶ 8!7Iw,y]zD_TW!n!qTXh{}]|#}g,@
p=&Jmz("X~,^FkX( IP X7MKZD(E#
28 f> 3 "Pf 7.1
![Page 49: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/49.jpg)
¶ zm~qw,#1M'z/~qwks.dDYC_#}g,@p
=&JmzZ+C'D FTPr HTTP ks7I=`&D~qwxL
.0+|GXO#byvI@9M'zM~qw1S`%(E#
¶ \_xg,a)nbD:ex,r;b?xg\p,ItkM#$
Z?xg#
kG!IZ`(zwO20 Tivoli PKI ~qwLr,K2Ea)K8v
EF#}g,(}Z`v&mw.dVd$w:I,IqCT\Dx;
IhC@"D8]wH,"(} IP X73d4XFT;,}LDCJ#
;x,*7#b)LrD2+T,XkZ@p=sdCb)~qw#X
kI!kz#$w~qw`,D@6k)4#$|G#
9C Tivoli PKI }]bTivoli PKI 9C IBM DB2 (C}]bm~4\m}]#Tivoli PKI i
Jm~|P|,D DB2 f>v) Tivoli PKI &CLr9C#g{*(
F}]bm~,r+dCZ} Tivoli PKI TbDz7,rXk:r IBM
DB2 s5fj+f>DmI$#
g{*Z`zdCPhC Tivoli PKI,XkZ?(F.20 Tivoli PKI ~
qwi~DzwO20 Tivoli PKI }]bm~#
w*KPs20dCLrD;?V,Tivoli PKI *dC}]4( cfgdb}
]b"T|2k1!dC5#
dC}LP,Tivoli PKI * CA }]""a}]"sF}]M\?8]
kV4}]4(TB}]b#g{Z AIX O20 Tivoli PKI,XkZ*
<20}L.0*b)}]b4(ELVx#XZj8E",kNDZ
423D:hC AIX miMD~53;#
¶ ibmdb
¶ pkrfdb
¶ adtdb
¶ krbdb
}G|Q-fZ,qr Tivoli PKI 2* Directory4( ldapdb}]b:
29Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
3.f.
Tivoli
PK
I
![Page 50: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/50.jpg)
g{zZ,;zwO20yP~qwi~,rdCLrZs(4(}]
b#g{Z6LzwO20 CA"sFr Directoryi~,20}LPX
kI!;)=h,T7#}75}/}]b#6Tivoli PKI dC8O7V
[Kb)6LdC}L#
g{Z AIX O20 Tivoli PKI,rdC"CA""a"sFM\?8]
kV4}]bZ{* cfguserD5}B4(#}GT04(K Directory
D}]b,qr2Z cfguser5}B4(|#
g{Z Windows NTO20 Tivoli PKI,r Tivoli PKI }]bD5}
{Fk20z7DC'{`%d(FvD5* cfguser,+zD20I\
kK;,)#}GT04(K DirectoryD}]b,qrZ{* ldapInstD
5}B4(|#
*K'V8]kV4,Tivoli PKI PKI *"aM$wB~tCsFG<#
XZgNi5sFU>T0gN8]kV453D8<,kND Tivoli
PKI System Administration Guide#XZgN8]kV4}]bD=SE
",kI/>X DB2 }]b\m1#
dC Web ~qwD IP p{Tivoli Public Key InfrastructureiJm~||,9C Tivoli PKI yhD
Web~qwm~:IBM WebSphere Application Server"IBM HTTP Server
T0 Sun Java Development Kit(JDK)#20Km~s,I\*dCX
bKZCZ&m+CM2+ks#
Z Tivoli PKI 53P,Web ~qwh*'VTB`MDks:
¶ G2+WSVc(SSL),r+Cks
¶ ;hM'zO$D2+ SSL ks
¶ hM'zO$D2+ SSL ks
Z1!dCP,Tivoli PKI 8( Web~qwODKZ4&mwVks#
b9z\9C20sD53,x;hTxgdCxP(Ew{#
Bm\aKCe5a9M1!KZ5:
30 f> 3 "Pf 7.1
|
|
|
![Page 51: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/51.jpg)
-i SSL ~qwO$ M'zO$ KZE
HTTP q q q 80
HTTPS G G q 443
HTTPS G G G 1443
Zm`2+53P,;PKZ 80 M 443 I(}@p=*E,R;PK
Z 443ICZ SSL,S#g{zDi/}GbViv,rXkdC Web
~qw,Tc;,`MDksI(}`,KZ4&m#}g,I\*d
C53Tc=v2+~qw<ZKZ 443 l}ks#
*@9`vCJc(},;KZ=o,;zw,Xk(eibwz{,
"+|Gk IP X7(b) IP X7GzwD5J IP X7Dp{)`X
*#bvEn,F.* IP p{,JmzZ;(zwOKP`v@"D~
qw#
":g{;k9C Web~qwKZD1!dC5,rXkZKP Tivoli
PKI dC!&CLr.0dC IP p{#*534( CA $i1,
dCLr+@5Zb)5#
Z TCP/IPr{~q(DNS)PhC IP p{#TZ Tivoli PKI,k4P
TBYwdC=Vp{:
¶ dC DNS"8(zwDwz{M IP X7#TZKZ 80l}G SSL
ksD+C~qw9CKu?#
¶ mSp{(ib)wz{Mp{ IP X7#TZKZ 443l} SSL"
GM'zO$ksD2+ Web ~qw9CKu?#
¶ mSZ~vp{wz{MZ~vp{ IP X7#TZKZ 443 l}
SSL"M'zO$ksD2+ Web ~qw9CKu?#
k"bb)p{wz{M IP X7XkG(;D,R|GXk3d=,;
omzwO#
XZdCibwz{M IP p{DE",kiDk DNS z7;pa)D
D5#2I4i IBM HTTP Servera)DD5#}g,IZTB IBM
HTTP Server Web>cCJ User AssistanceE":
http://www.ibm.com/software/webservers/httpservers/library.html
31Tivoli PKI hCkKP
3.f.
Tivoli
PK
I
![Page 52: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/52.jpg)
9C DirectoryTivoli Public Key InfrastructureiJm~||,20 IBM Directory y
hDm~#I20k Tivoli PKI ;pa)Dm~,"+|hC*(Ek
Tivoli PKI ;p9C,r_I+ Tivoli PKI kVPD IBM Directory ;
p9C#20 Tivoli PKI ~qwm~1,20Lry] Tivoli PKI i
~h*DE"|B Directory#
dC}LP,Tivoli PKI 4(|h*Du?,Tcs(= Directory""
<E"#}g,dCLr4( Tivoli PKI CA Du?,"8(J1D
Directory CJmI(#
g{zZ,;zwO20yP~qwi~,rdCLrZs(|B
Directory#g{Z6LzwO20 Directory,20}LPXkI!;)=
h,T7#|DdC}7#6Tivoli PKI dC8O7V[KK}L#
Directory #=DirectoryPD?vu?m>I;v(;Rw7D(P{F(DN)4j6
D%vTs(}gK1"i/rh8)#Directory #=(eK DN Df
r,}ggNyw|GT0 DN PITrXk|,DE"`M#
DN |,;itT,PzZ(;Xj6Ts"hvTsX(#}g,tT
Ij6Tsy&Xc"kTsPXDi/T0TsDQ*{F#
*Kozz(e Tivoli PKI h*D Directory u?,dC!&CLra
)K<NC'gf(GUI)#(P{F`-wJmz8( DN tT,x;
XGCe~ Directory #=*s#
Directory CJXFyP Directory u?<G_-Xi/=F* Directory E"w(DIT)D
Vca9P#Cw_P;vyM^^6*Zc#?vZcT&Z;vI
(PtTj6D Directory u?#
Directory Jm*%vu?ru?0d{vSwhCCJXFX(#dC
Tivoli PKI 1,*?v Tivoli PKI DN u?&C`&DX(#\a:
32 f> 3 "Pf 7.1
![Page 53: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/53.jpg)
¶ CA Xk\CJ DirectorycNa9Pd DN kZc&r.BDyP
kZ#Z CA y!6p&r.BDTsG CA \mrDI1#|G
zmQZ(SUI CA O$D+C\?M$iD5e#
¶ r* Tivoli PKI CA ;1Ss(= Directory,|9Czm(F.*
Directory \m1)#Directory \m14P CA"RA M Directory .
dDks#Z(|B Directory P CA SwDyPu?#b|,m
S">}"|D"A!"QwMHO Directory u?D\&#
¶ ?v Tivoli PKI 53(e;v Directory rootC' DN#root C'
DN G;vQdCD5e,+5JO|";fZZ Directory wP#
w* root \m1,_P|B DirectoryPyPZc(x;vvG3v
X( CA SwPDG)Zc)D(^#
root C' DN PDtThvK Directory'VD-iMXF#|tC
ng Tivoli PKI DM'z47(~qwM DirectorywDy>E"#
29 Tivoli PKI \s(= Directory,TT|xP|D#
9C 4758 -&mw!\ IBM 4758 PCI Cryptographic CoprocessorGI!D,+TDxz
9CKz7,Tozns/ CA M RA )p\?D2+T#byvPz
Z9DC0(D53\m1r53Vk_x4p&D)6n!/#
":vZ AIX f>D Tivoli PKI Pa) 4758-&mwD'V#
4758 -&mw9C IBM +2S\e5a9 API 4a)?sDS\~
q#yPS\&m<"zZomS\(2+_gZ#
20}LP,4758dCLrzIw\?,"+.f"Z2~P#Z Tivoli
PKI 53P,-&mw9CKw\?T0 RSAc(,4}XS\ CA r
RA D)p\?#K=ha)2+Tnbc,T\bT<9)rmbFk
CA r RA D){#
}KdS\G\,4758-&mw9\lb[D2~rw\?DT<"g
9MBHD;frTT0}?xdD#;)lb=,M+h*C4CJ
#iP\#$}]D\?F5#
33Tivoli PKI hCkKP
|
|
|
|
|
|
|
3.f.
Tivoli
PK
I
![Page 54: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/54.jpg)
":XZ20"dCMK! 4758-&mwDE",kN< IBM 4758 z
7D5#
+ CA r RA \?f"Z2~Pg{v(9C 4758 -&mw,rXkZdC Tivoli PKI .0Z20
Tivoli PKI CA ~qwr Tivoli PKI RA ~qwDzwO20|#dC
CA r RA 1,k8(|Gq&9C-&mw4f"d)p\?#
Zs`} Tivoli PKI 53P,CA r RA \?"GZomOkw\?;
pf"#;x,P;dC!nJmz2GC1!5,IBM ;DxKYw#
g{ 4758-&mw2~'\,rXk<8"4I!@}Yw#
g{!q+ CA r RA \?f"Z2~P,r&<8VQV4F.#h
KbkKv(`XDgUM@}Yw:
¶ 8] 4758-&mw1,v8]|Dw\?,;8]f"Z2~(P
DNNd|\?#rK,g{(p5,r"zd|2~JO,z+
*' CA r RA D)p\?#
¶ g{ CA r RA D\?Q*'r9),rXk#9 CA r RA,;
sCBD\?t/|#1 CA r RA ;IC1,I CA r RA )
p$iDC';\9Cb)$i,r*^(i$|G#
¶ r*T CA r RA D-<\?)pD$i;YP',yTXkZX
B(" CA r RA .s)"CBD CA r RA \?)pDB$i#
XZT 4758 -&mwDx;=V[,kN< Tivoli PKI System
Administration Guide#
k Policy Director /ITivoli Policy Director*g=XmV"DZ?xMb?xDJ4a)KK
=K2+T#||,O$"Z("}]2+TMJ4\mDc:'V#
(}+ Policy Directork Tivoli PKI /I,I*gSLqn/4(2+
DM$i#$D73#
Policy Director* Web73a)K%vXFc#1C'"TCJ2+>
c1,Policy DirectorI*s?v WebC'xP%;"a"O$C'm
34 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 55: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/55.jpg)
],"i$C'CJ\#$xrD(^#w*Ki$}LD;?V,I
dC Policy Director4@@ Tivoli PKI $i#
}g,IdC Policy Director vS\G)QIIED CA(T Policy
DirectorQ*))pD$i#(}* Policy Directora) Tivoli PKI CA
$i,IaxWYX("4Z(DC'kh*#$DJ4.dDAO#
XZZ Policy Director73P9C Tivoli PKI DE",kND IBM l
$i,Tivoli SecureWay Policy Director Centrally Managing e-business
Security,SG24-6008–00#
I(}9CL5wLTs(BPO),(F Tivoli PKI Tx;=k Policy
Director/I#}g,;)a)K$iks,MI4 BPO]w,T4(
Policy DirectorC'j6#(}bV=(,+$is(= LDAP P4(
D Policy Director ePersonTs#a)4PK&\D BPO_PnbDf
&:,1* Policy Directora)KyZ Web DGGzF#
kN< IBM l$i Working with Business Process Objects for Tivoli
SecureWay PKI,SG24-6043-00,q!*"M(F BPO D8<,Tzc
zTQ@XDLqhs#
'VD~qwdCIZ;(zwO20yP Tivoli PKI ~qwi~,r+&mVd=`(
zwP#;x,XkzcTB<x:
¶ Web~qw"WebSphereT0|, RA M}]b(#tdCM"a
}])Dw Tivoli PKI ~qw,XkZ,;zwO2f#
¶ CA ~qwMsF~qw,T0|GD}]b,XkZ,;zwO2
f#
¶ Directory ~qw0d}]bXkZ,;zwO2f#
gNdCzD~qwxg*!vZzDi/Z{D$w:IMGq+3
(X(zwCZ`VC>#}g,g{T020K Directory"+.kd
|&CLr;p9C,rI\k#VC~qwkd| Tivoli PKI i~t
k#
35Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3.f.
Tivoli
PK
I
![Page 56: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/56.jpg)
TBdC\aKIVd~qwi~D=(:
¶ w Tivoli PKI ~qw"CA MsF~qwT0 Directory~qwZ;
(zwO#
¶ w Tivoli PKI ~qw"CA MsF~qwT0 Directory~qwZ}
(@"zwO#
¶ w Tivoli PKI ~qwZ;(zwO,CA MsF~qwT0 Directory
~qwZm;(zwO#
¶ w Tivoli PKI ~qwk CA MsF~qwZ;(zwO,Directory
~qwZm;(zwO#
¶ w Tivoli PKI ~qwM Directory~qwZ;(zwO,CA MsF
~qwZm;(zwO#
zJ73"bBnQtC Tivoli PKI i~CZzJ73PD?p:
¶ 9CTBoT-kK{"D~M<NC'gf(GUI)"a)>X
oT'V:"o"(o"Bo"bs{o"w`@o"MwOQ@
o"Uo"+zo"rePDM1ePD#
¶ yPD>dkVN(} UTF-8 `k'V Unicode#
¶ yP(P{F(} UTF-8 `k'V Unicode#
Z Tivoli PKI P,dCD~PDyP?<76vI9C"o,xRXk
T ASCII q=8(#
r*~.vZfB,Tivoli PKI z7T%@DS\^)fV"#@z"@
z\_XxMSCsDzZM'ICDf>|,DS\c(HzJM'
ICDf>&\|?s#z7zkPDS\c(G$H7(D,Z2
0"dCr9Cz71;\|D#
Tivoli PKI iJm~|Tivoli PKI z7Dm~Z|,TB CD DiJm~|PV":
36 f> 3 "Pf 7.1
|
|
![Page 57: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/57.jpg)
¶ IBM WebSphere Application Server AIXf,j<f V3.5 Application
ServerM IBM HTTP Server CD
K CD |, Tivoli PKI yhD Web~qwm~#||, WebSphere
Application ServerM IBM HTTP Server#
¶ IBM WebSphere Application Server AIXf,j<f V3.5 IBM Directory
K CD |, Tivoli PKI yhD}]bM Directory m~#
¶ Tivoli Public Key Infrastructure AIXf,V 3.7.1,CD 1
K CD |, Tivoli PKI yhD}]bm~,"|,TBwn:
v Tivoli PKI "aPD"O$PDMsF~qwLr;k Directory
`XDm~;CZ20"dCM\mz7DLr#
v Tivoli PKI "aPD@f!&CLrD203s#
X(Z=(D CD G* AIX a)D#
¶ Tivoli Public Key Infrastructure AIXf,V 3.7.1,CD 2
K CD |, Tivoli PKI yhm~MLr^)#
¶ 6Tivoli Public Key InfrastructurehCkKP7
¶ 6Tivoli Public Key Infrastructure"P5w7
37Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
3.f.
Tivoli
PK
I
![Page 58: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/58.jpg)
38 f> 3 "Pf 7.1
![Page 59: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/59.jpg)
Z AIX O20 Tivoli PKI
>Ba)KZ AIX =(O20 Tivoli Public Key Infrastructure(PKI)
0dX8z7D}L#
*<20 Tivoli PKI m~0,k7#QDAz7"P5wDnBf>#
*q!"P5wDnBf>,kCJ Tivoli Public Key Infrastructure Web
>c:
http://www.tivoli.com/support
TBP3r20 Tivoli PKI m~:
1. AIX Yw53f> 4.3.3
2. AIX Yw53,$6p 6(dsXB}<zw)
3. IBM DB2 (C}]bf> 6.1 ^)| 4
4. IBM Directory Serverf> 3.1.1.5
5. IBM Developer Kit AIX f,Java<uf,f> 1.2.2LrY1T
^) 8
6. IBM WebSphere Application Serverj<ff> 3.5
7. }6 IBM WebSphere Application Serverj<ff> 3.5 LrY1
T^) 4
8. {CT/t/ IBM HTTP Server
9. t/ WebSphere Application Server
10. IBM KeyWorksf> 1.1.3.1
4
39Tivoli PKI hCkKP
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
![Page 60: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/60.jpg)
11. Tivoli PKI ~qwm~
hC AIXZF.20 Tivoli PKI m~DzwO20 AIX m~1,k9CTB8
<#g{T0Q20 AIX,rk9Cb)8<w*lim,7#Q20y
P Tivoli PKI i~XhDD~#
g{*Z`zdCPhC Tivoli PKI,rXkZ?(F.20 Tivoli PKI
~qwi~DzwO20 AIX#
**<20}L,k4PTBYw:
1. k4PBDMj+20,x;G#t20#
":K1k;*20NN^)6p#TsZ20}LP4PKY
w#
2. k7#Q+zwDoT73hC*F.KP Tivoli PKI &CLrDo
T#
3. Tivoli PKI 'V AIX IEFcb(TCB)#g{k*9CK&\(|
Ix;=a_Yw53D2+T),120 AIX 1!qK!nTtC
C&\#
4. dC TCP/IP1,dk53rL{F,w* HOSTNAME#}g,d
k hostname ,x;G0hostname.mycompany.com1#20 AIX sk
4PTBYw,i$Q}7X8(K{F:
a. dk smitty #
b. !q(E&CLrM~q#
c. !q TCP/IP#
d. !qn!dCMt/#
e. SICDxgSZPm!qJ1DxgSZ#}g,!q en0 j<T+xxgSZ#
f. i$ HOSTNAME 5Dq=}7#
40 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
![Page 61: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/61.jpg)
i$D~/20 AIX "XBt/53s,k7OQ20TBD~/:
bos.adt.base 4.3.3.0 COMMITTED y>&CLr*"bos.adt.debug 4.3.3.0 COMMITTED y>&CLr*"bos.adt.graphics 4.3.3.0 COMMITTED y>&CLr*"bos.adt.include 4.3.3.0 COMMITTED y>&CLr*"bos.adt.lib 4.3.3.0 COMMITTED y>&CLr*"bos.adt.libm 4.3.3.0 COMMITTED y>&CLr*"bos.adt.prof 4.3.3.0 COMMITTED y>E*D~'Vbos.adt.prt_tools 4.3.3.0 COMMITTED r!z'V*"bos.adt.samples 4.3.3.0 COMMITTED y>Yw53y>bos.adt.sccs 4.3.3.0 COMMITTED SCCS &CLr*"bos.adt.syscalls 4.3.3.0 COMMITTED 53wC&CLrbos.adt.utils 4.3.3.0 COMMITTED y>&CLr*"bos.adt.data 4.3.0.0 COMMITTED y>&CLr*"X11.adt.bitmaps 4.3.0.0 COMMITTED AIXwindows &CLrX11.adt.ext 4.3.3.0 COMMITTED AIXwindows &CLrX11.adt.imake 4.3.3.0 COMMITTED AIXwindows &CLrX11.adt.include 4.3.3.0 COMMITTED AIXwindows &CLrX11.adt.lib 4.3.3.0 COMMITTED AIXwindows &CLrX11.adt.motif 4.3.3.0 COMMITTED AIXwindows &CLrX11.apps.aixterm 4.3.3.0 COMMITTED AIXwindows aixterm &CLrX11.apps.clients 4.3.3.0 COMMITTED AIXwindows M'z&CLrX11.apps.config 4.3.3.0 COMMITTED AIXwindows dCX11.apps.custom 4.3.3.0 COMMITTED AIXwindows (F$_X11.apps.msmit 4.3.3.0 COMMITTED AIXwindows msmit &CLrX11.apps.rte 4.3.3.0 COMMITTED AIXwindows KP1X11.apps.util 4.3.3.0 COMMITTED AIXwindows 5CLrX11.apps.xterm 4.3.3.0 COMMITTED AIXwindows xterm &CLrX11.base.common 4.3.3.0 COMMITTED AIXwindows KP1+2D~X11.base.lib 4.3.3.0 COMMITTED AIXwindows KP1bX11.base.rte 4.3.3.0 COMMITTED AIXwindows KP173X11.base.smt 4.3.3.0 COMMITTED AIXwindows KP12mD~X11.compat.lib.X11R5 4.3.3.0 COMMITTED AIXwindows X11R5 f]TX11.fnt.coreX 4.3.0.0 COMMITTED AIXwindows X *OVeX11.fnt.defaultFonts 4.3.2.0 COMMITTED AIXwindows 1!VeX11.fnt.iso1 4.3.3.0 COMMITTED AIXwindows -! 1 VeX11.motif.lib 4.3.3.0 COMMITTED AIXwindows Motif bX11.motif.mwm 4.3.3.0 COMMITTED AIXwindows Motif 0Zifor_ls.base.cli 4.3.3.0 COMMITTED mI$9C\mKP1ifor_ls.client.base 4.3.3.0 COMMITTED mI$9C\mM'zifor_ls.client.gui 4.3.3.0 COMMITTED mI$9C\mM'zifor_ls.msg.en_US.base.cliifor_ls.base.cli 4.3.3.0 COMMITTED mI$9C\mKP1ifor_ls.client.base 4.3.3.0 COMMITTED mI$9C\mM'zxlC.cpp 4.3.0.1 COMMITTED C oT AIX f$&mwJava.rte.bin 1.1.8.0 COMMITTED Java KP173Java.rte.classes 1.1.8.0 COMMITTED Java KP173Java.rte.lib 1.1.8.0 COMMITTED Java KP173
41Tivoli PKI hCkKP
|||||||||||||||||||||||||||||||||||||||||||||||
4.Z
AIXO20
Tivoli
PK
I
![Page 62: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/62.jpg)
g{yPb)D~/4+?20,kZLx20}L020|G#
i$Pc;Dw3UdAYXkP 768MB Dw3Ud#jITB=h,i$Pc;Dw3U
d:
1. dk smitty #
2. !q53f"w\m(omM_-f"w)#
3. !q_-m\mLr#
4. !qw3Ud#
5. !qP>yPw3Ud#
6. g{\s!;G 768MB r|`,k4PTBYw:
a. 4 F3 r!{#
b. !q|D/T>w3UdXw#
c. !q*vSDw3Ud{F#
d. mS*+w3UdvS= 768MB yhD=S_-Vx}#
T AIX &C^)6pQi$ AIX D~/s,k20^)6p ML 4330–06#q! AIX ^)
6p ML 4330–069!Lr"y]=xDD520|#&C ML 4330-06
s,XkXBt/zw#
hC AIX miMD~539C AIX 53\mgf$_(SMIT),hCTBD~53#C(iDd
CyZ+=v_P 4.5GICUdDEL}/wCZ rootvgM datavgm
i#
":>V[YhyP~qwi~<20Z,;(zwO#g{Zk"a
PD~qwV*DzwO20O$PDMsFS53,rh*`&
Xw{}L#
¶ TZ rootvg Vx:
v +y(/)VxhC* 64MB(128,000v 512 VZDi)#
42 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 63: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/63.jpg)
v + /usr VxhC* 3GB(6,000,000v 512 VZDi)#
v + /tmp VxhC* 200MB(400,000v 512 VZDi)#
v + /var VxhC* 500MB(1,000,000v 512 VZDi)#
v + /homeVxhC* 200MB(400,000v 512 VZDi)#
¶ TZ datavgVx:
v + /local VxhC* 2GB(4,000,000v 512 VZDi)#
v 4( /dbfsibm Vx"+dhC* 500MB(1,000,000v 512 V
ZDi)#
bG Tivoli PKI CA D1!D~53#k"bI\h*y])"
D$i}w{s!#
v 4( /dbfspkrf Vx"+dhC* 300MB(600,000v 512 VZ
Di)#
bG"a$_D1!D~53#k"bI\h*y]"a$iD
C'}w{s!#
v 4( /dbfsadtVx"+dhC* 300MB(600,000v 512VZD
i)#
bGsFS53D1!D~53#k"bI\h*y]G<Ds
FB~}w{s!#
v 4( /dbfskrb Vx"+dhC* 300MB(600,000v 512 VZ
Di)#
bG\?8]MV4$_D1!D~53#k"bI\h*y]
)"D\?8]ks}w{s!#
4( CD-ROM D~53*20 Tivoli PKI 0dX8z7,Xk+ CD-ROM D~5320*
/cdrom#g{h*,k9CTB|n4(KD~53D(e:
crfs -v cdrfs -d /dev/cd0 -m /cdrom -p ro -A no
r_,IT9C SMIT 4(D~53:
smitty crcdrfs
43Tivoli PKI hCkKP
4.Z
AIXO20
Tivoli
PK
I
![Page 64: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/64.jpg)
|D AIX 53C'}dkTB|n|D AIX 53C'}#*9K|nz',XkXBt/5
3#
chlicense -u 100
7#wz{bvk4PTBYwhC AIX,Tc>X~qwIT}7Xbvwz{:
1. Z /etc ?<P4(|{* netsvc.confDD~,D~Pv|,TBP
(k"bKodP;PUq):
hosts=local,bind4
9CD>`-w(g vi)4(KD~,rdkTB|n:
echo hosts=local,bind4 > netsvc.conf
2. `- /etc/hostsD~"7#KD~}C}ZhCD~qw#}g:
127.0.0.1 loopback localhost192.40.168.20 taserver.company.com taserver
O}PDZ~Pj6K IP X7"+^(wz{M}ZhCD AIX ~
qwDrLwz{#
3. 4(r^D /etc/resolv.confD~,v|,TBP:
domain company.comnameserver 10.10.10.90
O}PDZ;Pj6K}ZhCD~qwDr{#Z~Pj6K DNS
{F~qwD IP X7#
4(533sd;;GXhD,+&1ZLx Tivoli PKI 2008] AIX 53dC#
5P8]3s+9zZvVJbDivBIV453#
*4(533s,kw* root C'dkTB|n"!qW!D!n:
smitty mksysbsmitty savevg
44 f> 3 "Pf 7.1
![Page 65: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/65.jpg)
20}]bm~Tivoli PKI 9C IBM DB2 (C}]bm~4\m}]#IBM DB2 (
C}]bm~Gk IBM WebSphere Application Serverj<ff> 3.5.0
;pa)D#k IBM WebSphere Application Server;pa)D IBM
DB2 (C}]bm~rcv) Tivoli PKI &CLr9C#g{k*(F
}]bm~,r+dCZ} Tivoli PKI TbDz7,rXk:r IBM
DB2 s5f,f> 6.1 Dj+f>DmI$#
TBBZa)K20}]bm~D=h#g{Z`zdCPhC Tivoli
PKI,rXkZ?(F.20 Tivoli PKI ~qwi~DzwO20}]b
m~#k"bTB8<:
¶ dCZd,Tivoli PKI +T/4(~qwLrXhD}]b#}G
Directory }]bQ-fZ,qr Tivoli PKI +* Directory 4(}
]b#
¶ 20 Tivoli PKI .0,Xk7#Z?(F.20 Tivoli PKI ~qw
i~DzwOQ20XhD}]bm~f>#20 Tivoli PKI 0,X
k7#}]b53>m}Z}7KP#
20 DB29CTB}L20y>}]bm~#
1. T root C'G<#
2. + IBM WebSphere Application Server AIXf CD Ek CD-ROM
}/w#dkTB|n20 CD:
mount /cdrom
3. dkTB|n|DA CD OD /Db2 ?<:
cd /cdrom/Db2
4. dkTB|nKP}]b20E>:
./db2setup
20Zd,}]b20E>+xPli,Ti4Gq53OfZT
0f>D DB2 T0zwGqPc;DELUd#g{;Pc;DU
d,r+vS /usr D~53A 400 MB ICUd#
5. !q DB2 UDB s5f#
45Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
![Page 66: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/66.jpg)
6. !q DB2 z7{"#
7. !qzDxrD`&oT,;s!q7(#
8. !q DB2 z7b#
9. !qzDxrD`&oT,;s!q7(#
10. !q7(#
11. Z4( DB2 ~qAf,!q4( DB2 5}#
12. 4 Enter |#
13. +C'{hC* db2inst1 "+w?<hC* /home/db2inst1 #y
Pd|5DhCT#V|GD1!5#
14. *\kMi$\kdk5#
15. !qtT#
16. 4 Enter |#
17. TZO$`M,!qM'z#
18. !q7(#
19. !q7(#
20. TZO$,* db2fenc1C'{dk\kMi$\k#
21. !q7(#
22. !q7(#
23. !q7(#
":vT/f{"#
24. !qLx#
25. !q7(#
+ZK&*< DB2 20#
26. !q7(#
27. !q7(Kvri4U>#
28. !qXU#
46 f> 3 "Pf 7.1
|
|
|
![Page 67: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/67.jpg)
29. !q7(#
30. !q7(#
K&QjIC?V20#
31. dkTB|n,60 Tivoli PKI iJ:
umount /cdrom
32. dkTB|n|D?<:
cd /usr/lpp/db2_06_01/cfg
33. dkTB|nhC73d?:
./db2ln
34. N<:20 IBM® Directory;;Z,Lx20#
20 IBM® DirectoryTivoli PKI 9C IBM Directory f"",$XZ(}"a$_)"D$
iDE"#9CTBBZPD=h,20"hC Directorym~#ITZ
6LzwOrZF.20 Tivoli PKI ~qwi~D,;(zwO20K
m~#
20 Directory m~w* root C',k4PTBYw:
1. + Directory Serverf> 3.1.1.5 CDEk53D CD-ROM }/w
P#dkTB|n20 CD:
mount /cdrom
2. dkTB|n|D?<:
cd /cdrom/usr/sys/inst.images
3. dkTB|n:
smitty install
4. !q20"|Bm~#
5. !qSnBICm~20M|B#
6. TZdkm~Dh8/?<!n,k!q .(dc)#
47Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
![Page 68: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/68.jpg)
7. ZSnBICm~20M|B,4 F4 i4ICZ20DD~/Pm#
8. 9C F7 !qCZ20D ldap.clientD~/#
9. 20D~/s,ZSnBICm~20M|B,4 F4 i4ICZ20DD~/Pm#
10. 9C F7 !qCZ20DTBD~/:¶ ldap.server
¶ ldap.html.en_US
":Xk*20!qJ1DoTD~/#
11. dkTB|n6X DirectoryiJ#"vTB|n1,NNxL<;
ITCJ /cdromwDNN?V:
umount /cdrom
":Z`zdCP,KP Tivoli PKI dC!&CLr0,?v Tivoli PKI
~qw<Xk20 DirectoryM'zm~#*20Km~,}KQ2
0 Directory ~qwm~Dzw,XkZd|D?(zwOS
Directory Server CD20 ldap.client!n#Xk20Z?(zwO
DX|D~G libldap.a#
jI1,Q20BPD~:
ldap.client.adt 3.1.1.5 COMMITTED SecureWay Directory Client SDKldap.client.rte 3.1.1.5 COMMITTED SecureWay Directory Clientldap.html.en_US.config 3.1.1.0 COMMITTED SecureWay Directoryldap.html.en_US.man 3.1.1.0 COMMITTED SecureWay Directory *zoz3ldap.msg.en_US 3.1.1.0 COMMITTED SecureWay Directory {"ldap.server.admin 3.1.1.5 COMMITTED SecureWay Directory Serverldap.server.com 3.1.1.5 COMMITTED SecureWay Directory Serverldap.server.rte 3.1.1.5 COMMITTED SecureWay Directory Serverldap.client.rte 3.1.1.5 COMMITTED SecureWay Directory Clientldap.server.admin 3.1.1.5 COMMITTED SecureWay Directory Serverldap.server.com 3.1.1.5 COMMITTED SecureWay Directory Server
20 Java*20 Java,k4PTBYw:
48 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
![Page 69: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/69.jpg)
1. + Tivoli PKI AIX f CD Ek53D CD-ROM }/wP#dkT
B|n20 CD:
mount /cdrom
2. dkTB|n|D?<:
cd /cdrom/aix/Java_1.2.2.ptf8
3. dkTB|n:
smitty install
4. !q20"|Bm~#
5. !qSnBICm~20M|B#
6. TZdkm~Dh8/?<!n,k!q .(dc)#
7. 4 Enter |#
8. 4 Enter |#
9. 4 F10 |#
10. dkTB|n,60 Tivoli PKI iJ#"vTB|n1,NNxL
<;ITCJ /cdromwDNN?V:
umount /cdrom
jI1,Q20BPD~:
Java_dev2.adt.debug 1.2.2.9 COMMITTED Java &CLr*"Java_dev2.adt.includes 1.2.2.0 COMMITTED Java &CLr*"Java_dev2.adt.src 1.2.2.9 COMMITTED Java `4zkJava_dev2.rte.bin 1.2.2.9 COMMITTED Java KP173Java_dev2.rte.lib 1.2.2.9 COMMITTED Java KP173
4( WebSphere Application Server }]b20 WebSphere Application Server0,Xk*d4( DB2 }]b#*
4(}]b,k4PTBYw:
1. T root C'G<#
2. dkTB|n:
su - db2inst1
3. 9CTB|nt/ DB2 XF(:
49Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
4.Z
AIXO20
Tivoli
PK
I
![Page 70: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/70.jpg)
db2
4. dkTB|n,4("dC WebSphere Application ServerD}]b:
create database was_dbupdate db cfg for was_db using applheapsz 256
5. dk quit Kv DB2 XF(#
6. dk db2stop #9 DB2#
7. dk db2start t/ DB2#
8. dk|n exit Kv#
20 Web ~qwm~Tivoli PKI 9C IBM WebSphere Application ServerM IBM HTTP Server
'VdyZ Web D&\#*7#Q}720CZk Tivoli PKI ;p9
CD Web~qwLr,kq-K=hTZ AIX =(O20m~#Xk
ZF.20"aPDi~DzwO20m~#
k"b49 WebSphere_P\m!~qLrD\mgf,+9G;I\
R;h*9C|4\m Tivoli PKI !~qLr#
20 Tivoli PKI s,s20Lr+C Tivoli PKI XhDE"|B Web
~qw#t/ Web ~qw1,|+9C Tivoli PKI *K?Dx4(D
dCD~#
":k7#Q4iKZ303D:dC Web ~qwD IP p{;PXZ
Tivoli PKI gNZ Web~qwOdCKZDV[#g{kT;,D
=(dCKZ,dC Tivoli PKI T0Xkbyv#
20 WebSphere Application Server1. T root C'G<#
2. + WebSphere Application Server AIXf CD Ek CD-ROM }/w#
dkTB|n20 CD:
mount /cdrom
50 f> 3 "Pf 7.1
|
|
|
|
|
![Page 71: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/71.jpg)
3. g{Z6L4P20,rXkZ<N X11 73P20 WebSphere#
dkTB|n<v*r*D WebSphere20LrD DISPLAY 73
d?,dP yourhost:0.0G53DJ15:
export DISPLAY=yourhost:0.0
4. 20 WebSphere:
a. dkTB|n|D?<:
cd /cdrom/aix
b. dkTB|nKP install.shE>#
./install.sh
c. Z06-10ZP,%wB;=#
d. Z020!n10ZP,!q(F20"%wB;=#
e. ZZ;v0!q&CLr~qwi~10ZP,!qyPi~"
%wB;=#
f. ZZ~v0!q&CLr~qwi~10ZP,!q IBM HTTPServer e~"%wB;=#
g. Z0}]b!n10ZP,S0}]b`M1B-Pm!q DB2"n4gBPvDVN:
}]b{:was_dbDB y?<:/home/db2inst1}]bC'j6:db2inst1}]b\k:yourpassword7O\k:yourpassword
dP yourpasswordGKP db2setup1dkD db2inst1\k#
h. Z02+TE"10ZP,dk53D root C'\k,7O|,
"%wB;=#
i. Z0!q?DX?<10ZP,%wB;=#
j. Z020!(!n10ZP,%wB;=#
k. ZB;v0ZP,%w7(,*<20z7#
":jIK=h+(Q8VS#
51Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
![Page 72: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/72.jpg)
l. Z020jI10ZP,%wjI#
5. dkTB|n,60 WebSphereiJ#"vTB|n1,NNxL<
;ITCJ /cdromwDNN?V:
cd /umount /cdrom
jI1,Q20BPD~:
IBMWebAS.base.IBMApache 3.5.0.0 COMMITTED IBMWebAS.base * IBMApacheIBMWebAS.base.ITJ.Info 1.0.0.0 COMMITTED IBMWebAS.base * ITJ E"IBMWebAS.base.WASicon 3.5.0.0 COMMITTED IBMWebAS.base * WASiconIBMWebAS.base.admin 3.5.0.0 COMMITTED IBMWebAS.base * \m1IBMWebAS.base.samples 3.5.0.0 COMMITTED IBMWebAS.base * y>IBMWebAS.base.server 3.5.0.0 COMMITTED IBMWebAS.base * ~qwIBMWebAS.base.tivoli 3.5.0.0 COMMITTED IBMWebAS.base * tivoli
}6 WebSphere Application Server*+ WebSphere Application Server}6ALrY1T^)(PTF)4,
k4PTBYw:
1. + Tivoli PKI AIX f CD Ek53D CD-ROM }/wP#dkT
B|n20 CD:
mount /cdrom
2. dkTB|n|D?<:
cd /cdrom/aix/WebSphere-Standard-ptf4
3. S CD +yP WebSphere PTF4D~4F=zw* root C'_P4
mI(D53OD?<P#
4. dkTB|nKP install.shE>:
./install.sh
5 . a>1,8( W e b S p h e r e y?<#(#,K?<G
/usr/WebSphere/AppServer#
6. a>1,TZJb0kdkGqk*20 IHS WebServerPTF(y/n)1Xp0y1#
7 . a>1,8( W e b S p h e r eD5y76#(#,K?<G
/usr/HTTPServer/htdocs/en_US#Xp0y17O#
52 f> 3 "Pf 7.1
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 73: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/73.jpg)
{C IBM HTTP Server T/t/*{C IBM HTTP Server~qDT/t/&\,kw* root C'4P
TB=h#
1. dkTB|n|DA /etc ?<:
cd /etc
2. `-D~ inittab ">} ihshttpd Du?#>}u?s,#f inittab
D~#
3. #9 WebSphereI\Qt/D IBM HTTP Server~q#*5VK
&\,k4PTBYw:
a. dkTB|n,PvI\DxL:
ps -ef | grep http
b. j6xL /usr/HTTPServer/bin/httpd #
c. iR8xLj6(Ss_}Z~vVN)#
d. dk kill |n,#98xL#}g,
kill pid
dP pid G8xLj6#
t/ WebSphere Application Server20 Tivoli PKI 0,Xkt/ WebSphere Application Server#k4PT
BYw,t/ WebSphere Application Server:
1. dkTB|n|D?<:
cd /usr/WebSphere/AppServer/bin
2. dkTB|n:
./startupServer.sh &
3. dkTB|n|D?<:
cd /usr/WebSphere/AppServer/logs
4. dkTB|n"i4zYD~:
tail -f tracefile
53Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
![Page 74: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/74.jpg)
14={"0*gSLqr* WebSphere Administration Server 1
1,t/ WebSphere Administration Server#
":jIK=h+(Q8VS#
5. 4 Ctrl + C Kv tail |n#
20 4758 -&mwzXkv(Gqk*9C IBM 4758 S\(T#$ CA r RA )p\
?#g{h*,rXkZF.20O$PDr"aPDD~qwOVp
20 47582~0dS\'VLr#g{ CA M RA $tZ,;(zw
O,r|GIT2m 47582~#
XZ20MhC 4758-&mwDE",kN< 4758z7D5#
20 Tivoli PKI*<20 Tivoli PKI 0,kDAz7"P5wDnBf>#*q!>D
5DnBf>,kCJ Tivoli PKI Web >c#
9CTB8<20 Tivoli PKI z7i~:
¶ Z,;v=(O20yP~qwLr(Z>}P* AIX)#
¶ g{T0Q20 IBM KeyWorks f> 1.1.1,rXkZ;,DzwO
20 Tivoli PKI,rZt/ Tivoli PKI 20Lr0}% KeyWorks
m~T0yPX*D&CLr#
¶ g{*Z`zdCPhC Tivoli PKI,rXkX420=h,1=Q
Z*20DzwO20K}7D~qwi~#XZx;=E",k
N<Z573D:`z208<;#
¶ 20 RA @f!&CLr1,WH20;v203s#;sXkV"
3sr9dZxgOIC,TcZC'ITSKP WindowsD>X
zwOKP20Lr#XZgN20"dCM6Xb)LrD8>
E",kND6Tivoli PKI RA @f8O7#
¶ g{20X8m~s,4XBt/53,rVZXBt/#20
Tivoli PKI 0,Xk7#73d?G}7D#
54 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
![Page 75: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/75.jpg)
¶ 9C PING rm;vxg,S$_,i$wz{M IP X7GP'
D,"RTZxgDr{~q(DNS)~qw|GQ*D#
20 KeyWorks*20 IBM KeyWorks,kjITB=h:
1. T root C'G<#
2. + Tivoli PKI AIX f CD Ek53D CD-ROM }/wP#dkT
B|n20 CD:
mount /cdrom
3. dkTB|n|D?<:
cd /cdrom/kw
4. dkTB|n20 KeyWorks:
smitty install_latest
5. TZdkm~Dh8/?<!n,k!q .(dc)#
6. ZSnBICm~20M|B,4 Enter#
7. g{}ZLx20 Tivoli PKI,rITx}K=h#qrdkTB|
n,60 CD-ROM }/w:
umount /cdrom
jI1,Q20BPD~/:
sway.adt 1.1.3.1 COMMITTED IBM KeyWorkssway_vr.cst 1.1.3.1 COMMITTED @zzZ(F
20~qwm~*20~qwm~,k4PTBYw:
1. T root C'G<#
2. + Tivoli PKI AIX fEk CD-ROM }/w#dkTB|n20
CD:
mount /cdrom
3. dkTB|n|D?<:
cd /cdrom/usr/sys/inst.images
4. dkTB|n:
55Tivoli PKI hCkKP
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
![Page 76: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/76.jpg)
smitty
5. !qm~20k,$#
6. !q20"|Bm~#
7. !qSnBICm~20M|B#
8. TZdkm~Dh8/?<!n,k!q .(dc)#
9. Z*20Dm~,4 F4 i4ICZ20DD~/Pm#
10. 9CBmw*8<,!qk*ZKzwO20Di~,"4 Enter#
ta.docD~/|,TBi.D HTML ozD~M Tivoli PKI D5:
¶ 6Tivoli PKI dC8O7
¶ 6Tivoli PKI "aPD@f8O7
ta.srvrD~/|,TBZ]:
¶ 4758-&mw'V
¶ O$PD
¶ KDD~
¶ 20 GUI
¶ 20$_
¶ "aPD
":g{zDzw;|, 47582~,r;*!q 4758-&mw'
V#9C F7,!qTX20h*DD~/#
D~{ i~ hv
tpki.srvr.ra "aPD~qw
(server)
20"aPD~qwm~,|,"a$
_h*DyPD~#
tpki.srvr.ca O$PDMsF
~qw
20O$PDMsFS53Lr#
tpki.srvr.core Tivoli PKI 20w Tivoli PKI b#
tpki.srvr.ic 20$_ 20 Tivoli PKI 20$_#
tpki.srvr.icg 20 GUI 20 Tivoli PKI 20 GUI#
RADInst.exe "aPD@f 20 Tivoli PKI RA @f!&CLrD
203s#(vCZ Windows NT)
56 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|||||
||||
|||
|||
|||
|||||
![Page 77: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/77.jpg)
11. =K&,QjI Tivoli PKI 20#dkTB|n,60 CD-ROM}
/w:
cd /umount /cdrom
jI1,Q20BPD~/:
tpki.srvr.ca 3.7.1.0 COMMITTED IBM Trust Authoritytpki.srvr.core 3.7.1.0 COMMITTED IBM Trust Authority KDD~tpki.srvr.ic 3.7.1.0 COMMITTED IBM Trust Authoritytpki.srvr.icg 3.7.1.0 COMMITTED IBM Trust Authoritytpki.srvr.ra 3.7.1.0 COMMITTED IBM Trust Authoritytpki.doc.cfg 3.7.1.0 COMMITTED IBM Trust Authority dCtpki.doc.rad 3.7.1.0 COMMITTED IBM Trust Authority RA @ftpki.doc.usr 3.7.1.0 COMMITTED IBM Trust C'8O
`z208<>ZV[K20 Tivoli PKI TZ`zdCPKP1,z*<GD8<-
r#yV[DdCgB:
¶ =8 1 * RA ~qwZ;(zwO;CA"sFM Directory~qw
Zm;(zwO
¶ =8 2 * RA M Directory ~qwZ;(zwO;CA MsF~q
wZm;(zwO
¶ =8 3 * RA"sFM CA ~qwZ;(zwO;Directory~qw
Zm;(zwO
¶ =8 4 * RA ~qwZ;(zwO;CA MsF~qwZm;(z
wO;Directory ~qwZZ}(zwO
9CTBkzD Tivoli PKI zwdC`&D208<#
=8 1 * RA ~qwZ;(zwO;CA"sFM Directory ~qwZ
m;(zwO
RA ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Client
57Tivoli PKI hCkKP
|
|
||
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
![Page 78: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/78.jpg)
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM WebSphere Application Serverj<f,f> 3.5
¶ + IBM WebSphere Application Serverj<f}6Af> 3.5 PTF 4
¶ {C IBM HTTP ServerT/t/
¶ t/ WebSphere Application Server
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic"tpki.srvr.icgM tpki.srvr.ra
CA"sF"Directory ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Serverf> 3.1.1.5
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic M tpki.srvr.ca
=8 2 * RA M Directory ~qwZ;(zwO;CA MsF~qwZm;(zwO
RA M Directory ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Serverf> 3.1.1.5
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM WebSphere Application Serverj<f,f> 3.5
¶ + IBM WebSphere Application Serverj<f}6Af> 3.5 PTF 4
¶ {C IBM HTTP ServerT/t/
¶ t/ WebSphere Application Server
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic"tpki.srvr.icgM tpki.srvr.ra
CA MsF~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
58 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 79: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/79.jpg)
¶ IBM Directory Client
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic M tpki.srvr.ca
=8 3 * RA"sFM CA ~qwZ;(zwO;Directory ~qwZ
m;(zwO
RA"sFM CA ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Client
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM WebSphere Application Serverj<f,f> 3.5
¶ + IBM WebSphere Application Serverj<f}6Af> 3.5 PTF 4
¶ {C IBM HTTP ServerT/t/
¶ t/ WebSphere Application Server
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic"tpki.srvr.icg"tpki.srvr.ra
M tpki.srvr.ca
Directory ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Serverf> 3.1.1.5
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.coreM tpki.srvr.ic
=8 4 * RA ~qwZ;(zwO;CA MsF~qwZm;(zwO;Directory ~qwZZ}(zwO
RA ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
59Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4.Z
AIXO20
Tivoli
PK
I
![Page 80: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/80.jpg)
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Client
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM WebSphere Application Serverj<f,f> 3.5
¶ + IBM WebSphere Application Serverj<f}6Af> 3.5 PTF 4
¶ {C IBM HTTP ServerT/t/
¶ t/ WebSphere Application Server
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic"tpki.srvr.icgM tpki.srvr.ra
CA MsF~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Client
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.core"tpki.srvr.ic M ta.srvr.ca
Directory ~qwh*20TBm~:
¶ AIX 4.3.3.0
¶ AIX 4.3.3.0 ,$6p 6
¶ IBM DB2 (C}]bf> 6.1 FP 4
¶ IBM Directory Serverf> 3.1.1.5
¶ IBM Developer Kit AIX f,Java<uf,f> 1.2.2 PTF 8
¶ IBM Key Works
¶ Tivoli PKI D~/:tpki.srvr.coreM tpki.srvr.ic
|DTYLr5v1k|DNN1!dC5(KPdC!&CLrrQdC53s^(
|DD5),E9CK}L#KP Tivoli PKI s20dCLr0,Xk
TyPTYLrxP|D#g{;k|DTYLr5,rLxZ623D
:KPs20dCLr;#
Tivoli PKI +TYLrw*s20}LD;?VKP#TYLrDdkG
{* createconfig_start.sql(|+1!50kdC}]b"Z ConfigDataTbl
60 f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![Page 81: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/81.jpg)
}]bmP4(}]bm(e)D SQL E>#Km|,yP Tivoli PKI
i~D53dC}]#;)Qt/dC}L,r^(|DK SQL E>P
D;)5#
":Z1!5I\ZYw73P<BJbDt1ivB,2ITZdC
0|D Tivoli PKI #eD~#XZ|`E",k*5 IBM 'Vz
m#
*|DTYLr5,k`- createconfig_start.sqlD~#KD~D1!;
CG /usr/lpp/iau/bin#
wvNN|D1,k9CBmw*8<:
¶ *|D DATABASE PATHNAME D5,Xk8(B;CD+76#
}g,/local/dbfsibm#
¶ Tivoli PKI RA"Directory\m1MsFS53D(P{F(DN)T
ZC'G8wD#g{k|D|G,r*7#v|D+2{F
(CN)tT#dCZd8(D CA DN bJCZz!qD CN#
VN{F hv 1!5
WS_RO_KEYSIZE Web~qw\?7\?
s!#KeySize 6YP
(eD!n 0 -3,g
B:
¶ 0 = 512
¶ 1 = 768
¶ 2 = 1024
¶ 3 = 2048
0
DATABASE
_PATHNAME
CA }]b5}5J$
t(CA i~)D+^
(76#
dbfsibm
DATABASE
_PATHNAME
sF}]b5}5J$
t(sFS53i~)
D+^(76#
dbfsadt
DATABASE
_PATHNAME
"a}]b5}5J$
t(RA i~)D+^
(76#
dbfspkrf
61Tivoli PKI hCkKP
4.Z
AIXO20
Tivoli
PK
I
![Page 82: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/82.jpg)
VN{F hv 1!5
APP_DN T i v o l i P K I R A D
DN#;IT^D CN#
/ C = U S / O = Y o u r
Organizat ion/OU=Tivol i
PKI/CN=Tivoli PKI RA
APP_CERT
_LIFETIME
53PD RA $iD9
CZ,TB8(#
36
K5XkG 12 D6}#
APP_LDAP _DIR
ADMIN_DN
D i r e c t o r y \m1D
DN#;IT^D CN#
/ C = U S / O = Y o u r
Organizat ion/OU=Tivol i
PKI/CN=DirAdmin
APP_COMM
_PORT
&m"a$_r\M
Tivoli PKI RA .dD
(ED(EKZ#
29783
APP_SEC_MECH &CLrD2+zF#
1!5{C RA }]b
S\#+5hC* 1 I
tC}]bS\#
0
CA_IBM_CA_CERT
_LIFETIME
Tivoli PKI CA $iD
9CZ,TB8(#
360
K5XkG 12 D6}#
CA_IBM_ADMIN
_PORT
Tivoli PKI CA D\m
KZ#8(D59Xk
ZD~ irgAutoCA.ini.tpl
(;Z cfg ?<)PD
PORTu?8(#
1835
ADT_DN sFS53D DN#;
IT^D CN#
/ C = U S / O = Y o u r
Organizat ion/OU=Tivol i
PKI/CN=Tivoli PKI Audit
KPs20dCLr20 Tivoli PKI ~qwm~s,XkZ|, RA"WebSphereM HTTP
ServerD Tivoli PKI w~qwOKPs20dCLr CfgPostInstall#Z
KP20r<dC Tivoli PKI 0XkKPKLr#
62 f> 3 "Pf 7.1
||
||
![Page 83: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/83.jpg)
KLrI4( Web~qwdCD~(httpd.conf),KD~JmC Tivoli
PKI yhDN}t/ Web ~qw#|,1<8KPdC!&CLrD
Web~qw"4( Tivoli PKI dCC'J'(cfguser)"4(dC}]
b"+1!dC}]2k}]b#
*KPs20dCLr,k4PTBYw:
1. (}dkTB|nT root C'G<:
su - root
2. dkTB|n|D?<:
cd /usr/lpp/iau/bin
3. dkTB|n:
./CfgPostInstall -i
4. a>1,hC cfguserJ'D\k"7O\k#
5. a>1,hCXFLrD\k"7O\k#
6. !q db2inst1w* DB2 5}D{F#dk5 1,k db2inst1T&#
":*jIK}L+(Q8VS#
s20lim9CTBlim,7#QITdC Tivoli PKI#XZKP20r<DE
",kND6Tivoli PKI dC8O7#
1. T root C'G<,"dkTB|n4(8]533s:
smitty mksysbsmitty savevg
2. *KPzZ+4DJbbv,k4(;vPm,CPm|,20Z
?(~qwODyPm~#T root C'G<,"dkTB|n:
#lslpp -al >tmp/sys_software.txt
3. g{;k9C Web ~qwKZD1!dC5,rXkZKP20r
<0dC IP p{#*534( CA $i1,dCLr+@5Zb)
5#XZ Tivoli PKI gNdCM9C Web~qwODKZCZ2+
MG2+BqDV[,kNDZ303D:dC Web ~qwD IP p
{;#
63Tivoli PKI hCkKP
|
|
|
4.Z
AIXO20
Tivoli
PK
I
![Page 84: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/84.jpg)
4. v(zk*CZ Tivoli PKI CA 0dzmLr"Directory \m1M
Directory rootC'D(P{F#b) DN XkG(;D#
4i6Tivoli PKI dC8O7PD8<,T7#b)TsD DN 'V
Z{D$wcNa9#
5. jI;Z6Tivoli PKI dC8O7PD Tivoli PKI dC}]m%,T
ZdC530l$XkKbDE"#9Cm%G<XZ53DE
",}g~qwwz{MW!D(P{F#
KP8]5CLrTivoli PKI 8]5CLr(ta-backup)G#f4f"ZNN DB2 }]b
PDdC}]D$_#9+#f(zD~}](gD~mI()#9C
DB2 5CLr8] DB2 }]b#
8]5CLrS\;vj64k8]}]D?<DN}#K8]?<G
CZ#fyP}]D~Dy?<#*\b8]?<PD{Fe;,8]
5CLr+9CfZZ}#f53OD`,?<a94#fD~#
TB>}5wKLro(:
ta-backup -d backup_directory
dP b a c k u p _ d i r e c t o r yGCZ}]8]D?<#1!76G
/usr/lpp/iau/backup#
q-TBb)=h,QzKP ta-backup5CLr:
1. T root C'G<#
2. !q4( Tivoli PKI dC}]D8]?<#}g:
mkdir /usr/lpp/iau/my_tabackup
3. |DA Tivoli PKI bin ?<#1!76G /usr/lpp/iau/bin#
4. dkTB|n,8(#{+}]8]=N&:
ta-backup -d /usr/lpp/iau/my_tabackup
5. a>1,8(XFLr\k#
64 f> 3 "Pf 7.1
|
|
|
|
|
|
![Page 85: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/85.jpg)
Z Windows NT O20 Tivoli PKI
>Ba)KZ Windows NT =(O20 T ivo l i Pub l i c Key
Infrastructure(PKI)0dX8z7D}L#
":Tivoli PKI f> 3.7.1;'V Windows NT#KE"vw*N<#
*<20 Tivoli PKI m~0,k7#QDAz7"P5wDnBf>#
*q!>D5DnBf>,kCJ Tivoli Public Key Infrastructure Web
>c#
":>BPDw*=hYhzGZ;N20 Tivoli PKI#20 Tivoli PKI
0,RG?RFvZ*<08]}]D~#XZ8]}]D~,k
N<Z793D:KP8]5CLr;PD8>E"#8]s,S|
nPKP CfgUnInstall,;sLx Tivoli PKI 20#
TBP3r20 Tivoli PKI m~:
1. xP Service Pack 5D Microsoft Windows NTYw53f> 4.0
2. Tivoli PKI }]bm~(Tivoli PKI D IBM DB2 (C}]b)
3. Sun Java Development Kit(JDK)f> 1.1.6r|_f>
4. IBM HTTP Server(IHS)f> 1.3.3.1,|,+V~q$_d(GSK)
5. IBM WebSphere Application Serverf> 2.0.3.1
6. IBM Directory Serverf> 3.1.1
7. Tivoli PKI ~qwm~,|,M'z&CLrM RA @fDKD~q
wLrM203s
5
65Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
![Page 86: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/86.jpg)
`zdC
g{;Z,;(zwO20yPD~qwm~,rXhX4TB=
h,Z?vi~zwO20 Windows NTM Tivoli PKI }]bm
~#
hC Windows NTZF.20 Tivoli PKI m~DzwO20 Windows NT m~1,k9
CTB8<#g{T0Q20 Windows NT,rk9Cb)8<w*li
m,7#Q20yP Tivoli PKI i~XhDD~#
g{Z`zdCPhC Tivoli PKI,rXkZ?(F.20 Tivoli PKI ~
qwi~DzwO20 Windows NT#
¶ 20 Windows NT1,Xk20 TCP/IP-i#}G5P/,r{
~q(DNS)~qw,qr^(9C/,wzdC-i(DHCP)#
¶ 9CTB8<tC,S:
v 7#QVd IP X7Mwz{,"R|GGL(D#
v 7#_P IP ,S#}g,bT PING m;(zwD\&#
v 7# DNS Mfr DNS }Z}7Yw#}g,7#|n pinghostname Ibv}7D IP X7,R ping -a IPaddress Ibv
}7Dwz{#
¶ 7#zw_P temp?<#g{ temp?<;fZ,r4(;v#*
lir4( temp?<,dk|n md %temp%#g{?<fZ,53+T>{"0S?<rD~}/w:™EMP Q-fZ1#qr,53
+4( temp?<#
¶ +zwDibZfAYhC* 400 MB:
1. !q*< → hC → XFfe#
2. +w53,"!qT\!n(#
3. ZibZfxr,%w|D#
66 f> 3 "Pf 7.1
![Page 87: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/87.jpg)
4. +u<s!5|D* 400 MB "+nss!|D* 500 MB#
5. %whC#
6. %w7(,XUT0r#
7. %w7(,XU053tT10Z#
8. %wG,XBt/Fcz#
¶ 4(w* Tivoli PKI dCC'D Windows NTC'#dCLr9C
KC'{M\k4(XhD}]b"dC53#9C Windows NT\
m$_hCKC',gBy>:
1. S\m$_Lri,KPC'\mw#
2. (}4F\m1J'(;vT>0\m11u?"4 F8)mSJ' cfguser #C'Xk_P Windows NT\m1X(#
3. dk cfguserD\k,YNdk`,\kT7O#
4. !{!qC'XkZB;NG<1|D\k#
5. %w7(#
*KC'{8(D\k$HXk}C* 8 vV{#*E/2+
T,Xk8(;v;\4v5J%JDV{.#\k2Xk9C
s!4lODV{,RAY|,;v}V#
v 7#G!KC'{M\k#20MdC531,+h*8(|,
KPX( Tivoli PKI 53\m$_12I\ah*|#
v g{F.Z`zdCP20 Tivoli PKI,k7#Z?(zwO4(
`,DC'{M\k#
LxxP Tivoli PKI 200,&1<G8] Windows NT 53#5P
8]3s+9zZvVJbDivBIV453#IT9C Windows NT
\m$_a)D8]Lr4(533s#2IT9Cm;vz!qDJ
CZ WindowsD8]Lr#
67Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
![Page 88: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/88.jpg)
20}]bm~Tivoli PKI 9C IBM DB2 (C}]bm~\m}]#k Tivoli PKI ;
pa)Dm~rcvCZ Tivoli PKI &CLr#g{k*(F}]bm
~,r+dCZ} Tivoli PKI TbDz7,rXk:r IBM DB2 s5
f,f> 5.2 Dj+f>DmI$,"&C^)| 10#
9CTB}L20}]bm~#g{Z`zdCPhC Tivoli PKI,rX
kZ?(F.20 Tivoli PKI ~qwi~DzwO20 Tivoli PKI }
]bm~#
1. + Tivoli Public Key Infrastructure NTf CD Ek CD-ROM }/
w#
2. !q*< → KP#
3. %w/@,|DA CD-ROM }/w#
4. KP setup.exe#
5. Z0!q20oT10ZP,!qK20DoT,"%w7(#
6. 4i06-10ZPDE","%wB;=#
":g{KzwOQ-fZ DB2 "R|D6p}7,rLr+0x
A020jI10Z#ZK&,%wjI,jI20#
7. Z0!q?DX;C10Z,%wB;=T9C1!2076,r
!qk*20m~D}/wM?DXD~P,;s%wB;=#
(1!76,c:\Program Files\IBM\Trust Authority,GIS\D#)
8. Z08(}]b\m110ZP,dk}]b\m1DC'{M\
k,YNdk\k7O,"%wB;=#b=vu?D(i5G
db2admin #
9. Lr*<20}]bm~#K}LI\h*8VS#
10. Z020jI10ZP,%wjITjI20#
68 f> 3 "Pf 7.1
![Page 89: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/89.jpg)
20 Web ~qwm~Tivoli PKI 9C IBM WebSphere Application ServerM IBM HTTP Server
'VdyZ Web D&\#*7#Q}720 Web ~qwLrCZk
Tivoli PKI ;p9C,kq->ZPD=hTZ Windows NT=(O2
0m~#XkZF.20"aPDi~DzwO20m~#
Z Tivoli PKI AIX fM NT f CD O,Tivoli PKI |, WebSphere
Application ServerD|Bf>#9C WebSphere Application Serverf
> 2.02 CD 20 IBM HTTP Server,"9C Tivoli PKI CD 20
WebSphere Application Server#
k"b49 WebSphere_P\m!~qLrD\mgf,+9G;I\
R;h*9C|4\m Tivoli PKI !~qLr#
20 JDK*20 JDK,k4PTBYw:
1. + WebSphere Application Serverf> 2.0.2 CDek CD-ROM }
/w#
2. |DA \NT\jdk ?<,"KP JDK setup.exeLr#
3. Z06-10ZP,%wB;=#
4. Z0m~mI$-i10ZP,DA-i"%wGS\|#
5. Z0!qi~10ZP,S\1!!q(LrD~"bM7D~T
0]>!&CLr)#%wB;=9C1!2076,r!qk*2
0 JDK D}/wM?DXD~P,;s%wB;=#(1!76I\
GIS\D#)
6. Z0*<4FD~10ZP,4iz!qD!n"%wB;=L
x#
7. Z020jI10ZP,%wjI#
8. T>TvD~1,k4i|#
20 IBM HTTP Server*20 IBM HTTP Server,k4PTBYw:
69Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
![Page 90: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/90.jpg)
1. + WebSphere Application Serverf> 2.0.2 CDek CD-ROM }
/w#
2. |DA \NT\httpd ?<,"KP IHS setup.exeLr#
3. Z06-10ZP,%wB;=#
4. Z0m~mI$-i10ZP,DA-i"%wGS\|#
5. Z0!q?DX;C10ZP,!q1!2076r8(;v#
6. %wB;=#
7. Z020`M10ZP,!q(F"%wB;=#
8. Z0!qi~10ZP,P=v0q:s0qPvKi~/D{
F;R0qPvKiIx(i~/Di~#!qs_Db"!{!
qR_D Apache 4#g{;k20D5,,1!{!q|#%w
B;=Lx#
9. Z0!qLrD~P1K%P,%wB;=,S\1!LrD~
P,rdkk*9CDD~P{F,;s%wB;=#
10. Z0~qE"2010ZP,dkC'j6 cfguser,"dk*KJ'4(D\k,7O\k,;s%wB;=#
11. Z020jI10ZP,IT!qVZXB}<9GTsXB}
<#!qTsXB}<(q),;s%wjI#
":20 IBM HTTP Servers,Xk+~qw~qhC*V/,Tc~
qw;w*~qt/#k4PTBYw:
1. !q*< → hC → XFfe#
2. +w~q"!q IBM HTTP Server ~q#
a. %w#9(g{Q-t/)#
b. %wt/,"+t/`M|D*V/#
c. %w7(#
d. %wXU,Kv0XFfe1#
20 WebSphere Application Server*20 WebSphere Application Server,k4PTBYw:
70 f> 3 "Pf 7.1
![Page 91: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/91.jpg)
1. + Tivoli Public Key Infrastructure AIXfM NT f CD Ek
CD-ROM }/w#
2. |DA \WinNT\WebSphereAS-2031?<,"KP was2031.exeLr#
3. Z WebSphere Application Server0ZP,%wB;=#ITvTX
Z#9 HTTP ServerD/f#
4. Z0!q?j?<10ZP,%wB;=S\1!2076,r!
qk*20m~D}/wM?DXD~P,;s%wB;=#
5. Z0!q&CLr~qwi~10ZP,I!q!{!qD5My
>;yPd|i~<GXhD#%wB;=Lx#
6. Z0!q Java Development KitrKP17310ZP,7#!q
K Java Development Kit 1.1.6 ,;s%wB;=#
7. Z0!q&CLr~qwe~10ZP,!q IBM HTTP Server f> 1.3.3.x,;s%wB;=#
8. Z0!qLrD~P10ZP,%wB;=,S\1!LrD~
P,rdkk*9CDD~P{F,;s%wB;=#
9. Z0dC IBM HTTP Server10ZP,7#T>Q20 IBM HTTP
Server \conf?<;CD}776,;s%w7(#
10. Z020jI10ZP,%wjI#
11. T>TvD~1,k4i|#
12. Z0XBt/ Windows10ZP,IT!qVZXB}<9GTsX
B}<#!qG,VZXB}<,;s%w7(#
hC IP p{Z303D:dC Web~qwD IP p{;V[K Tivoli PKI gNZ Web
~qwOdCKZT&m2+MG2+Bq#g{k9C;,DdC,
r9C IP p{(eG)KZ#
71Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
![Page 92: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/92.jpg)
20 IBM DirectoryTivoli PKI 9C IBM Directory f"",$XZ(}"a$_)"D$
iDE"#9CTBBZPD=h,20"hC Directorym~#ITZ
6LzwOrZF.20 Tivoli PKI ~qwi~D,;(zwO20K
m~#
20 Directory m~*20 Directory m~,k4PTBYw:
1. + IBM Directory Server CDek CD-ROM }/w"KP setup.exe
Lr#
2. Z!q20oT0ZP,!q20oT"%wB;=#
3. Z06-10ZP,%wB;=#
4. Z0!qi~10ZP,!q20 SecureWay Directory MM'
z SDK "%wB;=#
5. Z0!q?DX;C10Z,%wB;=T9C1!2076,r
8(;,D;C,;s%wB;=#g{SU=XZ20Vx;G
NTFS VxD{",r%w7(Lx#
6. Z0D~P!q10ZP,%wB;=S\1!LrD~P,r8
(;,DD~P{F,;s%wB;=#
7. Z0dC10ZP,e}+?Dr"%wB;=#
8. Z0*<4F SecureWay DirectoryMM'z SDK DD~10ZP,
4i!q"%wB;=#
9. a>1,%wG,i4TvD~#4is,XU0Z#
10. Z020jI10ZP,IT!qVZXB}<9GTsXB}
<#!qG,VZXB}<,;s%wjI#
":Z`zdCP,KP Tivoli PKI dC!&CLr0,?v Tivoli PKI
~qw<Xk20 DirectoryM'zm~#*20Km~,}KUE
Q20 Directory ~qwm~Dzw,XkZd|D?(zwOS
Directory Server CD-ROM20 Directory Client!n#Xk20Z
?(zwODX|D~G ldap.dll M ldaploc1.dll#
72 f> 3 "Pf 7.1
![Page 93: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/93.jpg)
k Tivoli PKI ;p9C Directory20rdC Tivoli PKI ~qwi~0,h*Kb Tivoli PKI GgNk
Directory;%wCD#*Kb Directory#=hsT0gN* Tivoli PKI
dC Directory,kN<6Tivoli PKI dC8O7#
7O53hC20 Tivoli PKI 0,k4PTBYwT7#~q&ZgBy>D4,#
1. w* Tivoli PKI dCC'(dMivB* cfguser)G< Windows
NT#
2. !q*< → hC → XFfe#
3. +w~q"7OTB4,#=v;vT>D~qhCGX|D:
DB2 - DB2 Qt/ T/DB2 - DB2DAS00 Qt/ T/DB2 Governor V/DB2 JDBC Applet Server V/DB2 Security Server V/IBM HTTP Server V/WebSphere Servlet Service V/
4. %wXU,Kv0XFfe1#
20 Tivoli PKI9CTB8<20 Tivoli PKI z7i~#
¶ XkZ,;v=(O20yP~qwLr(Z>}P* Windows
NT)#
¶ g{T0Q20 IBM KeyWorks f> 1.1.1,rXkZ;,DzwO
20 Tivoli PKI,rZt/ Tivoli PKI 20Lr0}% KeyWorks
m~T0yPX*D&CLr#
¶ g{*Z`zdCPhC Tivoli PKI,rXkX420=h,1=Q
Z*20DzwO20KyP~qwi~#
¶ 20 RA @f!&CLr1,WH20;v203s#;sXkV"
3sr9dZxgOIC,TcZC'ITSKP WindowsD>X
zwOKP20Lr#XZgN20"dCM6Xb)LrD8>
E",kND6Tivoli PKI RA @f8O7#
73Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
![Page 94: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/94.jpg)
¶ g{20X8m~s,4XBt/53,rVZXBt/#20
Tivoli PKI 0,Xk7#73d?G}7D#
¶ 9C PING rm;vxg,S$_,i$wz{M IP X7GP'
D,"RTZxgD DNS ~qw|GQ*D#
20~qwm~*20~qwm~,k4PTBYw:
1. 9C*K?Dj6DC'{M\k(dMivB* cfguser),G<
Windows NT#g{h*,kNDZ663D:hC Windows NT;q
!oz#
2. XUyPn/DLr#
3. + Tivoli Public Key Infrastructure AIXfM NT f CD Ek>X
,SD CD-ROM }/w#
4. !q*< → KP,%w/@,|DA CD-ROM }/w"KP
setup.exe#}g:
}/w:\WinNT\TrustAuthority\setup
g{*ZsZ 256 MB ZfDzwOKP20Lr,rXkmS /z
*XT{CZfli#}g:
}/w:\WinNT\TrustAuthority\setup /z
5. Z0!q20oT10ZP,!qK20DoT,"%w7(#1
!5*"o#
6. 4i06-10ZODE","%wB;=#
7. g{Q20 IBM DB2 D@"f>,x;Gf Tivoli PKI a)Df
>,rvV0!q?DX;C10Z#g{kZ1!;C
(c:\Program Files\IBM\Tivoli PKI)20m~,r%wB;=#q
r,k%w/@,!qrdk;,D?jD~P,;s%wB;
=#
8. Z0!qi~10ZP,9CBmw*8<#lik*20Di
~,e};k20Di~,"%wB;=#
74 f> 3 "Pf 7.1
![Page 95: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/95.jpg)
i~ hv
Tivoli PKI M"aPD
~qw
20w Tivoli PKI LrM"aPD~qwm~,|
,"a$_h*DyPD~#
O$PDMsF~qw 20O$PDMsFS53Lr#
Directory ~qw 20 Tivoli PKI i~k Directory `%wCyhDm
~#
"aPD@f 20 Tivoli PKI RA @f!&CLrD203s#
":
¶ K&,+I20Lr7(Gq*20!qDi~yhDm~"
9C}7Df>6p#g{X8Lr;IC,r20Lr+K
v#20X8m~,;sYNt/20}L#
¶ *<8}]bdC,20Lr9*i$TdG<DC'{#g
{C'{$Z 8 vV{,r20LrKv#CHZ 8 vV{r
YZ 8 vV{DC'{G<,;sYN*<20}L#
¶ g{!q Tivoli PKI M"aPD~qw,R20Lrlb=`vf>D IBM WebSphere Application Serverr IBM HTTP
ServerIC,r+a>z!q*9CDf>#
9. g{*Z1!LrD~P(Tivoli PKI)P4(Lr<j,kZ0!
qLrD~P10ZP%wB;=#qr,dkr!qz*9CD
D~PD{F,;s%wB;=#
10. Z020jI10ZP,%wjIT*<20}L#53+D~4
F=ksD;C"KP8vLrjI Tivoli PKI 20#
11. 20m~s,XBt/53#
|DTYLr5v1k|DNN1!dC5(KPdC!&CLrrQdC53s^(
|DD5),E9CK}L#KP Tivoli PKI s20dCLr0,Xk
TyPTYLrxP|D#
Tivoli PKI +TYLrw*s20}LD;?VKP#TYLrDdkG
{* createconfig_start.sql(|+1!50kdC}]b"Z ConfigDataTbl
75Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
![Page 96: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/96.jpg)
}]bmP4(}]bm(e)D SQL E>#Km|,yP Tivoli PKI
i~D53dC}]#;)Qt/dC}L,r^(|DK SQL E>P
D;)5#
":Z1!5I\ZYw73P<BJbDt1ivB,2ITZdC
0|D Tivoli PKI #eD~#XZ|`E",k*5 IBM 'Vz
m#
*|DTYLr5,k`- createconfig_start.sqlD~#KD~D1!;
CG c:\Program Files\IBM\Trust Authority\bin#
wvNN|D1,k9CBmw*8<:
¶ TZ Windows NT,;\|D DATABASE PATHNAME 5#
¶ Tivoli PKI RA"Directory\m1MsFS53D(P{F(DN)T
ZC'G8wD#g{k|D|G,r*7#v|D+2{F
(CN)tT#dCZd8(DO$PD(CA)DN b+JCZz!
qD CN#
VN{F hv 1!5
WS_RO_KEYSIZE Web~qw\?7\?
s!#KeySize6YP(
eD!n 0-3,gB:
¶ 0 = 512
¶ 1 = 768
¶ 2 = 1024
¶ 3 = 2048
0
APP_DN Tivoli PKI RA D DN#
;IT^D CN#
/ C = U S / O = Y o u r
Organization/OU= Tivoli
PKI/CN= Tivoli PKI RA
76 f> 3 "Pf 7.1
![Page 97: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/97.jpg)
VN{F hv 1!5
APP_CERT_LIFETIME 53PNNG CA $i
(}gC'"~qwr
RA $i)D9CZ,T
B8(#8(D59X
kZ jonahca.ini.tplM
jonahra.ini.tplD~P8
(#
36
APP_LDAP _DIRADMIN
_DN
D i r e c t o r y \m1D
DN#;IT^D CN#
/ C = U S / O = Y o u r
Organization/OU =Tivoli
PKI/CN= DirAdmin
APP_COMM_PORT &m"a$_r\M
Tivoli PKI RA .dD(
ED(EKZ#
29783
APP_SEC_MECH &CLrD2+zF#
1!5{C RA }]b
S\#+5hC* 1 I
tC}]bS\#
0
C A _ I B M _ C A _ C E R T
_LIFETIME
Tivoli PKI CA $iD9
CZ,TB8(#
360
CA_IBM_ADMIN_PORT Tivoli PKI CA D\mK
Z#8(D59XkZ
D~ irgAutoCA.ini.tpl
(;Z cfg ?<)PD
PORTu?8(#
1835
ADT_DN sFS53D DN#;
IT^D CN#
/ C = U S / O = Y o u r
Organization/OU =Tivoli
PKI/CN =Tivoli PKI
Audit
KPs20dCLr20 Tivoli PKI ~qwm~s,XkKPs20dCLr CfgPostInstall#
ZKP20r<dC Tivoli PKI 0XkKPKLr#
KLrI4( Web~qwdCD~(httpd.conf),KD~JmC Tivoli
PKI yhDN}t/ Web ~qw#|,1<8KPdC!&CLrD
Web ~qw"4(dC}]b"+1!dC}]2k}]b#
77Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
![Page 98: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/98.jpg)
*KPs20dCLr:
1. T Tivoli PKI dCC'm] cfguserG<#
2. 7#~qwOfZ temp?<,"GI73d? %TEMP%(eD#
3. !q*< → Lr → Tivoli Public Key Infrastructure → s20dC#
4. dkKv,XU0Z#
CfgPostInstalla>zi$ cfguserJ'\k(|G4(J'1hCD),
;sa>zhC"7OXFLr\k#cfguser\k+XFT cfguserJ
'M CfgAppletr<3fDCJ#XFLrD\kI^FTXFLrDC
J#RGFvXFLr9Ck cfguser;,D\k#z4(D cfguser\
kXkGP'D53\k,d$H;,} 8 vV{#
s20lim9CTBlim,7#QIT*<dC Tivoli PKI#XZKP20r<D
E",kND6Tivoli PKI dC8O7:
1. 9CW!D Windows NT$_8]1053#
2. *KPzZ+4DJbbv,k4( Windows "amD8]1>T
7#_PyPQ20m~DPm#
3. g{;rc9C Web ~qwKZD1!dC5,rXkZKP20
r<0dC IP p{#*534( CA $i1,dCLr+@5Zb
)5#XZ Tivoli PKI gNdCM9C Web~qwODKZCZ2
+MG2+BqDV[,kNDZ303D:dC Web~qwD IP p
{;#
4. v(zk*CZ Tivoli PKI CA 0dzmLr"Directory \m1M
Directory rootC'D(P{F(DN)#
4i6Tivoli PKI dC8O7PD8<,T7#b)TsD DN 'V
Z{D$wcNa9#
5. jI;Z6Tivoli PKI dC8O7PD Tivoli PKI dC}]m%,T
ZdC530l$XkKbDE"#9Cm%G<XZ53DE
",}g~qwwz{MW!D(P{F#
78 f> 3 "Pf 7.1
![Page 99: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/99.jpg)
6. *KozdC,4PTB=hZF.KP20r<DzwOhC;
vOsD,Iv/D MS DOS73#ZdM73P,DOS0Z^v
/u,xRvITT> 24 PE":
a. w* Tivoli PKI dCC'G<(dMC'* cfguser)#
b. !q*< → hC → XFfe#
c. +w MS DOSXF(#
d. !q<V!n(#
e. ZA;:exs!?V,+_HAYhC* 1000(IT8(ns
5 9999TZDNN})"%w7(#
KP8]5CLrTivoli PKI 8]5CLr(ta-backup)G#f4f"ZNN DB2 }]b
PDdC}]D$_#9+#f(zD~}](gD~mI()#9C
DB2 5CLr8] DB2 }]b#
8]5CLrS\;vj64k8]}]D?<DN}#K8]?<G
CZ#fyP}]D~Dy?<#*\b8]?<PD{Fe;,8]
5CLr+9CfZZ}#f53OD`,?<a94#fD~#
TB>}5wKLro(:
ta-backup -d backup_directory
dP -d backup_directory GCZ}]8]D?<#1!76G
/usr/lpp/iau/backup#
k4PTBYw,QzKP ta-backup5CLr:
1. T cfguserm]G<#
2. !q4(k*8] Tivoli PKI dC}]D?<#}g:
mkdir "c:\Program Files\IBM\Trust Authority\my_tabackup"
3. |DA Tivoli PKI bin ?<#1!76G c:\Program Files\IBM\Trust
Authority\bin#
4. dkTB|n,8(k*8]}]DxT76:
79Tivoli PKI hCkKP
5.Z
Window
sN
TO20
Tivoli
PK
I
![Page 100: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/100.jpg)
ta-backup -d "c:\Program Files\IBM\Trust Authority\my_tabackup"
80 f> 3 "Pf 7.1
![Page 101: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/101.jpg)
dC Tivoli PKI
20 Tivoli Public Key Infrastructure(PKI)~qwm~s,Xk8(d
C5,TXFi~ZzD>cgNhC#}g,h*j6~qwLrD
;C,8((P{F(DN),"hC"ar#
dC}LP,53+5#fZIdvDD~P#K&\ThC`v9C
,;=(R_P`FdCD Tivoli PKI 5}GPCD#20BD Tivoli
PKI 5}1,I<k#fD5,TCwdCB53Dy<#
Tivoli PKI z7|,20r<,|G;v8(dC!nD!&CLr#*
<dC Tivoli PKI 53.0,h*KbdC}L,"v(*gNhCz
73PD53#zh_8XZzD53ZKP20r<1ICD*6#
9h*7#Z"T9C53.0,53Q}7dC#
6Tivoli PKI dC8O7hvKgN<8dC"8(dC!nM<8CZ
z773PD53#}g,||,:
¶ $wm,ozzZt/20r<.0U/E"#
¶ 9C DN `-w48(P'(P{FD8<#
¶ + Tivoli PKI "<xC'Ee.0,z&I!D=hD(i#k"b
3)X(=h(}g|D~qw\kM8]BdCD53)GG#
X|D#
¶ 6Xm~D}L#
hFCZ Web 73PD6dC8O7a):
6
81Tivoli PKI hCkKP
6.dC
Tivoli
PK
I
![Page 102: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/102.jpg)
¶ frNqDE",}g0gNhC6Li~?1r0gNi$d
C?1
¶ EnTDE",}g02vXZ"arDE"1r02vXZ
Directory DE"1#
¶ N<E",}g9C20r<1I8(D5Dj8hv#
I(}TBNN==CJ6dC8O7:
¶ t/20r<s,%wNNoz4%,;sZi4*zoz1%w
CiD<j#
¶ S Tivoli Public Key Infrastructure Web>c:
http://www.tivoli.com/support
82 f> 3 "Pf 7.1
![Page 103: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/103.jpg)
kE
20MdC Tivoli Public Key Infrastructure(PKI)53.s,zh*K
bXZ\m|"9C|a)D<NC'gfDE"#TBBZ*z8v
IozzkE Tivoli PKI DD5#z&4ib)D5,TKbgN4P
TB`MDNq:
¶ w{53Yw,G+.#$p4Tczz9G4P}ZxPDT\
w{#
¶ KP RA @f,T\m)"D$iM$iks#
¶ 9C"a$_a)D/@wGGm%4q!$i#
¶ (F"a}L,}g^DCZGGD HTML m%r|,;,$i`
MD'V#
53\mTivoli Public Key Infrastructurea)K8V$_,Tozz\m53#|
|,:
¶ CZZ2+"\k#$D==Bt/M#9~qwi~D5CL
r#
¶ CZhCIEi~LrD2+\kD5CLr#
¶ CZZ(\mC'T9C RA @fD5CLr#
¶ 9 Tivoli PKI O$PD(CA)\km; CA ;fO$r(" CA c
Na9D5CLr#
¶ CZlisF}]bMi5DsFG<j{TD5CLr#
7
83Tivoli PKI hCkKP
7.kE
![Page 104: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/104.jpg)
¶ CZi5M)psF}]bD5CLr#
¶ <B root C' CA \?S;vG9\D\?T*v=B;v CA \
?TD5CLr#
¶ *O$DC'T Tivoli PKI wC;NM\ks`v}V$ia)K2
+=(D5CLr/#
Tivoli PKI System Administration GuideG<Kb)5CLr"a)\m
D8<#}g,||,\m~qwi~0dwT}]bD(i#|2G
<K(853hC"+.#$p4TCZzz73XkI!D=h#
hF*CZ Web 73P,System Administration Guidea):
¶ frNqDE",}g0gN#953?1r0gNi5sF}]
b?1
¶ EnTDE",}g02vXZ;f$wDE"1"02vXZ
Tivoli PKI CA DE"1,r02vXZIsFB~DE"#1
¶ N<E",}gdCD~N}Dj8hv#
*CJ System Administration Guide,kCJ Tivoli Public Key
Infrastructure Web>c:
http://www.tivoli.com/support
RA \m
RA ~qw+XZGGksMQ)"$iDG<f"ZS\D"a}]b
P#@@GGksM\m}]bG<DNqI(}LrT/&m,rI
\m1K*&m#
Tivoli PKI a)!&CLr RA @f,b9Z(D"a1&m$iks
MTQ)"$ixPYwdC]W#
RA @f'VTBdMD\mNq:
¶ &m}ZH}K<DGGks
¶ |D+*''D$iDP'Z
¶ 7($iGq\|B
84 f> 3 "Pf 7.1
|
|
|
|
![Page 105: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/105.jpg)
¶ Y1]R$i
¶ @C7z$i
6Tivoli PKI "aPD@f8O7hvK RA @f!&CLr#
hF*CZ Web 73P,6RA @f8O7a):
¶ frNqDE",}g0gN20 RA @f1"0gNlw+*''
$i/?1r0gNi4T$iI!DYwz7?1
¶ EnTDE",}g02vXZ"arDE"1r02vXZ$i
P'ZDE"#1
¶ N<E",}g9C RA @f1"a1I8(D5Dj8hv#
I(}TB==CJ6RA @f8O7:
¶ t/ RA @fs,%wNNoz4%,;sZi4*zoz1%wC
iD<j#
¶ S Tivoli Public Key Infrastructure Web>c:
http://www.tivoli.com/support
"aM$w9Ck"a$_;pa)D/@wGGm%,I=cX"a/@w"~
qwMh8$i#ksK<1,T/BX$i#2I9C/@wm%4
$"aIC PKIX &CLr49CD$i#$"aksK<1,a)D
E"9z\Z=c1dq!$i#
6Tivoli PKI C'8O7hvK/@wGGm%"|,:
¶ frNqDE",}g0gNGG/@w$i?1r0gN|B+
*''D$i?1
¶ EnTDE",}g02vXZ$"aDE"1r02vXZ~q
w$iDE"1#
ISTB Tivoli Public Key Infrastructure Web>c4CJ6C'8O7:
http://www.tivoli.com/support
85Tivoli PKI hCkKP
|
|
|
|
|
|
|
|
|
|
|
|
7.kE
![Page 106: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/106.jpg)
(F
Tivoli PKI *zkgN5Vzi/D"a}La)KinT#}g,|J
mzXFTB`MDn/:
¶ /@wGGm%O9CDoTb[
¶ $w_T
¶ "Mx"a$iDC'D(*EZ]
¶ &m;,`MT/&mD_TvZ
Tivoli PKI Customization GuidehvKI(F"a$_D;,=("|
,:
¶ frNqDE",}g0gNmSGGVN?1r0gN|D$i
E*D~?1
¶ EnTDE",}g02vXZ$"aDE"1"02vXZ5q
_TDE"1,r02vXZCJXFDE"#1
¶ N<E",}g$i`MM"a$_dCD~Dj8hv#
*CJ Customization Guide,kCJ Tivoli Public Key Infrastructure Web
>c:
http://www.tivoli.com/support
86 f> 3 "Pf 7.1
|
|
![Page 107: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/107.jpg)
Jcm
>Jcm(eK>iPBDr;#CDuoMu4T0A_PK$Du
o#UkDuoM(e4T:
¶ 6nB IBM Fcz<uGd7,&<:McGraw-Hill,1994#
¶ 6@zzRj<E"53Vd7,@zzRj<-a X3.172–1990,
@zzRj<-a(ANSI),1990#
¶ 6#{Jbbp7,f> 3 . 0,S{#aG:R S A D a t a
Security,Inc.,1998#
2A3
2+gS;W(Secure Electronic Transaction ,SET)G;VZ;IExgOxP=c2+DEC(rhG('6D$5j<#IZ
Cj<+*s$iD"P,yT|aOKV(K"LRM"(xPDm]O
$#
2+"Pc((Secure Hash Algorithm ,SHA-1)|GI NIST M NSA hFD;Vc(,M}V){j<;p9C#Kj<G2
+"Pj<;SHA GKj<9CDc(#SHA zz;v 160 ;D"P5#
2+WSVc(Secure Sockets Layer ,SSL)xPTnUC'!I\8wDZC2+~qD IETF j<(E-i#|a)K;
u}V/2+(E(@#
P SSL &\D~qw(#Zk HTTP j<;,DKZOS\ SSL ,Sks#
Z=(wFbwwd;;EET("(EZd,SSL4(a0,K}L;h"z
;N#ZK.s,(EMS\K#E"j{Tli+;1Lx= SSLa0ax#
2+Tr(security domain )I,;v CA 4O$$iDi(+>"$wirES"L}gr~.)#I CA
)p$iDC'ITENd{IK CA )p$iDC'#
2B3
#\T(privacy )@94Z(D}]96#
87Tivoli PKI hCkKP
Jcm
![Page 108: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/108.jpg)
>XoT'V(National Language Support ,NLS)z7Z?T;,oT73D'V,b|(oT"uR"UZM1dq=T0}
Vm>==#
j<(CjGoT(Standard Generalized Markup Language )
CZhvjGoTD;Vj<#HTML MGyZ SGML D#
;IqOT(non-repudiation )9C}V(C\?\bD~"PLJbqOTD5D)p#
2C3
Ywz7(action history )>$P'ZP}[DB~#
_TvZ(policy exit )Z"a$_P,I"a&CLrwC"i/(eDLr#Z?v_TvZP8
(Dfr,|Qi/DLqM2+T!n&C=GG}LP#
cNa9(hierarchy )EN4PDO$PD(CA)Di/,TT)p CA r%KDy*<,"T)"$
ixnUC'D CA ax#
,D>(hypertext )|,%J"Lor<NDD>,A_IT(}sjcwTlwMT>m;vD
5#byD%J"Lor<NF*,4SD>#y=lw,D>,MG4S=
CD>#
,D>jGoT(Hypertext Markup Language ,HTML)T Web 3f`kDjGoT#|yZ SGML#
,D>Bq&m-i(Hypertext Transaction Protocol ,HTTP)(} Web *F,D>D~DrXxM'z/~qw-i#
iso(m>( 1(Abstract Syntax Notation One ,ASN.1);V ITU F(Dm>(,CZ(eE"}]Do(#|(eKm`r%D}]`
M,R*j6b)`MM5w|GD58(Km>(#1h*(eE"Dis
o(1,<IT&Cb)m>(,+;C\+Mb)E"D`k==D<x#
+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol ,TCP/IP);i'V>XxMcrxDcTc,S&\D(E-i#
88 f> 3 "Pf 7.1
![Page 109: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/109.jpg)
2D3
zm~qw(proxy server )ZksCJDFcz(Fcz A)M;CJDFcz(Fcz B).dDPi#
rK,g{nUC'ksFcz A DJ4,rks;(r=zm~qw#zm~
qwrFcz B ks"q!l&,YQl&*"xUKC'#(}Z?@p=4
CJr,xJ4D}LPzm~qwpEX*DwC#
zk)p(code signing );VC}V){)pI4PLrD<u#zk)phFC4DxV<ZrXx
ODm~DI?T#
GG(enrollment )Z Tivoli PKI P,q!ZrXx9CD>$D}L#GG|($iDks"a"
|BM7z#
GGd?(enrollment variable )kNDGGtT(enrollment attribute)#
GGtT(enrollment attribute )
|,ZGGm%PDGGd?#|D543KGGZd6qDE"#GGtT
D5Z>$9CZZG;dD#
gS3W(e-commerce )LR=LRD;W#|,(kKM"a)L")&LMd{K)ZrXxOr
tL7M~q#|GgSLqDw**X#
gSLq(e-business )(}xgMFczxPL5;W#||(rtL7M~q#9|((}}V(
E*FJp#
%c CA(top CA)Z PKI CA cNa9%cD CA#
TF\ku(symmetric cryptography )
9C`,D\?4S\Mb\D\ku#|D2+T!vZ\? * \?9\M
b6NNK<IT`kMbk{"#;P1\?#\,(EEG#\D#kT
UGTF\ku(asymmetric cryptography)#
TF\?(symmetric key )ITS\`Ib\D\?#m{TF\ku(symmetric cryptography)#
89Tivoli PKI hCkKP
Jcm
![Page 110: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/110.jpg)
Ts(object)ZfrTsDhF`LP,k}]`XDisb0}]MYw#m{`
(class)#
Tsj6(object identifier ,OID)y>Z\m,8(xiso(m>( 1(ASN.1)P(eD`MD}]5#
Ts`M(object type )ITf"Z Directory PDTs#}g:i/"aiR"h8"K1"Lrr}
L#
`&\rXxJ~)9(Multipurpose Internet Mail Extensions ,MIME);WTIICDf6,9CT;,V{/`kDD>IT`%;;#,129
`=egSJ~JCZ9CrXxJ~j<D`V;,Fcz53#}g,}
K US-ASCII"v?D>"<qMytb8VV{/,gSJ~{"9IT|,d
|V{/#
2F3
@p=(firewall )xgdDxX,CZ^Fxg.dDE"w/#dMX,@p=D?DG#$
Z?Dxg,@94Z(Db?C'9C#
CJXFm(access control list ,ACL);VTQZ(C'^F9CX(J4DzF#
GTF\ku(asymmetric cryptography )
\kuGC;,D"GTF\?xPS\Mb\#?vC'IU=;T\?:
;vyPKICJD+C\?M;vvC'*@D(C\?#1+C\?M`
&D(C\?`%d1,t/;Wb\,byM\xP2+;WK#b2F*
\?T\ku#kTUTF\ku(symmetric cryptography)#
qO(repudiate )IZ;f5x\x;}g,qO"MK8({"ra;K8(ks#
~qw(server)(1)ZxgP,*d|>ca)&\D}]>c,}g,D~~qw#(2)
Z TCP/IPxg53P*d|>c53Dksa)&mD53,F*M'z/~
qw#
90 f> 3 "Pf 7.1
![Page 111: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/111.jpg)
~qw$i(server certificate )I CA )"D}V$i,9 Web ~qw\&myZ SSL DBq#1/@wC
SSL-ik~qw,S1,~qwa"x/@w;v+C\?#K\?I'V~
qwm]O$#,1|2'V*"Mx~qwDS\E"#m{ CA $i(CA
certificate)"}V$i(digital certificate)M/@w$i(browser certificate)#
2G3
+2S\e5a9(Common Cryptographic Architecture ,CCA)IBM m~,|9s`} IBM Fc=(\T;BD=(IC\ku#|'VIC
;,D`LoT`4D&CLrm~#&CLrm~ITwC CCA ~q4jI
s6'DS\&\,|( DES M RSA S\#
+2}]2+Te5a9(Common Data Security Architecture ,CDSA)*yZFczD2+T&CLrx4(Dfr2+T~qM2+T\m(eD
[O=(#|I Intel hF,T9Fcz=(T&CLrxT|*2+#
+2xXSZ(Common Gateway Interface ,CGI)Z Web 3fM Web ~qw.d+ME"Dj<=(#
+C/(C\?T(public/private key pair )+C/(C\?TG\?T\kuEnD;?V(1976j,I Diffie M Hellman
*bv\?\mJbx}k)#Z{GDEnP,?KqC;T\?,;vF*
+C\?,m;vF*(C\?#?vKD+C\?G+*D,x(C\?G
#\D#"M=MSU=;h*2m#\E":+?(Ef0D;G+C\
?,R(C\?"4+dr2m#;Yh*EN(E(@D2+,T@9T}
r9\#;*s+C\?k|GDC'T;VIE(O$)D==(}gZI
E?<P)`X*#(}9C+2E"NNK<\"Mz\{"#;x,C{
";\I(C\?b\,$ZDSU=(;5PK(C\?#Kb,\?T\
ku;vCZ#\T(S\),9CZO$(}V){)#
+C\?(public key )(C/+C\?TPTd{KP'D\?#|9d{K\k\?DyP_xP
Bq&mri$}V){#C+C\?S\D}];\(}`&D(C\?4
b\#kTU(C\?(private key)#m{+C/(C\?T(public/private key
pair)#
+C\?y!a9(public key infrastructure ,PKI)yZ+C\?\kuD2+Tm~Dj<#PKI G}V$i"O$PD""aP
D"$i\m~qMV<=?<~qD53#C4i$rXxOf0BqDw
91Tivoli PKI hCkKP
Jcm
![Page 112: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/112.jpg)
=Dm]M(^#b)BqI\f0=h*i$m]DYw#}g,|GI\
*7Oav6jDp4"gSJ~{"Dw_rpZLq#
PKI CC'D+CS\\?M$iTP'vKri/DO$P'#|a)D*z
?<|,CZi$}V$i">$M}V){D+CS\\?M$i#
PKI *+CS\\?Di$i/Mksa)lYP'Dl&#|96p53P1
ZD2+T~2",$J4T&m2+%f#ns,PKI 9*X*DL5Bqa
)K}V1dAG~q#
+C\?\kuj<(Public Key Cryptography Standards ,PKCS)G}=D)&L.dDj<,|GI RSA 5iR0;,Fcz)&LDzmZ
1991j*"#Cj<|, RSA S\"Diffie-Hellman -("yZ\kDS\"
)9D$io("S\{"o("(C\?E"o(M$wo(#
¶ PKCS #1hvK9C RSA +C\?\k534S\}]D=(#<ZCZ
}V){M}VEbD9l#
¶ PKCS #78(\k{"D;cq=#
¶ PKCS #108($wksDj<o(#
¶ PKCS #11*\kh8(}g:G\()(e<u^XD`LSZ#
¶ PKCS #12*f"r+MC'D(C\?"$i"d|X\E"H8(;VI
F2q=#
zJj</i/(International Standards Organization ,ISO)*""+<j<DzJi/#
zJgE*K(International Telecommunication Union ,ITU)~.M(E?E-w+r6L(ExgM~qDzJi/#|G6L(E<
u"\mMj<E"Dnw*"<_#
zR2+z9(National Security Agency ,NSA)@z~.Y=D2+zX#
2J3
z\T(confidentiality );+E"96x4Z(=DXT#
y>`kfr(Basic Encoding Rules ,BER)Z ISO 8825P8(DCZT}]%*`kDfr,C}]%*GCiso(m
>( 1(ASN.1)4hvD#fr8(`k<ux;Giso(#
92 f> 3 "Pf 7.1
![Page 113: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/113.jpg)
S\(encrypt )rRE"3r,by9C;PG)5PJ1Db\zkDKE\(}b\q!
-<E"#
S\/b\(encryption/decryption )
9CSU=D+C\?*KKS\}],xSU=9CdTD(C\?4bk
}]#
r%J~+M-i(Simple Mail Transfer Protocol ,SMTP)ZrXxO*FgSJ~D;V-i#
;f$w(cross-certification )
EN#=,yZ|;v CA *m;v CA )"$i,C$i|,k(C){\
?`%dD+C\?#;f$wD$iJm;v\mrODM'z53rUK
5eITkm;vrODM'z53rUK5e2+(E#
b\(decrypt )CZ7zS\}L#
2K3
*E=}]b,S(Open Database Connectivity ,ODBC);VCJ;,}]b53Dj<#
*E53%,(Open Systems Interconnect ,OSI)IzJj</i/K<DFczxgj<{F#
IEFczy!(trusted computer base ,TCB)2,5)i/Fcz2+T_TDm~M2~*X#0l2+T_T5)D*
Xr*XD;?VG2+T`XDrG TCB D;?V#TCB GI2+T6'<
xDTs#5V2+T_TDzFXkG;IFPD,Xk\h9LrqCT
4Z(D53X(DCJ#
M'z(client)(1);vSU4T~qwD2m~qD&\%*#(2);vFczr_L
r,|ksm;vFczr_Lr*|~q#
M'z/~qw(client/server )V<=&mPD#M,Zbv#MP&Z;v>cDLrTm;v>cDLr
"vks"RH}|Dl&#RGQksLrF*M'z;xQl&=F*~
qw#
93Tivoli PKI hCkKP
Jcm
![Page 114: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/114.jpg)
2L3
`(class)ZfrTsDhFM`LP,;i2m+2(eRrK22m+2XT"Yw
MP*DTs#
`M(type)kNDTs`M(object type)#
4i$(chain validation )ZENcNa9PTZyP CA ){Di$,(}|)";v8(D$i#}
g,g{m;v CA *;v CA )"K)p$i,G4=v){ZC'a;$
ii$1<hi$#
/@w(browser )kND Web /@w(Web browser)#
/@w$i(browser certificate )
}V$i,2F*M'zK$i#|GI CA (}tC SSL D Web ~qw4
)"D#S\D~PD\?9$iVP_ITS\"b\M)p}]#dMD
iv,Web/@wf"b)\?#;)&CLrJmZG\(rd|iJOf"
\?#m{}V$i(digital certificate)#
2M3
@zzRj<-a(American national standard Institute ,ANSI)G@zD;vi/,|F(;OIDi/Z4(M,$GY=$5j<1yq
XD}L#|Izz_"{Q_M;c{f/EiI#
@zzRE";;j<zk(A m e r i c a n N a t i o n a l S t a n d a r d C o d e f o rInformation ,ASCII)
Z}]&m53"}](E53M`Xh8PxPE";;yICDj<z
k#ASCII V{/I 7 ;`kV{(8 ;|,;;f<#i)iI#V{/|(
XFV{M<NV{#
\k==(cryptographic )XZ*;}]T~Xd,eD==#
\ku(cryptography )ZFcz2+TP,CZS\wDMb\S\D>D-m"=(MVN#
94 f> 3 "Pf 7.1
![Page 115: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/115.jpg)
\?(key)\kuP9CDCZ`kMbkD?#
\?8]kV4(Key Backup and Recovery )Tivoli PKI D&\,9z\8]MV4nU5e$i0dI Tivoli PKI O$D`
&+CM(C\?#$iM\?f"Z PKCS #12D~P#CD~\\k#$#
8]$iM\?1+hC\k#
\?T(key pair)ZGTF\kuP9CD`&D\?#;v\?CZS\xm;vCZb\#
wkD>(cleartext )4S\D}]#wD(plaintext)D,eJ#
wD(plaintext )4S\D}]#wkD>(cleartext)D,eJ#
#=(schema)k Directory `X,(e;,Ts`M.dX5DZ?a9#
#}(modulus )Z RSA +C\k53P,=vsX}(p M q)DK}(n)#RSA #}DnQ
s!!vZ2+Th*##}=s2+T=_#10D RSA 5iR(iD\?
s!&!vZT\?DF.9C:vK9C* 768;,+>9C* 1024;,x
+*X*D\?(g CA D\?T)r* 2048;#AYZ 2004jT0,768
;D\?;O*G2+D#
?j(target)8(Dr!(D}]4#
2N3
Z?a9(internal structure )
kND#=(schema)#
Z?x(intranet )s5Z?Dxg,(#;Z@p=.s#|GTrXxDIz"9C`FD<
u#S<uO5,Z?xvvGrXxD)9#HTML M HTTP G|GD;)
2,c#
95Tivoli PKI hCkKP
Jcm
![Page 116: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/116.jpg)
2P3
>$(credential )ZO$;;PCZ$wvKm]Dz\E"#ZxgFc73P,n#{D>
$`MGQI CA 4(M)pD$i#
2Q3
)p(sign)9CzD(C\?zI){#){Gi$zGIE5D;V==,RK<}Z
)pD{"#
)p/i$(signing/verifying )
)pG9C(C}V\?zI){#i$G9C`&D+C\?i$){#
a?6?<CJ-i(Lightweight Directory Access Protocol ,LDAP);vCZCJ Directory D-i#
ksj6(request ID);v 24 = 32 V{D ASCII 5,|\(;j6T RA D$iks#C5IT
&CZ$iksBqP,TlwCksD4,r`X*D$i#
2R3
O$(authentication )I?X7((E=m]D}L#
O$PD(certificate authority ,CA);Vm~,:pq-i/2+T_TMT$iN=8(2+gSm]#CA &m
4T RA DksT)""|BM!{$i#CA M RA ;%$wTZ Directory
P"<$iM CRL#m{}V$i(digital certificate)#
2S3
}X DES(triple DES)}NTwDS\DTFc(#d;fZm`==I5ZK?D,+`XS\D
n2+N=Gx}v`l\?D}X DES#
96 f> 3 "Pf 7.1
![Page 117: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/117.jpg)
L5wLTs(business process objects )
;5PCZ5VX("aYwDzk,}gliGGks4,ri$+C\?
Q"M#
L5wL#e(business process template )
48(3rKPD;5PL5wLTs#
sF~qw(Audit server );v Tivoli PKI ~qw,|SsFM'zSUsFB~,"+d4ksFU>#
sFzY(audit trail )}]T_-76DN=44SB~rP#sFzY'VBqrx(n/Dz7
DzY#
sFM'z(audit client )53PC4"MsFB~x Tivoli PKI sF~qwDNNM'z#ZsFM'z
"MB~xsF~qwT0,|HksF~qw(",S#,S("s,M'
z9CsFS53M'zbxsF~qw+ME"#
sFU>(audit log )Z Tivoli PKI P,|G}]bD;vm,+?vsFB~f"*;uG<#
sFS53(audit subsystem )
Z Tivoli PKI P, *G<2+T`XYwa)'VDS53#|{O*pZ~q
z5D+C\?\kuDj</PDj< X9.57 FvZ]#
5}(instance )Z DB2 P,5}Gf"}]MKP&CLrD_-}]b\m73#|Jm*
`}]b(e;i+2DdCN}#
Bqj6(transaction ID )I RA a)Dj6,Tl&$"aGGks#|9C'\KP Tivoli PKI M'
z&CLr4qC$HK<D$i#
X$Lr(daemon);vZ&ms(NqDLr#1vVh*|ozDiv1,53+a~=wC
|#C';h**@X$Lr,r*|(#GI53T/zzD#X$LrI
\@6Gn/D,r_|adtXXBzI#
uo("t* demon)4Tq0#s4,|;]mbM*WV8uTJ
DAEMON:Disk And Execution MONitor#
97Tivoli PKI hCkKP
Jcm
![Page 118: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/118.jpg)
Z((authorization )CZCJJ4DmI(#
}]f"b(Data Storage Library ,DL)w*;v#i,|a)T$i"CRL"\?"_TMd|k2+T`XTsD
VC}]f"DCJ#
}]S\j<(Data Encryption Standard ,DES)w*}=Dj<,Z 1977jI@z~.(eMz<DVi\kS\c(#nu
I IBM *"#TS DES +<T4C=Kc:DP?,VZ|QI*Zy\*
"Rc:9CD\k53#
DESG;vTF\k53#1|CZ(E1,"M=MSU=Xk5P,;v\
?#C\?CZS\Mb\{"#DES2ITCZ%C'DS\,}gTS\D
q=QD~f"=2LO#DESP 64 ;Dis!,|ZS\Zd9C 56 ;\
?#|-H*2~5VxhF#NIST ?tejXBO$;N DESw*@z~.
Y=DS\j<#
}V){(digital signature );vmS=D5r_}]D`k{",|7#K"M=Dm]#
}V){ITa)Hom){|_6pD2+T#bGr*}V){;GS\
{Fr;5Pr%Dj6zk#|z.TQ)p{"DS\**#by,Z{
"O=S}V){ITa)"M=DLPj6#(;P"M=D\?EIT4(
C){#)|,y9L(KQ)p{"DZ](S\D{"**XkM{"DZ
]`%d,qr){+^')#by,}V){M^(S{"P4F"R&C=
m;v{"P%,r***r"PE"+;%d#NNTQ)p{"DD/<
a9){^'#
}V){c((Digital Signature Algorithm ,DSA)+C\?c(,Cw}V){j<D;?V#|^(CZS\x;\CZ}V
){#
}V$w(digital certification )
kND$w(certification)#
}V$i(digital certificate )
IEDZ}=)"xvKr5eDgS>$#?v$iC CA D(C\?4)
p#|xpvK"L5r_i/Dm]#
y] CA DG+,$iIT$5VP_ZrXxOxPgS;WD(^#Z3V
beO,}V$i`FZ];mI$r_='D>#|O$K5P`&(C\
?DVP__P-*3)gSLqn/D(^#
98 f> 3 "Pf 7.1
![Page 119: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/119.jpg)
$i|,dO$D5eDE",^[GK1"zwrFczLr#||,C5
eDQO$D+C\?#
fz}(nonce)I~qwr&CLr"vDV{.,|*sC'Z(#C'C(C\?4)p
fz}#C'D+C\?M)pDfz}"MXAksZ(D~qwr&CL
r#;s~qw"TCC'+C\?4bkQ)pDfz}#g{fz}Db
ka{k"MD-~;y,rCC';O$#
m@(tunnel)Z VPN <uP,(}rXx("Dks~qibc=c,S#;),S,6L
C'\9Cm@kZ+>D(CxgO~qw;;2+"S\Mb0DE"#
2T3
3;J4(;w(Uniform Resource Locator ,URL)CZrXxJ4`7D;V=8#URL 8(-i,wz{r IP X7#,12|
,KCJX(zwDJ4yhDKZE"76MJ4j8E"#
2W3
b?x(extranet)9CMrXx`FD<uDIzzo#ws+>}*<TKM"oiMZ?K
1`vEe&C Web "<"gS;W"{"+MM:~#
j{T(integrity )#$}]j{TD53,h94Z(D^D(;,Z#$}]Dz\T,h9
4Z(D96)#
j{Tli(integrity checking )
TIb?i~-,Bq&mzzDsFG<Dli#
r,x(World Wide Web ,WWW)Z|,,=eDODFcz.diIxg,SDG?VrXx#b)JOa)
E""a)=r,xMrXxPd|JOD4S#RGIT(} Web /@wL
rCJr,xJ4#
xX(gateway);V&\%*,Jm%;f]Dxgr&CLr%`xP(E#
99Tivoli PKI hCkKP
Jcm
![Page 120: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/120.jpg)
D5S\\?(document encrypting key ,DEK)dMX,D5S\\?G;TTFDS\/b\\?,}g DES#
D~+d-i(File Transfer Protocol ,FTP)rXxM'z/~qw-i,CZZFcz.d*FD~#
2X3
{"O$zk(message authentication code ,MAC)"M=MSU=d2mD#\\?#"M=O$,xSU=i$#Z Tivoli PKI
P,MAC \?fEZ CA MsFi~D KeyStoreP#
{"**(message digest )S\Nb$HD{";szIL($HD?D;If&\#MD5 MG;V{"*
*c(#
!~qLr(servlet);V~qwKDLr,xh'V JavaD~qwT=S&\#
!&CLr(applet)GC Java`4DFczLr,IKPZk Javaf]D Web/@wP#2I1
w Java!&CLr#
-i(protocol )Fcz.d(ED;B<(#
EN4(trust chain );i$i,ISC'$i=yrT)p$iDIEcNa99I#
EN#M(trust model )\mO$PDgNO$d|O$PDDa9<(#
ENr(trust domain );i5e,|GD$iI`,D CA O$#
ib(Cxg(Virtual Private Network ,VPN)9CrXxx;Gg0_4("6L,SD(C}]xg#r*C'(}rX
x~qa)Lx;Gg0+>CJ+>xgJ4,i/ITs?uY6LCJ
I>#VPN 9v?K}];;D2+T#Z+3D@p=<uP,{"Z]IT
S\,+G;ITS\?DX7M4X7#Z VPN <uP,C'IT(";v
(@,S,dP{vE"|(Z]M(7)<xPS\Mb0#
100 f> 3 "Pf 7.1
![Page 121: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/121.jpg)
2Y3
Q)"$iPm(issued certificate list ,ICL)Q)"D$i0|G104,DjIPm#$iGIrPEM4,4w}D#
KPmI CA ,$,"#fZ CA }]bP#
l=(E(asynchronous communication )
;h*"M=kSU=,=D(E#=#
rXx(Internet)|G@g6'Dxg/O,Ta)Fcz.dDgS,S#9|GIT(}n
ggSJ~r Web /@wHm~h84`%(E#}g:;)s'hPT:D
xg,(}k`Fxg4S,i(I3;DrXx#
rXx$LNqi/(Internet Engineering Task Force ,IETF)Y]M*"rXx-iD;vi#|zmK|(xghF_"Yw_")&L
MP?1ZZDzJi/#IETF f0=rXxe5a9D*"MrXxD3{9
C#
C'O$(user authentication )
CZi$3v{"D4w_GC{"IxpRO(DyP_#|9i$z}Z
kZ{DUKC'r53xP(E#
$"a(preregistration )Z Tivoli PKI P,Jm;vC'(dMDG\m1)GGd{C'#g{ks;
K<,RA a)E",JmC'ZTs9C Tivoli PKI M'z&CLrqC$
i#
r(domain)kND2+Tr(security domain)M"ar(registration domain)#
2Z3
v?#\TJ~(privacy-enhanced mail ,PEM)IrXxe5a9DhF_(IAB)ICDrXxv?#\TJ~j<4#$r
XxOgSJ~#PEM -ia)KS\"O$"{"j{TM\?\m#
>c$i(site certificate )`FZ CA $i,+GvCZ8(D Web >c#m{ CA $i(CA
certificate)#
101Tivoli PKI hCkKP
Jcm
![Page 122: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/122.jpg)
$w(certification )IEDZ}=)"CZ##vK"L5ri/m]DgS>$D}L#
$i_T(certificate policy )fr|{/,|mw$iT_P+22+ThsD&CLrX(`DJCT#
}g,$i_TI\amwX(D$w`MGqJmC'Z;vx(D[q6
'ZxP;W#
$i7zPm(certificate revocation list ,CRL)O$PDQ7zDT}V)pRjP1dAGD$iPm#ZPmPD$i&
1O*;IS\#m{}V$i(digital certificate)#
$iE*D~(certificate profile )
(eyh$i`MD;iXT(}g:SSL$ir IPSec$i)#E*D~oz
\m$if6M"a#"PLIT*ksPD$i|DE*D~{FM8(X
T,}gP'Z"\?C(M DN <xHH#
$i)9(certificate extension )
X.509v3$iq=DI!&\,|a)Z$iP|,=SVN#|_Pj<)9
MC'T(e)9#j<)9*wV?DxfZ,|,\?M_TE""wb
M"PLtTT0O$76<x#
G\((smart card );if"C'}V\?D2~,dMD;PEC(s!#G\(ITIC\k
#$#
"a$_(registration facility )
;v Tivoli PKI &CLrr\,*GG5e(}g:/@w"7Iw"gSJ~
M2+M'zLr)a)(CVN"RZ{vP'ZZ\m$i#
"a}L(registration process )
Z Tivoli PKI Pi$C'm]D=h,Sx9C'Md+C\?CTO$"Nk
Bq#C}LITG>XrGyZ WebD,|ITT/xPrK$;%4\m#
"a}]b(registration database )
|,K$iksMQ)"$iDE"#C}]bf"KGG}]M{vP'Z
PDT$i}]|D#}]bII RA }LM_TvZr"a14|B#
"ar(registration domain )
;iMX(D$iGG}L`XDJ4"_TMdC!n#Cr{G URL D;
vS/,CZKP"a$_#
102 f> 3 "Pf 7.1
![Page 123: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/123.jpg)
"a1(Registrar )QZ(CJ RA @fDC',{\\m$iMks$i#
"aPD(RA);V\m}V$iDm~,|7#SGGksDnuSU=$i7zZdi/
DL5_T<CT&C#
(C\?(private key )(C/+C\?TP;T\?yP_P'D\?#9yP_\SU=KDBq
&mrxP}V){#9C(C\?)pD}];\I`&D+C\?4i
$#kTU+C\?(public key)#m{+C/(C\?T(public/private key
pair)#
(P`kfr(Distinguished Encoding Rules ,DER)a)Z BER OD<x#DER SG)`kfrJmD`k`M(E}yP"M=
!n)P!qD;V`M#
(P{F(distinguished name ,DN)f"Z DirectoryPD}]nD(;{F#DN (;Xj6 DirectoryDcNa9
PDu?D;C#
VZk(bytecode )I Java`kwzI,RI JavabMw4PDkzw`M^XDzk#
nU5e(end-entity )|G$iwb,+;G CA#
}V
4758 PCI Cryptographic Coprocessor;VI`LD,Ifl&D PCI \_S\(,C(a)_T\D DES M RSA
S\&m#S\}LZ(D2+bGZ"z#K(Oq{O FIPS PUB 140-16
p 4 j<#m~ITZ2+bGZKP#}g,EC(;W&mI9C SETj
<#
A
ACLCJXFm#
103Tivoli PKI hCkKP
Jcm
![Page 124: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/124.jpg)
ANSI@zzRj<-a(American National Standards Institute)#
ASCII@zzRE";;j<zk(American National Standard Code for Information
Interchange)#
ASN.1iso(m>( 1(Abstract Syntax Notation One)#
B
base64 `k(base64 encoding )IC MINE +M~xF}]D+2=(#
BERy>`kfr(Basic Encoding Rules)#
C
CAO$PD(Certificate Authority)#
CAST-64;v9C 64 ;i$M 6 ;\?DVi\kc(#GI Carlisle AdamsM
Stafford TavareshFD#
CA cNa9(CA hierarchy )Z Tivoli PKI PD;vENa9,|D%KP;v CA,Z|DBfP`oDc
DS CA#1 CA "aC'r~qw1,C'M~qw+U=C CA D)p$
i"+LPdOcD$wcNa9#
CA ~qw(CA server)CZ Tivoli PKI O$PD(CA)i~D~qw#
CA $i(CA certificate )ZzDksB,Web /@wS|^(6pD CA S\D$i#;s/@w9C
C$iO$kVP CA )"D$iD~qw.dD(E#
CCAIBM +2S\e5a9(IBM Common Cryptographic Architecture)#
104 f> 3 "Pf 7.1
![Page 125: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/125.jpg)
CDSA+2}]2+Te5a9(Common Data Security Architecture)#
CGI+2xXSZ(Common Gateway Interface)#
CRL$i7zPm(Certificate revocation list)#
CRL "<1ddt(CRL publication interval )hCZ CA dCD~P,(Z"< CRL = Directory D1ddt#
D
DEKD5S\\?(Document encrypting key)#
DER(P`kfr(Distinguished Encoding Rules)#
DES}]S\j<(Data Encryption Standard)#
Diffie-HellmanZ;I?iJO("2m\?D=(,T"w_(Diffie M Hellman)|{#
Directoryk(E`XDCZE"+VJ4b(}ggSJ~r\k;;)DcNa9#
Directory f" PKI a9yXhDX(n?,|,+C\?"$iM$i7zP
m#
DirectoryPD}]GTwDN=Vc\m,wD%KMGDy#(#O_cND
i/zm@"DzRrXx"~.r+>#?CwD6Zc#CZm>C'M
h8#b)C'"i/"yZX"zRrXxT0h8<PwTDu?#?v
5eI_8`MDtTiI#b)a)K5eyzmTsDE"#
Directory PD?vu?<s(=X*D(P{F(DN)#TZV5@gPDT
s,15e|(DtT(;1,b2G(;D#<GTBD>} DN#dP,z
RrXx(C)G US,i/(O)G IBM,i/?E(OU)G TrustT0+2
{F(CN)G CA1#
C=US/O=IBM/OU=Trust/CN=CA1
105Tivoli PKI hCkKP
Jcm
![Page 126: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/126.jpg)
Directory ~qw(Directory server )Tivoli PKI P,IBM Directory#Directory 'V LDAP j<"9C DB2 w*|
Dy!#
DL}]f"b(Data Storage Library)#
DN(P{F(Distinguished name)#
DSA}V){c((Digital Signature Algorithm)#
F
FTPD~+d-i(File Transfer Protocol)#
H
HTML,D>jGoT(Hypertext Markup Language)#
HTTP,D>Bq&m-i(Hypertext Transaction Protocol)#
HTTP ~qw(HTTP server){C/@wMd|LrZxgP&myZ Web (ED~qw#
I
ICLQ)"$iPm(Issued certificate list)#
IniEditorZ Tivoli PKI P,CZ`-dCD~D$_#
106 f> 3 "Pf 7.1
![Page 127: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/127.jpg)
IPSecI IETF *"D;VrXx-i2+Tj<#IPSecGxgc-i,CZa)\
k2+T~q,|TO$"j{T"CJXFMz\TDiOa)inD'
V#r*|?sDO$&\,m` VPN z7)&LIC|w*-iT("Zr
XxOD2+cTc,S#
ISOzJj</i/(International Standards Organization)#
ITUzJgE*K(International Telecommunication Union)#
J
JavaI SUN Microsystems, Incorporated*"D;5PyZxgDg=(Fcz<u#
Java73I Java OS";,=(Dibz"frTsD Java`LoTM8v`
b9I#
Java `(Java class )JavaLrzk%*#
Java !&CLr(Java applet )kND!&CLr(applet)#kTU Java&CLr(Java application)#
Java ibz(Java Virtual Machine ,JVM)JavaKP173PD;?V,:pbMVZk#
Java &CLr(Java application )9C JavaoT`4D@"Lr#|KPZ Web /@w73.b#
Java oT(Java language );V`LoT,GI SUN Microsystems*Z!&CLrMzmLr&CLrP
9CxhF#
K
KeyStoreTS\q=f" Tivoli PKI i~>$(}g\?M$i)D DL#
107Tivoli PKI hCkKP
Jcm
![Page 128: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/128.jpg)
L
LDAPa?6?<CJ-i(Lightweight Directory Access Protocol)#
M
MACE"O$zk(Message authentication code)#
MD2;VI Ron RivesthFD 128;{"**"P/}#|Z PEM -iPk MD5
;p9C#
MD4;VI Ron RivesthFD 128 ;{"**"P/}#Z4PYHO,MD4 *
H MD2 lC86#
MD5;VI Ron RivesthFD%r{"**"P/}#bG MD4 DDxf>#MD5
}LT?i 512;(VI 16 v 32 ;Si)dkD>#Kc(DdvG;iD
v 32 ;Di,b)i,SINI;v%@D 128 ;"PE"5#|2ITZ
PEM -iPk MD2 ;p9C#
N
NISTzRj<M<u-a(National Institute of Standard and Technologe),T02
F* NBS(zRj<V)#|YxKyZFczDz5*Ej<M%CT#
NLS>XoT'V(National language support)#
NSAzR2+z9(National Security Agency)#
O
ODBC*E=}]b,S(Open Database Connectivity)#
108 f> 3 "Pf 7.1
![Page 129: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/129.jpg)
OSI*E53%,(Open Systems Interconnect)#
P
PC ((PC card)`FZG\((smart card),2F* PCMCIA (#HG\(sR&\|?#
PEMv?#\J~(Privacy-enhanced Mail)#
PKCS+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #1kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #7kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #10kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #11kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #12kND+C\?\kuj<(Public Key Cryptography Standards)#
PKI+C\?y!a9(Public key infrastructure)#
PKIXyZ X.509v3 D PKI#
PKIX l}w(PKIX listener )IX(DGGr9CD+C HTTP ~qw,C4l} Tivoli PKI M'z&CL
rDks#
109Tivoli PKI hCkKP
Jcm
![Page 130: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/130.jpg)
PKIX $i\m-i(PKIX certificate management protocol ,CMP)5Vk PKIX `]&CLrD,SD-i#PKIX CMP 9C TCP/IPw*|D
w*+MzF,+GZWSVOP;visc#|5VT=SV/+MD'
V#
PKIX CMPPKIX $i\m-i(PKIX certificate management protocol)#
R
RA"aPD(Registration authority)#
RA ~qw(RA server)CZ Tivoli PKI "aPDi~D~qw#
RA @f(RA Desktop );v Java!&CLr,T<Ngfa) RA 4&m>$ksM\m|GD{v
9CZ#
RC2Id\?s!i\k,GI Ron Rivest* RSA }]2+TxhFD#RCzm
Ronzk r Rivest\k#|H DES |l,RhFw* DES D0kf;#y
ZnY\?Qw_T,(}9CJ1D\?s!,RC2ITH DES|2+,2
IT|;2+#|P;v$ 64 ;Di,Zm~KPP*H DES s<l==}
6#RC2 ITCk DES `,D==9C#
m~vfL-a(SPA)M@z~..dD-(7(K RC2DXbX;#b9C
ZvZz<}LH(#D\kz7vZ}L|r%|lY#;x,*zclY
vZz<Jq,z7Xk^F RC2 \?s!* 40 ;,1;2P}biv#I
T9C=SDV{.4h9;)%w_,{GT<$HFcCI\S\DsM
i/m#
RSAT"w_(Rivest"ShamirM Adelman)|{D+C\?\kc(#|CZS\
M}V){#
S
SET2+gS;W(Secure Electronic Transaction)#
110 f> 3 "Pf 7.1
![Page 131: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/131.jpg)
SGMLj<(CjGoT(Standard Generalized Markup Language)#
S/MIME'V)pMS\ZrXxO+dDgSJ~D;Vj<#kND MIME#
SMTPr%J~+M-i(Simple Mail Transfer Protocol)#
SSL2+WSVc(Secure Sockets Layer)#
T
TCP/IP+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol)#
Tivoli PKI'V}V$iD"P"|BM7zD/I IBM 2+Tbv=8#b)$iIT
Z\s6'ZDrXx&CLrP9C,a)TC'O$M7#IE(ED=
(#
TPEN_T(Trust Policy)#
U
UnicodeI ISO 10646(eD 16 ;V{/#UnicodeV{`kj<GE"&mD;Vz
JV{zk#Unicodej<|,@gODw*DV,"a)Km~zJ/M>X
/Dy!#Java`L73PDyP4zk<T Unicode`4#
URL3;J4(;w(Uniform Resource Locator)#
UTF-8;V*;q=#|9;\&m 8 ;V{/DE"&m53\+ 16 ; Unicode*
;* 8 ;H'zk,"RY4r*;x;ap'E"#
111Tivoli PKI hCkKP
Jcm
![Page 132: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/132.jpg)
V
VPNib(Cxg(Virtual Private Network)#
W
WebSphere Application ServerIBM z7,ozC'*"M\m_T\ Web>c#|r/KSM6D Web"
<=_6gSLq Web&CLrD*;#WebSphere Application ServerI@"
Z Web ~qw0dBcYw53DyZ JavaD!~qLr}f9I#
Web ~qw(Web server)~qwLr,|lp4T/@wLrDE"J4ks#m{~qw(server)#
Web /@w(Web browser )KPZ(= PCzDM'zm~,9C'\/@r,xr>X HTML 3f#b
G;vlw$_,|a)T Web MrXxPIC,=eDODsM/OD(C
CJ#P)/@wITT>D>M<N,xP)v\T>D>#s?V/@w
I&mrXx(E(}g FTP Bq)Dw*m%#
X
X.500I%,Fcz53)P5V`?D"V<=M?<4F~qDj<#IzJg
E*K(ITU)(4T0DzJg(g0I//1a CCITT)"zJj</i/
MzJg/'/1a(ISO/IEC)*O(e#
X.509 f> 3 $i(X.509 Version 3 certificate )X.509v3$i_PC4f"Mlw$i&CLrE""$iV"E""$i7z
E""_TE"M}V){D)d}]a9#
X.509v3}L*yP$i4(P1dAGD CRL#?N9C$i1,X.509v3D
\&Jm&CLrli$iDP'T#|9Jm&CLr47(C$iGqZ
CRL O#I*X(P'Z9l X.509v3 CRL#|G2IyZd|I\9$i^
'D73#}g,g{M1k*i/,d$i+E= CRL P#
X.509 $i(X.509 certificate );c:S\D$ij<,C4(}2+rXxxg'V2+\mM}V)p$
iDV"#X.509 $i(e}]a9,a)V"IIEDZ}=}V)pD+C
\?D}L#
112 f> 3 "Pf 7.1
![Page 133: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/133.jpg)
w}
[A]2+T
@p= 28
om 27
53 27
2+ Web ~qw 30
20
s20lim,AIX 63
s20lim,NT 78
7O NT 53 73
AIX 40
AIX OD~qwi~ 54
AIX OD}]bm~ 45
AIX OD 4758-&mw 34, 54
AIX OD Directory ~qw 47
AIX OD Web ~qw 50
AIX OD WebSphere Server 50
NT OD~qwi~ 73
NT OD}]bm~ 68
NT OD Directory ~qw 72
NT OD HTTP Server 69
NT OD JDK 69
NT OD Web ~qw 69
NT OD WebSphere Server 70
Windows NT 66
20Lr,~qwm~ 74
20f.lim 23
20r<
oz 82
Ev 81
D5 81
53*s 21
swing b 22
[B]oz
20r< 82
GG 86
RA @f 85
#tD}]b{F 29
8]MV4,\? 11
8]3s
AIX 44, 64
NT 67, 79
>XoT'V
Ev 36
S\f> 36
S\c( 36
oTnp 36
XAA_ xii
j<
S\ 15
Z Tivoli PKI P'V 15
j<$i)9 16
[C]Yw53
20r< 21, 25
TZ AIX ~qw 19
TZ NT ~qw 19
_TvZ
(e 5
(F 6
cNa9,CA 8
z7b0 36
113Tivoli PKI hCkKP
w}
![Page 134: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/134.jpg)
Iz$i)"
hv 12
vfo
hv xii
dC8O 81
C'8O 85
Customization Guide 86
RA @f8O 84
System Administration Guide 83
Tivoli 2+Tz7 xv
vZ\&,S\c( 36
&mw
T AIX D(i 21
T NT D(i 21
ELVx
TZ AIX ~qw 42
dbfsadt 43
dbfsibm 43
dbfskrb 43
dbfspkrf 43
ELUd
T AIX D(i 21
T NT D(i 21
uE<r<m 20
uE8< 42
[D]zk)p 14
GG
_TvZ 5
(F 6
Ev 4
/@wm% 4
(*E 4
53*s 22
$"a 4
GG (x)
$i`M 4
(eD(P{F(DN) 32
(eD DN 32
(eD PKI 12
(eD PKIX 12
(F
_TvZ 6
$iE*D~ 6
$i)9 17
"ar 6
A_ xii
Tsf" 13
[F]"P5w 19
@p=2+T 28
CJXF
53 28
CA X( 32
Directory \m1X( 33
Directory X( 32
Directory rootC'X( 33
RA @fX( 5
~qwdC 35
~qwhs
TZ AIX 21
TZ Windows NT 21
I!Dm~ 19
I!D2~ 19
yhm~ 19
yh2~ 20
~qw$i 4
114 f> 3 "Pf 7.1
![Page 135: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/135.jpg)
[G]+2)9 16
+2}]2+Te5a9(CDSA) 12
+C Web ~qw 30
XZ>8O xi
f.lim,20 23
zJS\f> 36
zZS\f> 36
[H]s20dCLr 62, 77
V4,\? 11
[J]zw`M
T AIX D(i 21
T NT D(i 21
S\c( 36
lim
AIX ODs20 63
NT ODs20 78
lim,20f. 23
;f$w 8
mi,hC AIX 42
[K]M'zO$ 30
M'z&CLr
20 54, 73
D5 85
53*s 22
M''V xiv
XF~qwCJ 28
b,Tivoli PKI Web >c xii
[L]/@w$i 4
7_<
AIX 20 39
NT 20 65
[M]\k
20r< 21, 25
TZ AIX ~qw 19
TZ NT ~qw 19
\?V4 11
{F,8( TCP/IPwz 40
#='V 13
[N]Zf(RAM)
T AIX D(i 21
T NT D(i 21
[P]dC
@p= 28
~qwe5a9 35
}LEv 81
}]/Om% 64, 78
115Tivoli PKI hCkKP
w}
![Page 136: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/136.jpg)
dC (x)
Z AIX O<8 63, 81
Z NT O<8 78, 81
AIX PDmi 42
AIX PDD~53 42
Directory ~qw 32
DOS 73hC 78
NT ODTYLr5 60, 75
Web ~qw 30
dC}]m% 64, 78
dC8O
CJ 82
Ev 81
ANsFB~ 8
[Q](F
AIX OD8]5CLr 64
NT OD8]5CLr 79
0TE" xi
[R]O$PD(CA)
#$\? 33
cNa9 8
Ev 7
+\?f"Z2~P 34
;f$w 8
)"D$iPm 7
}]b 7
rPE 7
k 4758-&mw/I 33
Z AIX O20 55
Z NT O20 74
O$PD(CA) (x)
$i7zPm 7
T)p$i 7
4758-&mw 7, 10
DN kZ 32
KeyStore 14
MAC 7
kE
9CGG 85
9C(F 86
9CdC 81
9C53\m 83
9C RA \m 84
9C Tivoli PKI 83
m~hs
20r< 21
20r<D Web /@w 22, 25
z7 CD-ROM 36
V" 36
I!D~qw 19
yh~qw 19
4758-&mw 19
Directory ~qw 19
JDK 19
Web ~qw 19
[S]sFS53
Ev 8
i5 9
B~AN 8
}]b 8
j{Tli 9
Z AIX O20 55
Z NT O20 74
KeyStore 14
116 f> 3 "Pf 7.1
![Page 137: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/137.jpg)
sFS53 (x)
MAC 8
}]b
208< 45
#tD{F 29
Ev 10
\?8]MV4 11
sF}] 8
53*s 19
"a}] 4
CA }] 7
Directory }] 10
[T]e5a9
Tsf" 13
LDAP -i 13
PKIX CMP -i 12
[W]j{T#$
XZsFG< 9
XZ CA G< 7
xg2+T 27
D~53
TZ AIX ~qw 42
i$ 41
CD-ROM 43
D~53,hC AIX 42
om2+T 27
[X]532+T 27
53uE
<r<m 20
T AIX D(i 21
T NT D(i 21
53e5a9
~qwdC 35
<m 2
53<m 2
53hs
20r< 21
I!Dm~"~qw 19
I!D2~"~qw 19
/@wGG 22
m~,~qw 19
2~"~qw 20
4758-&mw 19
DB2 19
Directory 19
RA @f 22
Web ~qwm~ 19
533s,dC 44
{")p 14
-i
Z Tivoli PKI P'V 15
HTTP 30
HTTPS 30
LDAP 13
PKIX CMP 12
SSL 30
ENcNa9 8
EN#M
zk)p 14
}]S\ 14
{")p 14
KeyStore 14
rPE 7
117Tivoli PKI hCkKP
w}
![Page 138: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/138.jpg)
[Y]i$wz{ 40
Q)"$iPm(ICL) 7
2~2+T#M 11
2~hs
20r< 21
I!D~qw 19
yh~qw 20
4758-&mw 19
C'8O
CJ 86
Ev 85
oT
z7np 36
'VD 36
$"a
/@wGG 4
<( xiv
<x,~qwdC 35
[Z]Z AIX P(eELVx 42
Z AIX PuEELVx 42
**
9CD<( xiv
$i
Iz 12
)9 17
ENcNa9 8
T)p CA 7
X.509v3 'V 16
$i7zPm(CRL) 7
$iE*D~
(F 6
hv 4
$i)9{
j< 16
(F 17
+2 16
Z Tivoli PKI P 17
(C 16
$i`M 4
'V,Tivoli M' xiv
wz{bv,AIX 44
wz{,8( TCP/IP 40
"a$_
(F 6
hv 4
"a}]b 4
"ar
(e 3
(F 6
hv 4
"a1 5
"aPD(RA)
_TvZ 5
GG 4
(F 6
Ev 3
M'zO$ 30
Z AIX O20 55
Z NT O20 74
$iE*D~ 4
RA @f 5
Web ~qw/I 9
(C)9 16
TYLr5
Z AIX O 60
Z NT O 75
T)p CA $i 7
i,hC AIX m 42
118 f> 3 "Pf 7.1
![Page 139: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/139.jpg)
[}V]4758-&mw
20 34, 54
f" CA \? 34
Ev 10
S\ CA \? 33
hC 33
53*s 19
k CA /I 33
CA 'V 7, 10
CA KeyStore 14
AAIX
2+T"bBn 27
207_< 39
208< 54
20 4758-&mw 54
20 Directory ~qw 47
8] 44
8]5CLr 64
Yw536p 19
@p="bBn 28
CJXF 28
~qw=( 19
s20lim 63
mi 42
m~*s 19
hC 40
D~53 42
533s 44
53C' 44
i$D~/ 41
2~dC 21
wz{bv 44
TYLr5 60, 75
AIX (x)
CD-ROM D~53 43
cfguserC'{ 30, 62, 78
AIX/6000 Yw53 19
CCDSA 12
CD-ROM D~53 43
CD-ROM,z7 36
cfgPostInstallLr 62
cfguserC'{ 30, 62, 67, 78
createconfig_start.sqlD~ 60, 75
CRL 7
Customization Guide
CJ 86
Ev 86
Ddatavgmi 42
DB2
20 45
#tD{F 29
sF}]b 8
}]S\ 14
53*s 19
EF 10
Z AIX O20 45
Z NT O20 68
CA }]b 7
db2adminC' 68
Directory }]b 10
db2adminC' 68
Directory ~qw
CJXF 32
119Tivoli PKI hCkKP
w}
![Page 140: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/140.jpg)
Directory ~qw (x)
Ev 10
#= 32
dC 32
m~*s 19
k Tivoli PKI ;p9C 73
Z AIX O20 47, 55
Z NT O20 72, 74
CA DN 32
Directory \m1 DN 33
root C' DN 33
Directory \m1
DN kZ 33
KeyStore 14
Directory #= 32
DNS 31, 32
DOS 73 78
FFirstSecure
f.M/I 34
k Policy Director/I 34
HHSM h8 11
HTTP -i 30
httpd.confD~ 62, 77
HTTPS-i 30
IIBM HTTP Server
Z AIX O20 50
IBM HTTP Server (x)
Z NT O20 69
ICL 7
installp Lr 55
InstallShieldLr,~qw20 74
IP p{
hv 30
Z NT OhC 71
IPSec$i 4
JJava
Z AIX O20 48
JDK
yh6p 19
Z NT O20 69
KKeyStore 14
KeyWorks,20 55
MMAC
TZsFG< 8
TZ CA G< 7
Z KeyStoreP 14
NNetfinity ~qw 20
120 f> 3 "Pf 7.1
![Page 141: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/141.jpg)
PPKCS #12D~,V4 11
PKIX CMP $i 4
Policy Director 34
RRA @f
20 54, 73
oz 85
Ev 5
9C 84
mS"a1 5
D5 84
53*s 22
RA @f8O
CJ 85
Ev 84
RISC System/6000 20
root C' CA 8
root C' DN kZ 33
rootvg mi 42
RS/6000~qw 20
SSMIT Lr 42, 55
SSL -i 30
SSL $i 4
swing b 22
System Administration Guide
CJ 84
Ev 83
S/MIME $i 4
Tta-backup5CLr 64, 79
TCP/IPwz{,i$ 40
temp?< 66
Tivoli
2+\m Web E" xv
2+Tz7 Web >c xv
Customer Support xiv
Tivoli PKI
Web E" xv
Tivoli PKI dCC' 67
Tivoli PKI 53
S\j< 15
hv 1
O$PD~qw(server) 7
sFS53 8
}]b53 10
Xw 1
53<m 2
Z AIX O20 54
Z NT O20 73
w~qw 3
"aPD~qw(server) 3
4758S\'V 10
Directory ~qw 10
Web ~qw 9
UUnicode'V 36
URL
HTTP ~qwvfo 31
Tivoli PKI b3f xii
Tivoli PKI w3 xii
UTF-8 `k 36
121Tivoli PKI hCkKP
w}
![Page 142: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/142.jpg)
VVPN $i 4
WWeb ~qw
2+wz 30
vfo 31
Ev 9
+Cwz 30
dC 30
m~*s 19
Z AIX O20 50
Z NT O20 69
DNS 31
HTTP -i 30
HTTPS-i 30
SSL -i 30
Web >c
2+\mE" xv
Tivoli 2+Tz7 xv
Tivoli Customer Support xiv
Tivoli Public Key Infrastructure xv
WebSphere Application Server
Z AIX O20 50
Z NT O20 69, 70
WebSphere Application server,}6 52
Windows NT
2+T"bBn 27
207_< 65
208< 73
20 Directory ~qw 72
8]5CLr 79
XhDhC 73
Yw536p 19
@p="bBn 28
CJXF 28
Windows NT (x)
~qw=( 19
s20lim 78
m~*s 19
hC 66
2~dC 21
cfguserC'{ 30, 67
IP p{ 71
XX.509v3 $i 16
122 f> 3 "Pf 7.1
![Page 143: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/143.jpg)
![Page 144: Tivoli PKI ÉèÖÃÓëÔËÐÐ - IBMpublib.boulder.ibm.com/tividd/td/PKI/GC32-0472-03/zh_TW/PDF/iaug… · yw >vfoPya=DTivoli Systems rIBM z7"Lrr~q";5>b)z7"Lrr~q +ZyPPTivoli Systems](https://reader036.vdocument.in/reader036/viewer/2022070816/5f1041b27e708231d4483690/html5/thumbnails/144.jpg)
LrE:
Pz!"
GB84-0414-00