View
229
Download
0
Category
Preview:
Citation preview
Tivoli Public Key Infrastructure "aPD@f8O
f(yw
Copyright © 1999, 2001 by Tivoli Systems Inc., an IBM Company, including this documentation and all software. All rights
reserved.vI@U Tivoli Systemsm~mI$-i9C,r_w* IBM M'-irmI$-iPX Tivoli z7D=<9
C#4- Tivoli SystemsBHifmI,{9TNNN=rNNVN(gSD"z5D"E'D"b'D"/'D"K$D
HH)T>iDNN?VxP4F"+%"*<"f"Zlw53Pr-kINNFczoT#Tivoli SystemsZhzFwv
)zT:9CD2=4rNNICFcz&mDD5DP^mI,0aG?vbyD4F7y&XP Tivoli +>Df(y
w#4- Tivoli SystemsBHifmI,;Zhf(PDd|({#>D5;G*zz<8D,"RGT0vK4,1Dy
!a)D,;PNNN=D#$#
rKT>D5;wNN#$yw,|(JzTMJCZ3X(C>D#$#
Lj
TBz7{FG Tivoli Systems Inc.rzJL5zw+>Z@zM/rd|zRrXxDLj:AIX"DB2"DB2"Universal
Database"IBM"RS/6000"SecureWay"Tivoli M WebSphere#
Tivoli PKI Lr(0Lr1)|(?V IBM WebSphere&CLr~qwM?V IBM HTTP Web ~qw(0IBM ~q
w1)#}G!CKLrDmI$sE\9C,qrz^(20r9C IBM ~qw#IBM ~qwMLrXk$tZ,;zw
P,z^(ZkLrVkDivB%@20r9C IBM ~qw#
Lr|(?V DB2 (C}]b#}G!CKLrM IBM WebSphere&CLr~qwDmI$sE\9C,"RLrM
IBM WebSphere&CLr~qwGCZ|GyzIr9CD}]Df"M\m,xGCZd|}]\m?D,qrz^(2
0M9Cb)i~#}g,KmI$;|(Sd|&CLr=}]bDCZi/r(mzIDk>,S#z;P(ZLry
ZD,;(zwO20M9Cb)i~#
Microsoft"Internet Explorer"Windows"Windows NTM WindowsUjG Microsoft CorporationDLjr"aLj#
UNIX GZ@zMd|zRrXxI The Open Group@Rd"D"aLj#
JavaMyPyZ JavaDLjrUjG Sun Microsystems,Inc.DLj#
PentiumG Intel CorporationZ@zMd|zRrXxD"aLj#
KLr|,4T RSA Date Security, Inc.D2+Tm~#Copyright © 1994 RSA Data Security, Inc. All
rights reserved.
KLr|,4T Hewlett-Packard Companyj<#eb(STL)m~#Copyright (c) 1994.
¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5CZNN?DP*bQZkmI,+0aGTOf(yw
XkvVZyP1>P,"Rf(ywMKmIyw<XkvVZ'VD5P#Hewlett-Packard Company;TNN?DT
Km~DJOT"mNN4(#Km~GT0vK4,1Dy!a)D,;=Pw>r,>D#$#
KLr|,4T Silicon Graphics Computer Systems, Inc.Dj<#eb(STL)m~#Copyright (c) 1996–1999#
¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5DP*bQZkmI,+0aGTOf(ywXkvVZ
yP1>P,"Rf(ywMKmIyw<XkvVZ'VD5P#Silicon Graphics;TNN?DTKm~DJOT"m
NN4(#Km~GT0vK4,1Dy!a)D,;=Pw>r,>D#$#
d|+>"z7M~q{FI\Gd|+>DLjr~qjG#
yw
>vfoPya=D Tivoli Systemsr IBM z7"Lrr~q";5>b)z7"Lrr~q+ZyPP Tivoli Systems
r IBM 5qDzRrXxPa)#NNTb)z7"Lrr~qD}C";5>v\9C Tivoli Systemsr IBM Dz
7"Lrr~q#;*;V8 Tivoli Systemsr IBM DP'*6z(rd|\(I#$D({,NN,H&\Dz7"L
rr~q,<ITC4zfya=Dz7"Lrr~q#Zkd|z7aO9C1,}KG)I Tivoli Systemsr IBM w
78(Dz7.b,d@@Mi$yIC'TP:p#
Tivoli Systemsr IBM I\Q5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhC'9Cb)({DNN
mI$#PXmI$i/DBK,C'ITk IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk,
New York 10504-1785, USAif*5#
iiiTivoli PKI "aPD@f8O
>un;JCZ*OuzrNNbyDunk>X(I;;BDzRrXx#
zJL5zw+>T0vK4,1Dy!a)>vfo,;=PNNN=D(^[Gw>D,9G,>D)#$,|((+
;^Z)TGV(T"JzTMJCZ3X(C>D,>#$#3)zRrXxZ3);WP;Jmb}w>r,>D#
$#rK>unI\;JCZz#
>E"PI\|,P<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b)|D+|,ZBf>P#IBM IT
f1T>E"PhvDz7M/rLrxPDxM/r|D,x;mP(*#
>E"PTG IBM Web >cD}C<;G*K=cp{Ea)D,;TNN==P#TG) Web >cD#$#C Web
>cPDJO;G IBM z7JOD;?V,9CG) Web >cx4DgU+IzTPP##
iv f> 3 "Pf 7.1
?<
0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
>8ODA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
`XE". . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
>8O|,DZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
>8OP9CD<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
*5M''V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Tivoli PKI Web E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Z1B XZ Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Z2B Ev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Z3B gNYw? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
I*"a1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
tC/@w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
CJGG Web 3f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
ks/@w$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
liGG4, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
q!(^ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
20 RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
XBdC RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
CJ RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
&mi/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
a;i/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
lw}ZszD$iks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
lw}ZszD\?V4ks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
lw''$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
SUz!qUZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
hClw^F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
hC?3DG<}. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
q!&mZdD4! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
&ma{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
i4i/a{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
i4`3ODa{. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
T>3nDj8E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
i4nDtT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
i4Ywz7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Z!n(.dF/. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
w{mPs! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
y]PTmDPEr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
vTivoli PKI "aPD@f8O
||
||
||
||
||
||
||
!qmPDG< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
xPYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
T`vG<xPYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
T%vG<xPYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
|DtT5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
|DP'Z. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
8(ksE*D~. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
mS"M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
K<ks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
K<\?V4ks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
+ks#VZ}Zsz4, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
\xks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
\x\?V4ks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
|DI|BT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
]R$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
7z$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
V4$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
"<$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
lirDmI( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Kv RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6X RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Z4B `XE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
GG. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
$"a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Web /@w'V. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
"a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
L5_T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
"aPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
"a}]b. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
"ar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
"aG< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
G<tT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
$w. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
O$PD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
$i7zPm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
(P{F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
$i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
/@w$i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
CA $i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
~qwrh8$i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
vi f> 3 "Pf 7.1
$i)9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
$iP'Z. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
$i]RMV4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
I|BT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
$i\?8]kV4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
"<$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
\m. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
CJXF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
O$MZ(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
"P\m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
RA @f'V!~qLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
ksE*D~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Z5B N< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
i/!n(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
i/VN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
$(ei/. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
lw^F!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
?3G<}!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
a{!n(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
\mYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7z$iD-r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
j8E"!n( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Ywz7B~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
ksM$iDtT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
$i)9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
a)D$i`M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
j8E"i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
GGks4, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
!n(Doz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
CZ Internet ExplorerD JVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
sjD|L8CYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
IQbp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Jcm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
viiTivoli PKI "aPD@f8O
||
0T
>ihvgN(}9C"aPD(RA)@f4\m Tivoli PKI $i"an/#
>z7D"Pfv'V AIX =(#&1vSyPV[ Microsoft WindowsDDO#
>8ODA_>i*\m1a)K\m Tivoli PKI $iP'ZDfrNqDE"#
>8ODC'&_PyZ}]bKPi/"w*"a1~qD5J-i,"l$yZ WebD&C
Lr#
`XE"Tivoli Web >ca)K Tivoli PKI z7D5DIF2D5q=(PDF)M HTML q=#;)v
foD HTML f>GMz7;p20D,"RIIC'gfCJ#
"bTvfovfs,z7PI\"zd/#XZnBDz7E",T0XZgNTz!qDo
TMq=TvfoxPCJ,kND6"P5w7#nBf>D6"P5w7IZ Tivoli Public
Key Infrastructure Web>cqC:
http://www.tivoli.com/support
Tivoli PKI b|,TBD5:
6hCkKP7
Kia)Kz7Ev#|a)Kz7Dhs,|(20}L,"a)gNCJ?vz7
i~ICD*zoz#Ki+Zr!skz7;pV"#
System Administration GuideKi|,XZ\m Tivoli PKI 53D;cE"#||,t/MXU~qw"|D\k"
\m~qwi~"4PsFT0KP}]j{TliH}L#
6dC8O7
Ki|,XZgN9C20r<4dC Tivoli PKI 53DE"#Zi4r<D*zoz
1,z\CJK8OD HTML f>#
6"aPD@f8O7
Ki|,XZgNZ$iP'ZZ9C RA @f4\m$i#Zi4@fD*zoz1,
z\CJK8OD HTML f>#
6C'8O7
Ki|,XZgNqCM\m$iDE"#|a)K9C Tivoli PKI /@wGGm%4
ks"|BM7z$iD}LDE"#,12V[KgN$"af] PKIX $i#
Customization GuideKiT>KgN(F Tivoli PKI "a$_,T'VL5_TD"ak$w?j#}g,
zI'agN(F HTML M Java® Server3f"(*E"$iE*D~M_TvZ#
ixTivoli PKI "aPD@f8O
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
>8O|,DZ]>8O|,TBE":
¶ Z13D:XZ Tivoli PKI;r%hvK Tivoli PKI D&\MT\#
¶ Z33D:Ev;hvK\m1r"a1DG+,T09C RA @f4PD;)dMNq#
¶ Z53D:gNYw?;a)KfrNqDE",9z\4P"a1n/#
¶ Z233D:`XE";hvKk RA @fhCPD"a"$wM\m`XDEn#
¶ Z293D:N<;|,VNhv"P'VN5,T0Z RA @fOT>DtTD,e#
¶ Z413D:Jcm;(eK>iPI\GBDr;#CDuoMu4T0A_I\PK$D
uo#
>8OP9CD<(>8OTXbuoMYw9C;,DVM<(#b)<(_PTB,e:
<( ,e
VeV |n"X|V"j>Md|Xk9CDE",TVeVT>#
1eV Xka)Dd?MBuoT1eVT>#?wDJMLo2,yT>*1eV#
HmVe zk>}"dvM53{"THmVeT>#
*5M''Vg{9CNN Tivoli z71v='Q,<ITxk http://www.support.tivoli.com i4 Tivoli
Supportw3#4SA"a;M'"am%s,4ITZ Web OCJ\`M''V~q#
Z@z9CTBg0Ek*5M''V:Tivoli EkG 1–800–848–6548(1-800–TIVOLI8),IBM®
EkG 1–800–237–5511(&rKEks4 8 rXp 8)#b=vEk<a1S+zDg0*A
Tivoli M''Vg0PD#
RG.VVZ}=XZz9C Tivoli z7MD5D-i#RG6-zavDxb{#g{zPX
Z>D5Db{r(i,k"MgSJ~A:pubs@tivoli.com#
Tivoli PKI Web E"Tivoli M IBM Tivoli M'ITR=XZNN Tivoli 2+Tz7M Tivoli PKI DZ_E"#
XZ T i v o l i P K I DnBz7|BM~qE"DX*E",kCJK W e b >c:
http://www.tivoli.com/support/secure_download_bridge.html
XZ Tivoli Public Key Infrastructurez7DE",kCJK Web >c:
http://www.tivoli.com/products/index/secureway_public_key/
XZd| Tivoli 2+\mz7DE",kCJK Web ;C:
http://www.tivoli.com/products/solutions/security/
x f> 3 "Pf 7.1
|
|
|
|
|
|
|
|
|
|
|
|||
||
||
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
XZ Tivoli PKI
Tivoli Public Key Infrastructure(Tivoli PKI)9&CLr\O$C'"7#IED(E:
¶ |Jmi/y]|GD"aM$w_T4)"""<M\m}V$i#
¶ T X.509 f> 3(PKIX)D+2\?y!a9M+2}]2+a9(CDSA)S\j<D'
V<GK)&LD%YwT#
¶ }V)pM2+-ia)KZ;WPO$yPEeD=(#
¶ yZ/@wD"a\&a)KnsDinT#
¶ S\(EM"aE"D2+f"PzZ7#z\T#
Tivoli PKI 53IZ IBM AIX/6000 M Microsoft Windows NT~qw=(OKP#|,TBw
*&\:
¶ IEO$PD(CA)\m}V$iDP'Z#*7O$iDf5T,CA T}V==)p?;
])"D$i#,1,|2)p$i7zPm(CRL),T7O$i;YP'#*Kx;=
#$d)p\?,zI9C2~S\,2F*2~2+T#i(HSM),g IBM 4758 PCI
Cryptographic Coprocessor#
¶ "aPD(RA)&mC'"aD\mNq#RA a)v)"'V5qn/D$i,Rv)"x
QZ(C'#\mNqI(}T/}LrK$v_==&m#
k CA `F,z2IT9C IBM 4758 PCI Cryptographic Coprocessor#$ RA D)p\?#
¶ yZ WebDGGgf9q!$idCO*]W,b)$iICZ/@w"~qwMd|?D,
gib(Cxg(VPN)h8"G\(M2+gSJ~#
¶ yZ WebD\mgf,RA @f9QZ("a1\;K<r\xGGjk,"Z)"$is
\m$i#
¶ sFS53\*?vsFG<FcdE"i$zk(MAC)#g{sF}]Z4ksF}]
bs;^Dr>},MAC IozzlbkV_#
¶ _TvZML5wLTs(BPO)9&CLr*"_\;(F"a}L#
¶ *S\}fa)/I'V#*KO$(E,KD Tivoli PKI i~IC$'zID(C\?x
P)p#2+TTs,g\?M MAC,<;S\,"f"ZF* KeyStoreD\#$xrZ#
¶ * IBM Directory a)/I'V#DirectoryT{O LDAP Dq=f"XZP'MQ7{$i
DE"#
¶ * IBM WebSphere Application ServerM IBM HTTP Servera)/I'V#Web ~qwk
RA ~qw-,$w,TS\E""K<jkM*$ZDSU=*F$i#
¶ * IBM DB2 (C}]ba)/I'V#
1
1Tivoli PKI "aPD@f8O
|
|
1.XZ
Tivoli
PK
I
Ev
1i/5P\ Tivoli PKI #$D2+&CLr1,vPG)5PJ1>$DC'EITCJb)
&CLr#g{3Kk*C=>$(g}V$i),ITa)J1DE"#GGksPD}]G
K<r\xKksDy!#g{QK<GGks,+I Tivoli PKI "aPD(RA)&mKks,
Tivoli PKI O$PD(CA))"K$i#GGksDG<M$i$tZQS\D"a}]bP#
@@GGksM\mb)G<G\mNq#P1zDi/adC Tivoli PKI 4T/4Pb)Nq
PD3)?V,"RPLr@@"a}]#d`1d"a1xP+?PO#
Tivoli PKI "aPD@f(RA @f)G<NC'gf(GUI),CZ&mGGks"\ma{D
G<#|w*"a14'VzDNq,}g:
¶ @@}ZszDGGks,TK<r\x|G
¶ <8i/,TlwXb`MrtZX(C'D$iG<
¶ 4iG<Dj8E"
¶ hC$iDP'Z
¶ I!Yw,T|D$irGGksD4,#
¶ TG<xP"M,T5wYwD-r
¶ Z(4T8] PKCS #12D~D$i(C\?V4ks
RA @fG2+!&CLr#*9C|,zXk_P4PX(NqD(^,,1Xk(}v>}7
D}V$i4;O$#
`Xwb
Z53D:I*"a1;
Z103D:CJ RA @f;
2
3Tivoli PKI "aPD@f8O
2.Ev
gNYw?
>ZPDwba)Kzw*"a1DNqD-r%xD8<,}g:
¶ <8/@w"20 RA @f
¶ q!zD/@w$iMZ(,TI*"a1
¶ i/""a}]b,T&mksM$i
I*"a1ZICJ RA @fT\m$i"ks$i.0,zXkGG*QZ(D Tivoli PKI "a1#K}
L|,8v=h,dP3)XkI53\m1&m#
>ZhvKI9C RA @f.0XkjID$8Nq:
__=h 1. w*;vC',HdG53\m1,Xkq- System Administration GuidePD=h,
+Z;v"a1mS=53P#
__=h 2. hC Web /@w,9|IKP RA @f#
__=h 3. CJ Tivoli PKI GG Web 3f,Tq!X*D$i#
__=h 4. *zD Web /@wks CA $i,;sks/@w$i#zDi/&a)XZy&
!qD/@w$i`MD8<MZ(z\mD"arD{F#
__=h 5. liGG4,"7OQ20$i#
__=h 6. Q)"$is,Xkksw*"a1$wD(^#+ks+]xZ;vZ(D"a
1,"*CC'a)za;$ikss5XxzDksj6#
__=h 7. Z;v"a1Xkq- System Administration GuidePD=h4Z(z*BD"a1#
__=h 8. SU=QGGz*"a1D7Os,20 RA @f#
g{Tsh*|DZ20}LPhCD1!/@w,rg{h*|D RA ~qwD
Web X7,IXBdC RA @f.
tC/@wtC/@w.0,k7#zDzwzcKP RA @fDTB*s:
¶ Intel <Z®&mw,RAM AY* 64MB
¶ 'V VGA VfJ(r|_VfJ)DFczT>w
¶ Microsoft Windows 95"98 r NT Yw53
tC RA @fD Web /@w:
3
5Tivoli PKI "aPD@f8O
3.gNYw?
1. 20'VD Web /@w.;:
¶ Netscape Navigatorr Communicator,v"Pf 4.7 x
¶ Microsoft Internet Explorer,"Pf 5.0 r|_f>
TZ Internet Explorer,Xk_P Javaibz(JVM),"Pf 5.00,9(f> 3167r
|_f>#Z383D:CZ Internet ExplorerD JVM;hvKgN7(z}ZKPD JVM
D"Pf,gPX*,CgN}6#
":Xk20 Netscaper Microsoft V"D/@wY=f>#4TZ}=)&LDf>I\
^(}7T>E",HdGT}"oTbDoTKP!&CLr1#
2. ^DzD Web /@w:
¶ Z NetscapeP,r*W!nK%,tC Java#
¶ Z Internet ExplorerP,r*!nK%,tC Java#
":XZ RA @f!&CLrhsDnBE"Z"P5wPa)#"P5wZ Tivoli Public Key
Infrastructure Web>cPa):
http://www.tivoli.com/support
CJGG Web 3fCJ Web 3fxPGG:
1. q!zi/D Web X74CJGG Web 3f#Web X7_PTBq=:
http://MyWebServer:port/MyDomain/index.jsp
dP MyWebServer:portG20K Tivoli PKI "aPDD~qwDwz{MKZ#MyDomain
GC Tivoli PKI 53OD"arDdC{F#}g:
http://MyWebServer:80/MyDomain/index.jsp
2. r** RA @ftCD/@w#
3. dk Web X7:
¶ Z NetscapeP,Z;CD>rPdk Web X7#
¶ Z Internet ExplorerP,X7D>rPdk Web X7#
4. 4 Enter |#
T> Tivoli PKI GG Web 3f#TZ1!20,C3f{FG0>$PD1#
5. g{zGZ;N9C Tivoli PKI GG~q,%w20RGD~qw CA $i#
K$i9zD/@w\;SGG~qPO$(E#B;Nz9Cb)~q1,zIT!TK
=h#
ks/@w$i>ZhvgN9C Tivoli PKI GG3f4ks/@w$i,TcIKP RA @f#
":w*"a1,2I\h*GG~qw"h8r$"a3K#XZG)NqDoz,kN<
6Tivoli PKI C'8O7#
q!P'$iD=hI\ar(F"a$_D=(;,x;,#TBV[r%hvKy>=h#
k*5zD53\m1TqCJOz>cD}LE"#
6 f> 3 "Pf 7.1
|
q!zD/@w$i:
1. SzD/@wOCJGG Web 3f#
2. Z$iGGxr:
a. !qGG`M → /@w$i#
b. !qYw → GG#
c. %w7(#T>zjkDGGm%#
3. q- Web 3fOD8>E"jIVN#;2P=?V:
¶ ;vxPD>rDGGE"?V,CD>rCZzya)XZT:DE"#
¶ ;vxPD>rD$iksE"?V,CD>rCZza)zk*D$iE"#g{z;
PZK?VI!VNPa)5,Tivoli PKI aa)kzks$i`M`X*D1!5#
Xp"bTBVN:
$i`M
!qzDi/#{zv>D/@w$i`M,TCJ RA @f#Z363D:a)D$
i`M; hvb)$iD`M#
Z/@wO20 CA $i%wq!`&D CA $i,C$if]K$i`M#g{z%wK4%,M"4BX
CA $i#
K$i9zD/@w\Zz9C RA @f1S"a$_O$(E#g{r*;)-r
zQ-_P`,D CA $i,GzM;h*m;v CA $i#
gSJ~X7
*!qgSJ~(*,zXka)zDgSJ~X7#
gSJ~(*
!qK!n,TSUXZjka{DgSJ~#
":g{ZzDi/P,RA ~qw20Z Windows NT=(O,"a&\dCD~
(raconfig.cfg)I\h*|B8r SMTPwz,TtCC&\#XZj8E",
kND Tivoli PKI Customization Guide#
aJ&p
7#G!za)DxVs!4DaJ&p#Ts2Xk*@KaJ&p,TliGG
ksD4,#
r{ (I!)dk$i+20DzwDwz{(zDzwDwz{)#dMivB,I!
TKVN,}GQ8>z9CKVN#
g{zh*XZVNDx;=oz,kiD6Tivoli PKI C'8O7D:N<;;Z#
4. %wa;GGks#
Tivoli PKI SUGGm%s,ai$TBE":
¶ g{m|,ms,|aT>zDms#xP|D"%wXBa;GGks#
¶ g{m;|,ms,m;v Web 3faT>zDksj6#
5. 7#G!zDksj6#Ts|aj6zDm],by,zMITliks4,,"Z$i
<8C1SU|#4PTBNN;nYw:
7Tivoli PKI "aPD@f8O
3.gNYw?
¶ + Web3fSOi),TczI5XAK3f"lizD$i#bG5XTli4,Dn
r%=(#
¶ G<Kksj6,Tc1z5X1ITa)|#w*;v2+k),I\*G<ksj
6,x;\Gq*4,3f4(Ki)#
¶ g{ZGGVNO8(*SUgSJ~(*,IH}ksj6(}gSJ~=4#
liGG4,*lizGGksD4,,IT5X=GGZdQmS*i)D Web3f,r_jITB=h:
1. CJGG Web 3f#
2. SGG`M!qzksDGG`M#
3. SYw!qli4,#
4. %w7(#
T>|,KZzITq!NNzksDE".0zXkO$zm]DVN#
5. ZKVNPa)E":
¶ Zksj6|kzZa;GGm%sT>Dksj6#
¶ ZaJ&p|kza)=GGm%O`,DaJ&p#
6. %wliGG4,#
T>{",mwzDksD104,#
¶ g{zDksTZsz,ITs5X"YNli#
¶ g{Q)"zD/@w$i,%wliGG4,1BX|#
7. g{h*,i4zD$i,q- Web 3fOD8>E"#
q!(^Zks53\m1Z(z RA @f.0,kjITBNq:
¶ ks/@w$i,"8(z+\mD"ar#
¶ +/@w$i0dIf] CA $iBX=zD Web /@wP,
20 RA @f20 RA @fD}L_P=?V#20~qwm~1,53\m1Xk!q"aPD@f420
!&CLrD203s#;s\m1XkV"3s,r9.ZzDxgOIC,TczIS$w
>KP20Lr#
":g{ZT0KPK20r<D,;zwO20 RA @f!&CLr,r20r<;\YNK
P#g{ZbT73P9C Tivoli PKI,I\*Z@"DzwO20020r<1M RA @
f,Tcz\X4dC}L,1=<8C+53C*zz==#
9CTB}L,KP RA @f20Lr RADInst.exe#
1. 7#zD$w>zcZ53D:tC/@w;PPvD*s#
2. S53\m1q!z+\mD"arD Web X7#
3. q-zDi/D8>E",4F"CJrBX RA @f203s#
4. XUyPn/DLr#
8 f> 3 "Pf 7.1
5. !q*< → KP,%w/@,(; RADInst.exeD~,"%w7(TKPLr#
6. 4i06-10ZODE","%wB;=#
7. g{*+m~20Z1!;C(c:\Program Files\IBM\Trust Authority\RA desk),rZ0!q
?j;C10ZO%wB;=#qr,k%w/@,!qrdk;,D?jD~P,;s%
wB;=#
8. Z0!q/@w10ZO,!qz*w*1!/@wTCJ RA @f9CD/@w#
":;P,120K Microsoft M Netscape/@wR|G<o=yhD"Pf6p1,Ea
4=K0Z#
9. Z0!qwz10ZO,dk20"aPDD~qwD WebX7#Xk4TBq=dk,d
P h o s t n a m e : p o r t G20"aPDD~qwDibwz{M2+KZE,
RegistrationDomainName G*zDi/D"ardCD{F#
https://hostname:port/RegistrationDomainName
}g:https://MyRAserver:1443/MyDomain
10. g{*9C1!LrD~P(IBM SecureWay Trust Authority),kZ0!qLrD~P10
ZO%wB;=#qr,dkr!qz*9CDD~PD{F,;s%wB;=#
11. Z0*<4FD~10ZO,4iz*KN RA @f208(DhC#g{zbzD!q,
k%wB;=#Lr+D~4F=*sD;C#
12. Z020jI10ZO:
¶ g{*4i Tivoli PKI z7TvD~,k%w4!rTi4TvD~#%wjIs,T
vD~+Zz!qD/@wPT>#
¶ %wjI,jI20}L#
20jIs,RA @fM RA @fdCZ*<K%P,;ZLr → IBM SecureWay TrustAuthority #
XBdC RA @f20 RA @fs,I|DCJ!&CLr1*9CD1!/@w,"|Dw\!&CLrD RA
~qwD Web X7#9CTB}LxPb)|D#
1. !q*< → Lr → IBM SecureWay Trust Authority → RA @fdC#
2. Z0!q/@w10ZO,!qCJ RA @f1*9CD/@w#
3. Z0!qwz10ZO,dkw\ RA @fD RA ~qwD Web X7#Xk8(2+wz
{"KZE,T0zh*\mD"arD{F(r{;\|,Uq)#}g:
https://NewRAServer:1443/NewDomainName
4. Z0!qLrD~P10ZO,;*vNN|D,%wB;=#
5. Z0*<4FD~10ZO,4iyvD|D,;s%wB;=#
6. Z020jI10ZO,%wjI,jIXBdC}L#
9Tivoli PKI "aPD@f8O
3.gNYw?
CJ RA @f?N*t/ RA @f1,XkWH4PTBYw:
1. g{zD"a1$iZ Netscape/@wP,kXUNN}ZKPD Netscapea0#
2. Z WindowsNq8O!q*< → Lr → IBM SecureWay Trust Authority → RA @f#
ks RA @fD Web X71,Web /@wM~qw,bt/2+(M'zO$D)a0#
Z~qwI5X WebX7Z]1,zXkO$*P'"a1#/@wa>zv>$i#Ca
>r9CD/@w;,x;,#
3. v>zD"a1$i#
":g{9CDG Internet Explorer,rZ/@wa0}LP,/@w+T/a;O;Nr~
qwv>D$i#";a>zxP7O#*v>;,D$i,XkKv"XBt//@
w#
Web /@wBX"u</ RA @f!&CLr:
¶ ZBX!&CLr}LP,I\aZ/@wA;W?4=;){"#}g,I\a4=m
>/@w}Zu</ JavaD{"#
¶ u</}LP,I4=m>}LjIivDxHu#g{u</}LPvVms,rxH
u#9,I4=;c/f{"#
jIu</s,I4= RA @f#|Q-IT9C#z\*<\mkzD$iX*D"arD"
aksM$i#
":g{S NetscapeCJ RA @f,R-};N1d RA @fO;PNNn/,r Netscapea
a>zYNu<v>$i#C=SD2+T#$zDi/,T@t1iv9zZKv RA @
f.0k*@f#
&mi/!qi/!n(,<8i/#zITCi/G#w7,rIlw;i_P+2XwDG<#2I
^FlwDG<},"8(i41;3T>`YG<#
a;i/Zi/!n(,<8;vi/,C4lwGGr\?V4ksT0z*&mD$iG<#I+i
/("Zksr$iD104,Dy!O,r("Zd|BM''XwDy!O#Zb=V`p
P,I9Cd|ICVNx;=E/i/#
1. 9C!n(ODVN,<8i/#I(}iOyhDNb`YICVN4E/i/#Z293
D:i/VN;hvb)VN#
¶ 1z+bjFA3vVNO1,!n(DW?aT>CVNDoz#
¶ zIKPi/x;X8(T:DNN5#b+lwyP]RDksG<,x;\|GDd
|Xw#
2. g{h*,|DlwDG<}D^F#
3. g{h*,|Di4a{!n(ODa{1;3T>DG<}#
4. <8Ci/1,k%wa;i/#
H}i/a{1,xHuT>i/}LDxH#i/a{Mw1,T/T>a{!n(#
10 f> 3 "Pf 7.1
5. Za{!n(O,iR*&mDG<#
`Xwb
:lw}ZszD$iks;
:lw}ZszD\?V4ks;
:lw''$i;
Z323D:$(ei/;
lw}ZszD$iksZi/!n(O,4PTBN;Yw:
¶ I;X8(zT:DNb54KPi/#bk8(}ZszD4,`,#
¶ g{h*,;*|Di/`MPD!q,"8(*lwDG<Dd|Xw#}g,YhzD
-m*szZ&md|}ZszDks.0&m3KD"aks#IZi/P8(KKD{
F#
lw}ZszD\?V4ksZi/!n(O,Ilw}ZszD\?V4ks:
1. Zi/`MO!qy]V44,"{FM|BUZ#
2. Z\?V44,O!q}Zsz#
3. %wa;i/#
`Xwb
Z183D:K<\?V4ks;
Z193D:\x\?V4ks;
lw''$iZi/!n(O,<8;vi/,C4lw+ZX(1ZZ''DI|B$iDG<#
1. Zi/`MO!qy]I|BTM''#
2. r*I|BT&DPm,"%wI|B#
3. E/zDi/,;lwZX(1ZZ+''D$iDG<#Z''UZ6':
¶ ZTdkr!qng''UZ#
¶ ZAdkr!qnY''UZ#
`Xwb
Z173D:|DP'Z;
SUz!qUZSUzP!qUZ,x;GZUZVNPdkUZ#
1. %wVND>rT_D!Uz<j#
r*Uz,ZVNPT>10BrUZDB#
2. *!q;,j,k%wUzODj#+T>Pm,SPI!qj#
11Tivoli PKI "aPD@f8O
3.gNYw?
3. *!qB,k%w10B{FT_D}7.;#s}7T>0;B,R|7T>s;B#
4. *!qU,k%wCBP#{!qDU#
XUUz,ZVNPT>!qDUZ#
hClw^FZi/!n(O,I^FlwDG<},49|`G<}ki/%d#hCD^FvCZ}Z<
8Di/#
1. Zlw^FBr*Pm"!q^F#1!5* 150#
K^Fa0li/a{Ds!#
2. 8(i/Dd`?V#
hC?3DG<}Zi/!n(O,I^Fa{!n(P?3T>DG<}#hCD^FvCZ}Z<8Di/#
1. Z?3G<}P,4PTBYw:
¶ r*Pm"!q^F#
¶ dk}5T2GT>D1!5#
C5XFi/DT>#
2. 8(i/Dd`?V#
q!&mZdD4!%wNN!n(OD|n4%s,feW?D4,xT>&mzDksDxL#
&ma{!qa{!n(,T>i/a{#
!n(IT>;9;vlw=DG<#?3DG<}!vZa;i/1!qD5#
i4i/a{KPi/s,IZa{!n(Pi4a{#
i/a{DmP?;P<|,ki/%dDG<#TZy]ks4,"{FM|BUZMy]I
|BTM'',mP|,TBP:
{F kksr$i`XD{F,4TBq=T>:UO,{V
ks4,
GGksD104,,}g0QK<1#Z373D:GGks4,;hv?v4,5#
4P4,
&mksD104,,}g0Q;61#
8]4,
\?8]ksD104,#
ns|B
kksr$i4,`XDUZ#
12 f> 3 "Pf 7.1
|
|
||
|
|
|
|
|
|
|
|
SUUZ
SUGGksDUZ#
TZi/`My]ks4,"{FM|BUZ,mP|,TBb)P:
{F kksr$i`XD{F,4TBq=T>:UO,{V
4P4,
&mksD104,,}g0Q;61#
8]4,
\?8]ksD104,#
V44,
\?V4ksD104,#
ns|B
kksr$i4,`XDUZ#
SUUZ
SUGGksDUZ#
i4i/a{:
1. iRh*DG<#I4PTBNNYw(g{PzZziRh*DG<):
¶ v/m,TPw{s!,rErmPDP#
¶ F/=?v3f,i4|`a{#
2. iR*&mDG<1,g{h*,I4PTBYw:
¶ !q;vr`vG<,"+|Gw*;ixPYw#
¶ !q%vG<,i4|`j8E"#
":g{;lwh*DG<,r5X=i/!n(:
¶ g{i/;}7,k|D,;sYNKP#
¶ g{i/}7,khClw^F,Tlw|`G<,;sYNKPi/#
`Xwb
Z123D:hC?3DG<};
i4`3ODa{Za{!n(P,i/a{I\<]`3#3fD}?!vZki/%dDG<}M*T>G<
8(D3fs!#4,xrT>2P`Y3f#
¶ %wB;3,FACiDB;3#
¶ %wO;3,FACiDO;3#
¶ *xX;98v3f,5X=i/!n("XBa;i/I\a|l#;sa{!n(YN
T>i/a{DZ;3#
13Tivoli PKI "aPD@f8O
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
3.gNYw?
T>3nDj8E"Za{!n(P:
1. Zi/a{mP,!qzDi/a{PDG<P#
2. %wT>j8E"#
T/T>j8E"!n(,T>z!qDG<Dj8E"#
3. ZT>&Dj8E"!n(P,!qz*i4Dj8E"`M#
":2I(}Za{!n(O+wG<,r(}!qG<;s!qj8E"!n(,4T>CG
<Dj8E"#
`Xwb
Z163D:T%vG<xPYw;
i4nDtTZa{!n(P:
1. Si/a{mP!qG<#
2. %wT>j8E",Zj8E"!n(OT>G<D|`j8E"#
3. ZT>&Dj8E"!n(P,!qz*i4DtT`M#Z373D:j8E"i;hvt
TgNVi# 1!*y>tT#
4. i4m#
mP?PPvksr$iDtT#Z353D:ksM$iDtT;hvKkstT# m|,T
BP:
tT{F
tTD{F#
tT5 tTD5#ksr$iDP'ZPI|D5#
5. v/m,TPw{s!,rErmPDP(g{PzZjIzDNq)#
`Xwb
Z173D:|DtT5;
i4Ywz7Za{!n(P:
1. Si/a{mP!qG<#
2. %wT>j8E",Zj8E"!n(OT>G<D|`j8E"#
3. ZT>&Dj8E"!n(,!qYwz7#
4. i4m#||,CnP'ZZD?vB~Dj8E"#
Ywz7PD?PhvKZCnOxPDYw#E"|,|"zDUZ":p=MNN`X
D"M#m_PTBP:
UZ ,;PPT>DYwDUZ#
y] xPYwD"a1D(P{F,rxPYwD RA Lr#
14 f> 3 "Pf 7.1
ks4,
GGksD4,,}g0QK<1#Z373D:GGks4,;hv?v4,5#
jI4,
&mksD4,,}g0Q;61#
"M "a1Yw1a)D"M#
5. v/m,TPw{s!,rErmPDP(g{PzZjIzDNq)#
`Xwb
Z353D:Ywz7B~;
Z!n(.dF/P1T/S;v!n(FAm;v!n(#}g:
¶ Si/!n(KPi/1,1i/a{T>Z RA @fO1,FAa{!n(#
¶ ksG<Dj8E"1,FAj8E"!n(#
¶ Sj8E"!n(jIYw1,FXAa{!n(ODi/a{#
d|1dZ!n(.dF/,;h%w*T>D!n(#Yw1,zav=TBiv:
¶ g{Zi4i/a{s5X=i/!n(,@;T>zDi/#
¶ g{ksmsnDj8E",rI5X=a{!n(ODi/a{#K&,I!q;,G
<,TT>j8E"#i/a{#tZa{!n(P,1=KPm;i/#
¶ !qKa{!n(OD3vG<s,^[N1FAj8E"!n(,j8E"!n(<aT
>CG<#g{a{!n(O4!qG<,rg{!qDG<;9;v,!n(;|,E
"#Zj8E"!n(Oa;Yw1,SC!n(e}E"#
":*<a01,RA @fVN;T>1!5#
w{mPs!*uEmqPs!:
1. QbjECZzkuEDPD_gO#
2. 4!sjs|,;srsrrRO/TDdPm#
3. ZzC=k*DmH1,E*sj4%#
y]PTmDPErZPDy!OTPEr:
¶ %wPjb#
¶ *T`4NrxPEr,kYN%w#
!qmPDG<I!q;vr`vG<:
¶ *!q%vG<,k%w|DP#
¶ *!qtI`ZG<,k%wZ;vG<,;s%wns;vG<14! Shift |#
15Tivoli PKI "aPD@f8O
3.gNYw?
¶ *!q;`ZDtIG<,%w?vG<14! Ctrl |#
¶ *!{!qG<,kYN%w|#
xPYwITGGksxPYw,r|B$iDG<#a{!n(Mj8E"!n(<|,ISP!qY
wDVN#zIxPDYw!vZzZ"ar(zGCrD"a1)PDmI(#
T`vG<xPYwZa{!n(P,mPD?P<Gi/a{PDG<#ITmPD;vr`vG<xPYw,r
IZYw.0i4;vG<D|`j8E"#
¶ i4`vG<1*Yw:
1. !q;vr`vG<#
2. g{h*,ZhCP'Z&8($iP'DP'Z#
3. g{h*,Z!qksE*D~&,*z}ZK<Dks8(;v;,DksE*D~#
Z363D:a)D$i`M;hvKk?vksE*D~X*D$i&\#
4. r*T!qDnxPYw&DPm,"!qYw#z(;ICDYwGIT&mb)G
<#
5. g{!q7zYw,Xk!qbyvD-r#Z!q7zD-r&,r*Pm"!q-
r#Z343D:7z$iD-r;hvK?v-rD,e#
6. g{h*,Z"MzDYw&,dk5wYwD"M#
7. %wa;Yw,a;T!qDG<xPDYw#
¶ Yw.0*i4G<D|`j8E":
1. !q|,CG<DP#
2. %wT>j8E"4%#
`Xwb
Z153D:w{mPs!;
Z153D:y]PTmDPEr;
T%vG<xPYw8(Yw.0,Zj8E"!n(OITT>DG<xPd||D:
1. ZT>&,!qz*i4Dj8E"D`M#
g{T>3nD&mtT,ITmPD;)5xP|D#
2. y]h*,|D3)tT5#Z353D:ksM$iDtT;hvKdP;)tT#
3. g{h*,ZhCP'Z&8($iP'DP'Z#
4. g{h*,Z!qksE*D~&,*z}ZK<Dks8(;v;,DksE*D~#
#Z363D:a)D$i`M;hvKk?vksE*D~X*D$i&\#
5. r*TT>DnxPYw&DPm,"!qYw#z(;ICDYwGIT&mb)G<#
16 f> 3 "Pf 7.1
":g{7zKzDYw,2Xk!q7zD-r# Z343D:7z$iD-r;hvKP'
D-r#
6. g{h*,Z"MzDYw&,dk5wYwD"M#
7. %wa;Yw,a;Yw#
`Xwb
Z153D:w{mPs!;
Z153D:y]PTmDPEr;
|DtT5Zj8E"!n(O,K<GGksrTjIDksxPYw1,I|D;)tTD5#
1. ZT>&,!q&mtT#
2. v/A*|BDtT#
I|BD5_P;vD>r(CZdkB5)r;vPmr(CZ!q;,5)#Z353D
:ksM$iDtT;hvKdP;)tT#
3. dkr!qk*D5#
":ksE*D~PD5I\2GzhCD5#
|DP'ZZa{rj8E"!n(O,K<GGksrTjIDksxPYw1,I|D$iDP'Z#
ZhCP'Z&8(UZ6'#*a)UZ,%wUzr*|,;s%wk*DUZ#g{*d
kUZ,r9CkUzyCD`,q=ndD>r#
¶ Z*<UZ&8($id*P'DUZ#
¶ ZaxUZ&8($i*<''DUZ#
a;Yw1,8(DP'Z+]= RA#
C(8<:
I+$iP'Z^D*(eDksE*D~^FZD\Z#}g,g{C'ks 1 jP'ZD$
i,zI+\ZuL*YZ 1 j#;x,g{h*S$P'Z,9.,vE*D~D^F,Xk
4PTBYw.;:
¶ \x$i,"kC'a;8(|$P'ZDks,}g 2 jD$i#
¶ ^DksE*D~"a;|D#Xk!q#V}ZszYw,1=xPKyP|D#
}g,g{*+$iS 1 j$i`M|D* 2 j$i`M,+^F$iP'Z* 18 vB,
k4PTB=h:
1. !q$iks,"+$i`M|D* 2 j$i#
2. !q#V}Zsz,;s%wa;Yw#
3. YN!q$iks,"4h+*<MaxUZ|D*^FP'Z* 18 vB#
4. !qK<,;s%wa;Yw#
17Tivoli PKI "aPD@f8O
|
3.gNYw?
8(ksE*D~Za{rj8E"!n(O,K<GGks1,I8(;,DksE*D~,TcZ4($i1
9C#
Z!qksE*D~&!qTB3n:
¶ SPmP!qksE*D~#PmODE*D~GJmz8(DE*D~#Z363D:a)
D$i`M;hvKk?vksE*D~X*D$i#
¶ !q9C10E*D~#bG1!5#|9zZ4910E*D~;GmIz8(DE*D
~1,2\Lx#
a;Yws,z8(DE*D~CZ&mksM4($i#
mS"MZa{rj8E"!n(O,ImS"M,T5wz}ZxPDYw:
1. ZxPYw&!qYw#
2. Z"MzDYw&,ZD>rPdk"M#n`\9C 512 vV{#
3. %wa;Yw,T|,|BG<1D"M#
a;Yw1,"MmS=G<P#
K<ksIZa{!n(rj8E"!n(OK<ks#
¶ g{9Ca{!n(,I!q;9;vG<4K<#
¶ g{9Cj8E"!n(,ZK<T>Dks.0,I^D;)tTD5#
SN;!n(:
1. ZxPYw&%wK<#
2. %wa;Yw#
K<\?V4ksIZa{!n(rj8E"!n(OK<\?V4ks#g{9Ca{!n(,I!q;9;v
G<4K<#
SN;!n(:
1. ZxPYw&%wK<\?V4#
2. %wa;Yw#
+ks#VZ}Zsz4,IZa{!n(rj8E"!n(O#Vks}Zsz#g{9Ca{!n(,I!q;9;v
G<,T#V}Zsz#
SN;!n(:
1. ZxPYw&%w#V}Zsz#
2. %wa;Yw#
18 f> 3 "Pf 7.1
\xksIZa{!n(rj8E"!n(O\xks#g{9Ca{!n(,I!q;9;vG<4\
x#
SN;!n(:
1. ZxPYw&%w\x#
2. %wa;Yw#
\x\?V4ksIZa{!n(rj8E"!n(O\x\?V4ks#g{9Ca{!n(,I!q;9;v
G<4\x#
SN;!n(:
1. ZxPYw&%w\x\?V4#
2. %wa;Yw#
|DI|BTIZa{!n(rj8E"|D$iDI|BT#I9I|BD$i;I|B,4.`;#g{
9Ca{!n(,I!q;9;vG<,;s|DCiDI|BT4,#
SN;!n(:
1. ZxPYwP,%wTBn.;:
¶ 9ksI|B
¶ 9ks;I|B
2. %wa;Yw#
]R$iIZa{!n(rj8E"!n(O]R$i#g{9Ca{!n(,I!q;9;v$iT]
R#
SN;!n(:
1. ZxPYw&%w]R$i#
":TsIV4$i,;x,;)$iDm^Z'',M^(V4$i#
2. %wa;Yw#
`Xwb:
Z203D:V4$i;
7z$iIZa{!n(rj8E"!n(O7z$i#g{9Ca{!n(,I!q;9;v$iT7
z#
7z$i.0,Xk9Cj8E"!n(,T4i$iP'Z#a;7zks.0,Xki$$
i10P'#
19Tivoli PKI "aPD@f8O
3.gNYw?
SN;!n(7{$i:
1. ZxPYw&%w7z#
2. Z-rB,!q-r#
3. %wa;Yw#
xPYws,4|BG<D&mtT#07z-r1tTahC*z8(D5#
`Xwb:
Z193D:]R$i;
:V4$i;
V4$iIZTB3V-r,I\*V4 CRL P]RD$i:
¶ *}%;YP'D$iD CRL#
¶ *XB$nT0]RD$i#
":g{$iZ}I1Z'',r;\XB$n|#
r*4"M$iXB$nD(*,Xk(}gSJ~rd|(E=="M(*#
IZa{!n(rj8E"!n(OV44T CRL D$i#g{9Ca{!n(,I!q;9;
v$iTXB$n#
SN;!n(:
1. ZxPYw&%wV4$i#
2. %wa;Yw#
`Xwb:
Z193D:]R$i;
"<$iI9Ca{!n(rj8E"!n(+$i"<x Directory#g{9Ca{!n(,I"<;9
;vD$i#
SN;!n(:
1. ZxPYw&%w"<$i#
":CYwCZTBiv:)"$i1,}#DT/"<'\#
lirDmI(Za{!n(rj8E"!n(O:
1. %wxPYw#
2. i4YwPm#
20 f> 3 "Pf 7.1
b)Gz&m$iG<M"arGGksD\&#g{z;_Pi4G<D(^,rPmO(;
D5G^ICYw#
Kv RA @f*S RA @fDNN!n(PKv RA @f,k4PTBYw.;:
¶ %wKv#
5X=CJ RA @fD Web 3f,}GzDi/*zhCKm;76#
¶ MsXUd|/@w0Z;yXU@f((}%wjb8ODdP;v!<j)#+XU/@
w#
6X RA @fg{h*S$w>}% RA @f!&CLr,k9CTB}L#
1. !q*< → hC → XFfe#
2. +wmS/>}Lr#
3. !q IBM SecureWay Trust Authority RA @f LrD~P,"%wmS/>}#
4. a>7Ok*>}Lr,%wG#
5. g{4=XZ3)D~P4>}D{",k%wj8E"#XkV$>}0j8E"10Z
PPvDNND~P,TS539W}% RA @f#
21Tivoli PKI "aPD@f8O
3.gNYw?
`XE"
>ZPDwb(erhvKk RA @fhCPD"a"$iM\m`XDEn#
GGGGCZjk$i#Tivoli PKI a)`VGG=(,zDi/D_T+v(D)=(GICD#C
'IT4PTBYw.;:
¶ (} Web/@wjI"a; Tivoli PKI GGm%#Z1! Tivoli PKI 20P,GGm%Z
F*>$PDD Web 3fO#zD>cI\Cm;v{FwCK3f#
¶ $"a|*G}=,;s(}$w>O20D Tivoli PKI M'z&CLra)$"a5x
Tivoli PKI#
w*"aPD(RA)"a1,XkGG$iTCJ RA @f#Ts,IT9CGG Web3f$
"ad|C'#
ITS RA @fi4SGGm%xk}]bG<PD}]#
$"aTivoli PKI 9Lrr\m1\;$"a$ZC'#
g{k*d{K$"a$i,bv=8gB:
¶ WH,h*qCXZk*$"aDKDE"#ITS{Gyr9Ci/G<qCb)E",
}g,4T}]bDE"#
¶ dN,(}zD Web /@wCJGG3f#P(CZ$"aK1DGGm%#
¶ kjIKm%,a)hvKKDE"M{yk*D$i`M#;sa;m%#
¶ liksD4,#
K<$"aks1,+SU=Bqj6"\kMK<ksD RA Web X7#
¶ I+b)E" * (}g0"gSJ~r_WT * a)xz*d$"aDK#*K=cp{,
2I!q+|,d|ksE"D$"aD~a)x{G#1{GMw,ITks$i1,K
KMIT9Cz"MDE"K#
XZ$"aNqZdD8<,kN<6Tivoli PKI C'8O7#
Web /@w'VTivoli PKI 9z\;(}jIMa;GGm%4(GGks,I(}TBN; Web/@wjI:
¶ Microsoft Internet Explorer,"Pf 5.0 r|_f>#
¶ Netscape Navigatorr Communicator,vTZf> 4.7x#
4
23Tivoli PKI "aPD@f8O
4.`XE"
*CJ RA @f,IT9CBP/@w.;:
¶ Microsoft Internet Explorer,"Pf 5.0 r|_f>
¶ Netscape Navigatorr Communicator,vTZf> 4.7x
"a"aG+}V$iZ(vxvKrd|5eD}L#Z Tivoli PKI P,u="a1,Lrr"a
1+@@GGksa)DE"#;s,;\ksGq;Z(,Tivoli PKI RA +Z"a}]bP4
(ksDG<#g{v(GZ($i,Tivoli PKI O$PD(CA)+)"$i#
L5_T1Lrw*"a19d$w1,|aQzi/DL5_T&C=;)GGE"P#|IT@@D
E"`M;gz@@DV`4S#5wrZ!?+7#}g,Z#$ZfPj]Dn!5#
Tivoli PKI 9zDi/+_TE"a)xbyDLr#Lr+Zd@@P9Cb)E"#
"aPDZ Tivoli PKI P,RA G;v~qw&CLr#|:p;)C'"aDXhD\mNq,|,:
¶ 7OC'm]
¶ i$QZhks__PksDtTMmI(D$i#
¶ K<r\xksT4(r7z$i
¶ ]RrXB$n$i
¶ i$"TCJ2+&CLrDC'_Pk$iPD+C\?X*D(C\?
9C RA @f,zITt/r8<;) Tivoli PKI RA DYw#
"a}]bTivoli PKI D"a}]bf""aG<#"a}]bG;vX5}]b,|I IBM DB2
®
(C}
]b4(#Tivoli PKI TG<S\#+(} RA @f,Z(D"a1IA!s?V"aE"#
"ar?v Tivoli PKI 53P%;D"ar#Kr(eKL5_T"$i_TMkzDi/PD"aM
$wX*DJ4#k*CJJ4DC'XkZrPTZCJ4Q"a#
120K RA ~qwm~1,M|,KJmi/4("a$_Dr\#|IT9C RA 'VDN
NoTM_T#r{"oTM20769IKCJi/D"a3fD Web X7#
}g,g{+C Web~qw|{* MyPublicWebServer,r{* MyDomain,rI9CTB Web
X74CJ"a$_:
http://MyPublicWebServer/MyDomain/index.jsp
Tivoli PKI 53|,;v1! Java~qw3f(index.jsp)#K3fZ"arD WebX7OT
>#|a)GG~q:
¶ $ZC'IT*AK Web 3fks$i,|Br7z{GT:D/@w$i#
¶ *'Vb)C',Xk*AC Web3f"q!zT:DCJ RA @f$i#;sIT9C|
$"ad|C'#
CJ RA @fT&mk"arX*D"aksM$i#
24 f> 3 "Pf 7.1
"aG<?v$iksGa;x Tivoli PKI RA DGGm%#?vGGks<Z"a}]bPzz;uG
<#KG<D|B43KksOD?NYw,uA|(ksD\x#g{4(K$i,`,DG
<+43kK$i`XDNNB~#rx,"aG<+|(ksDP'ZMX*D$iPDyP
B~#
G<tTZ"a}]bPDG<tTGhvGGksDd?#TZQjIDks,d?9hvQZ(D$
i#d|tT+GPzZzDi/S?dL5~_D&md?#"a1I(} RA @fi4;)
tT0|GD5#
$w$wG*5ervK4(}V$i#TZ Tivoli PKI,$wvZTGGksxP@@MK<sx
P#w*"aa{,O$PD(CA)+)"$i#TZ Tivoli PKI,)"D$i`MkzDi/
D5q_T;B#
O$PDZ Tivoli PKI P,CA :p)"kzi/D_T`;BD}V$iD~qwLr#
Tivoli PKI 'V;f$w,4 CA .dD`%ENT,b+`%D$iw*f5T$wS\#Tivoli
PKI ,y'V CA DcNa9#CA ENZcNa9PHdH6_D CA "SUG) CA D$
iw*f5T$w#
$i7zPmTivoli PKI RA (ZX"<$i7zPm(CRL)#CRL PvK;YP'D$i,Tczm|GD
$iVP_;Y;O$#
NN CA"RA r&CLr<ICJKPm,T7($iGqQ;7z#1C'T<CJzi/D
2+&CLr1,bG Tivoli PKI RA a)2+TD;V=(#
DirectoryTivoli PKI CZf"$iD DirectoryG IBM SecureWay Directory#K DirectoryI\Gzi/
("D(CZ Tivoli PKI D9C#r_,|2I\GzT0("D"CZd|&CLr#
Tivoli PKI CZCJK Directory D-iGa?6?<CJ-i(LDAP)#
(P{F(P{F(DN)G}V$iD Directory u?D*X#|(;Xj6 Directory DcNa9PD
u?;C#
$i$iG;v}V>$,|I CA )p,7#$i5P_Dm]#1k{K(ErksCJ2+&
CLr1,VP_IT9C$iw*O$#Z Tivoli PKI P,uA~qw"&CLrMh8(g
r!zMG\()<Xh5P$i,TcC'ITO$|G,T0|G.dDO$#
ZTB`pP,Tivoli PKI 'V X.509v3 $i:
¶ /@w$i
¶ ~qw$i
25Tivoli PKI "aPD@f8O
4.`XE"
¶ h8$i
¶ CJ{O PKIX D&CLrD$i
¶ CA D;f$i
Tivoli PKI ,y'VTB-i:
¶ SSL
¶ S/MIME
¶ IPSec
¶ PKIX CMP
1! Tivoli PKI 20a)yZOv`pM-iD`V$i`M#GG_ITks{O{Gh*D
$i#Z363D:a)D$i`M;hv$i`M#
/@w$i/@w$i(#GI Web/@wf"ZS\D~PD}V>$#;)&CLrJmz+\?f"
ZG\(rd|iJO#Z Tivoli PKI 53P,zI(} Web/@w1Sks/@w$i#T
s,g{h*,IT5X=GG Web 3f%|Br7zK$i#
CA $i5P$iIzm Tivoli PKI ~qwD?v/@w"~qw"h8r&CLr<Xh5Pf]D CA
$i#TZ4T5P Tivoli PKI CA )"$iD~qwDO$(E45,K$iGXhD#
ZzD/@wPXh5P Tivoli PKI CA $i,Tc9C2+ Tivoli PKI GG~q#zIZZ
;NCJ Tivoli PKI GG Web3f1q!K$i#ZK.s,^[N1zSGG~qks$i
1,<IBXf]D`& CA $i#
}g,g{kjk;v 2 jD SSL /@w$i,ITSU=;vkC$if]D CA $i#
":gZ Netscape"PfITS\I Tivoli PKI ~qwa;D>c$i#TZ~qwO$D(
EMM'zO$D(E,C$iGITS\D#+G,nBD Netscape"Pfh*M'zO
$Da0D CA $i#
~qwrh8$ig{|Gw5D;?V,IT*~qwrh8ks$i#k9C(} Web /@wa)DGGm
%#
}Zks$iD~qwrh8Xk9C PKCS #10ksq=#
$i)9$i)9G X.509v3$iq=PDI!*X#)99aO=Sr=$iPI*I\#Tivoli PKI a
);i$i)9,9zDi/I(F|)"D$i#b)=SVNF*L5}Ld?#
i4 RA @fODG<1,ITZT>&mtT14=b)VN#Z;)ivB,I\IT|B
|GD5#
$iP'Z1ks$i1,*u</P'ZTLxC>$D9CZ#1$i;7zrd''1,P'Za
x#
w* RA \m1,2IT]R"XB$n$i#
26 f> 3 "Pf 7.1
1$i|B1,Z"a}]bP+4(;uBG<#
$i]RMV4P1,I\*ks]R$i,}g,g{$iVP_3I$iD2+TQ96#,y,wijI
s,I\a*szXB$n]RD$i#b)Nq(} RA @f4P#C'IT)"ksT9$
i]R,+Xk(}gSJ~rd|(E==ksXB$n$i#XkT,y==&mTks_
D(*#
?v$i<P;vm^Z,("Z$i`MDy!O,"Z$iE*D~P(e#w* RA \m
1,IT|D1!m^Z#c5b6E;7(,ITZNb1LV4$i,a)4''D$i#
;)m^Z'',M^(XB$n$i#
IT]R$iDN}GIdCD,certificate_profiles.cfgD~PD max_times_suspendedN}I8
(C5#KN}D1!5Gc,b6E^^F#g{|D1!5,+&CTBiv:g{x-]
RX($i,rIT9C RA @fi4Q]R$iDN}#;)o=KK^F,+7z$i#2
ITi4JmDn`]RN}#XZgN^D$iE*D~Dj8E",kN< Tivoli PKI
Customization Guide#
I|BT$iDI|BTGITS RA @fDdDXw.;#
¶ g{z9$iI*I|BD,d;IDT;P',+VP_TIjkBD#5PI|BD$
i+r/GG}LM*"a6vD,&#
¶ g{z9$iI*;I|BD,g{VP_9h*$i,|GXkH=$i''E\YNG
G#{GGG1,Xka)yPDE",Cs{G}ZxPZ;N"a#
;)C'ITa;{GT:D|Bks:
¶ 5PI|B/@w$iDC'ITZGG Web 3fOjk|B#
¶ _PCZCJ{O PKIX D&CLrDI|B$iDC'IT9C Tivoli PKI M'z&CL
rks|B#
$i\?8]kV4nUC'ITa;ksT4(MV4|,|GD$iM(C\?E"D8]D~#g{\?VP
_;*NJ*'r|GK\?,KD~MGPCD#ITS/@wrM'z&CLrT PKCS #12
q=4(8]D~"+df"Z53D\?V4}]b krbdb P#
(} RA @f,"a1IT4ib)ks"Z(V48]D~#"a1ITS krbdb}]bi4
b\D\k"$irPEM"PLE"#g{K<Kks,8]D~+5XC'CZBX#\?
V4DK<(} RA @f\m#
"<$i1)"$i1,Tivoli PKI +T/"<$i#g{vVJO,"a1IT9C RA @f+b)$
iXB"<= Directory#
27Tivoli PKI "aPD@f8O
|
|
|
|
|
4.`XE"
\mITw*"a1$wT0,XkSF.9C RA @f&ks"SU Web /@wD$i#q!/
@w$is,XkZ?NkCJ RA @f1a;$i#*ZyP"aG<r4T RA @fDks
Oi4rYw,9Xk_PJ1DD~mI(#
>ZPDwbXZ9CM\m$i#
CJXFCJXFPm(ACL)O$"Z(Z? Tivoli PKI C'"h8Mm~#}g,ZITCJ RA @
f.0,RA @f'V!~qLr9C ACL %O$"Z("a1#
O$MZ(O$+a)m]$w,xZ(+a)4PYwDmI(#ZC'CJ2+&CLr0,Tivoli PKI
9zDi/aVxPO$MZ(#,y,$iVP_IT7E{G}Z9CD&CLrG2+
D#
"P\mTivoli PKI a)%;D"ar,+`v"a1ITZCrP$w#g{d{KQ-ZCG<$w
1,RA @f!~qLrM RA DhFI@9NNK|BG<#;x,`v\m1IT,1i4
,;vG<#
RA @f'V!~qLrRA @f'V!~qLrG+ RA @f~qa)x"a1D Tivoli PKI &CLr#1"a1KP
i/1,!~qLr+5XE",1"a1Z(|DG<1,!~qLr+|BG<#
ksE*D~Tivoli PKI a)1!ksE*D~/,zDi/IT9C|Gr/"aM$w#ksE*D~XF
tTMTGGksD&m#?vksE*D~|,;v$iD#e#\'VD$i`p_P;,
DksE*D~#
?nDksE*D~{FGdtT.;#g{h*,K<GGks1IT8(;,DksE*D
~#
I\a4=;vksE*D~{FkkstTPZ;p,xm;vky>tTPZ;p#bb6
E"a1r RA xL,12GKksE*D~#kstTPDE*D~QfGGksDd|tT
;p3a#y>tTPDE*D~G10ksE*D~#
28 f> 3 "Pf 7.1
N<
>ZPDwb|,Z RA @fOT>DVNhv"P'VN5T0tTD,e#wbDi/("
ZzZ RA @fN&h*E"Dy!O#
i/!n(Zi/!n(O,IT<8lw$i"\?V4rGGksE"Di/#
!n(_PTBXw:
¶ CZ<8i/DVN#
¶ CZKPi/Da;i/4%#
¶ CZNqDoz:
v !n(W?D4,xr#|T>X(ZVNDoz"Tivoli PKI {"M&mZdDxHu#
v !n(Doz4%#
1i/a{Mw1,RA @f+T/T>a{!n(#
i/VN<8i/1,9Ch*D!?`DVN#g{|Gkz!qDd|VN%`Eb,r;)VNa
;IC:
¶ Zi/`MP,%wTBn.;:
v y]ks4,"{FM|BUZ,lwGGksr|GD4,y!OD$iDG<#
v y]I|BTM'',lwh*I|BTr''E"D$iG<#
v y]V44,"{FM|BUZ,lw$i\?V4ksDG<#
¶ g{Zi/`M!qKy]ks4,"{FM|BUZ,MITy]h*9CTBVNE/
i/:
v 9Cks4,PDPmlw?v4,Dnrv_P;vX(4,Dn#SPmP,!qT
Bks4,5.;#1!!qG}Zsz#
+? ;\|GD4,,lwGGr\?V4ks#
QSU lwBSU=DGGr\?V4ks#
}Zsz
lw94K<r\xDks#;)}ZszksGBD"h*zvvv(#d|
ZzIT&m|G0}ZH}|x;=DE"#bG1!5#
QK< lw RA r"a1QK<Dks#X*$iD4,I\;,#
5
29Tivoli PKI "aPD@f8O
|
|
|
|
|
||
||
|
|
|
||
5.N<
Q\x lw RA r"a1Q\xK<Dks#
QjI lw RA r"a1QK<r\xDks#TZ&ZK4,DQK<ks,$iQ;
6xKC'#
v 9CTBVNvlwkX({FX*Dksr$iDG<:
– ZUOP,dkUO#2ITdk{FD*78vV8TlwyPTb)V8*7D
{F#}g,g{dk Smi,r+lw Smith"Smithers"SmileyMd|T0Smi1*7
DUOG<#
– Z{VP,dk{V#2ITdk{FD*78vV8TlwyPTb)V8*7D
{F#}g,g{dk0Joh*1,r+lw Johanna"John"JohanMd|T0Joh1*
7D{VG<#
v 9Cns|BDUZ6',vlwX(1ZZns|BDn#8(UZ6'#
– ^1!UZ#
– g{;ZNNVN8(UZ,rlwyPki/D#`?V%dDG<#
*a)UZ,%wUzr*|,;s%wk*DUZ#g{*dkUZ,r9CkUzy
CD`,q=ndD>r#
T 6'DngUZ#
g{9KVN#tUW,i/+lwZAVNPDUZT0CUZ.0|BD?
uG<#
A 6'PDn|UZ#
g{9KVN#tUW,i/+lwZTVNPDUZ1MUZs?uQ|BD
G<#
¶ g{Zi/`M!qKy]V44,"{FM|BUZ,MITy]h*9CTBVNE/
i/:
v 9C\?V44,PDPmlw?v4,Dnrv_P;vX(4,Dn#SPmP,!
qTBks4,5.;#1!!qG+?#
+? ;\|GD4,,lwGGr\?V4ks#
QSU lwBSU=DGGr\?V4ks#
}Zsz
lw94K<r\xDks#;)}ZszksGBD"h*zvvv(#d|
ZzIT&m|G0}ZH}|x;=DE"#bG1!5#
QK< lw RA r"a1QK<Dks#X*$iD4,I\;,#
Q\x lw RA r"a1Q\xK<Dks#
QjI lw RA r"a1QK<r\xDks#TZ&ZK4,DQK<ks,$iQ;
6xKC'#
4"T lw94"T\?8]r\?V4ksDGGks#
v 9CTBVNvlwkX({FX*Dksr$iDG<:
30 f> 3 "Pf 7.1
||
||
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
||
|
|
|
– ZUOP,dkUO#2ITdk{FD*78vV8TlwyPTb)V8*7D
{F#}g,g{dk Smi,r+lw Smith"Smithers"SmileyMd|T0Smi1*7
DUOG<#
– Z{VP,dk{V#2ITdk{FD*78vV8TlwyPTb)V8*7D
{F#}g,g{dk0Joh*1,r+lw Johanna"John"JohanMd|T0Joh1*
7D{VG<#
v 9Cns|BDUZ6',vlwX(1ZZns|BDn#8(UZ6'#
– ^1!UZ#
– g{;ZNNVN8(UZ,rlwyPki/D#`?V%dDG<#
*a)UZ,%wUzr*|,;s%wk*DUZ#g{*dkUZ,r9CkUzy
CD`,q=ndD>r#
T 6'DngUZ#
g{9KVN#tUW,i/+lwZAVNPDUZ1MUZ0?uQ|BD
G<#
A 6'PDn|UZ#
g{9KVN#tUW,i/+lwZTVNPDUZ1MUZs?uQ|BD
G<#
¶ g{Zi/`M!qKy]I|BTM'',MITy]h*9CTBVNE/i/:
v 9CI|BTPDPm,9i/yZGq$iGI|BD#SPmP,!qTB5.;:
I|BD
g{94'',r$iIT|B#
;I|B
;\|B$i#
v 9C''UZ6',vlw3v\ZZ*''Dn#8(UZ6'#
– ^1!5#
– g{;ZNNVN8(UZ,rlwyPki/D#`?V%dDG<#
*a)UZ,%wUzr*|,;s%wk*DUZ#g{*dkUZ,r9CkUzy
CD`,q=ndD>r#
T ngD''UZ#
g{9KVN#tUW,i/+lwZAVNPDUZ1MUZ0?uQ''r
+*''DG<#
A nYD''UZ#
g{9KVN#tUW,i/+lwZTVNPDUZ1MUZs?uQ''r
+*''DG<#
¶ 9CTB=vVN.;r,19C=vVN,XF&m"T>i/:
lw^F
*lwDnsG<},;[`YG<ki/%d#!qTBn.;:
31Tivoli PKI "aPD@f8O
5.N<
v 50
v 100
v 150
v 250(1!)
v ^^F(lwyP%dDG<)
3fs!
a{!n(D?3OT>DG<}#ITZb)3.dF/,iRi/a{Pyh
DG<#!qTBn.;rdk;v}2GT>D1!5#
v 10
v 15(1!)
v 20
v 25
$(ei/(;D$(ei/G1!i/,|lwyP}ZszDks#
lw^F!nZi/!n(O,hClw^FD!n*:
¶ 50
¶ 100
¶ 150
¶ 250(1!)
¶ ^^F(lwyP%dDG<)
b)!n+0la{!n(ODi/a{PDG<}#
?3G<}!nZi/!n(O,?3ODG<D!n*:
¶ 10
¶ 15(1!)
¶ 20
¶ 25
¶ dkDNb}(2GQT>1!5)
b)!n+0la{!n(ODi/a{T>#
a{!n(Za{!n(O,+4=KPi/Da{#!n(_PTBXw:
¶ |,i/a{Dm#
v ?P|,ki/%dDnDG<#
v ITZPP5Dy!O*PEr#
v IT*Pw{s!,T|D|GDmH#
v g{m3$ZT>DA;,rITv/a{#
v g{a{Z`v3fO,rIT%wB;3MO;3Ti4|G#
":zI\a"b=1ksB;3rO;31aPS1#1h*3)31,*S~qwl
w|G,yT;P103GZ>XICD#
32 f> 3 "Pf 7.1
¶ hC$iDP'ZDVN(g{#{hC)#
¶ 8(;,DksE*D~DVN(1K<ks1,g{#{hC)#
¶ &m;vr`v!(nICDYw!qPm#g{7zKYw,r9P;vCZ7zD-r
!qPm#
¶ CZT4PDYwxP"MD"MVN#
¶ CZ|j8XT>G<DT>j8E"4%#g{%wK4%,RA @f +T>j8E"!n
(#
¶ CZjI!qDYwDa;Yw4%#
¶ CZNqDoz:
v !n(W?D4,xr#|T>X(ZVNDoz"Tivoli PKI {"M&mZdDxHu#
v !n(Doz4%#
(}%wi/!n(,IT5XTE/i/r<8m;vi/#
\mYwz(;ICDYwGIT&mb)G<#I\a4=TBn.;#
K< KYwIK<ks,T9GG_\5PksD$i#
#V}Zsz
SYv(#1h*Sb?4q!E"rv*+"MmSAG<1,9CKYw#
\x \xks#
7z$i
ax$iDP'T#
]R$i
]1]R$iDP'T#
V4$i
XB$n]RD$i#
9ksI*I|BD
+;I|BD$i|D*I|BD#
9ksI*;I|BD
+I|BD$i|D*;I|BD#
"<$i
+$i"<= Directory#
K<\?V4
K<\?V4ks,T9GG_\5PQV4D PKCS #12D~#
\x\?V4
\x\?V4ks#
^YwIC
m>zv_PZ"arPi4G<D(^#
33Tivoli PKI "aPD@f8O
|
|
||
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5.N<
7z$iD-rg{*7z$i,Xk!qbyvD-r#TBG7{$i1IT!qDP'-r#
1T>G<Dj8E""i4d&mtT1,7z-rtTI\|,TBb)5.;:
Q96 CA \?Q96O$PDD\?
Qfz$i
C'Q5PBD$i,;Yh*K$i#
^-r C'Qks7zx4xv-r#
nu9C;YP'
$iVP_;Yh*$iCZdnuD9C#
C'|DDX*
C';Y_Ph*$iDX*#
C'\?Q96
C'D(C\?Q96#
j8E"!n(Zj8E"!n(O,IT=zSki/%dDG)G<Py!qDG<Dj8E"#!n(_
PTBXw:
¶ !qzk*i4Dj8E"`MDPm#Pm|,CnDYwz7MtZCnD8vtT
i#Z373D:j8E"i;hvKb)i#
¶ T>z!qDj8E"`MDm:
v g{T>KtT,r?P|,;vtT0d5#ITZK<GGks1|B;)5#
v g{T>Ywz7,r?PzmZnOQ4PDYw#
v ITZPP5Dy!O*PEr#
v IT*Pw{s!,T|D|GDmH#
¶ hC$iDP'ZDVN(g{#{hC)#
¶ 8(;,DksE*D~DVN(1K<ks1,g{#{hC)#
¶ zICDYw!qPm#g{7zKYw,r9P;vCZ7zD-r!qPm#
¶ CZT4PDYwxP"MD"MVN#
¶ CZ|BT>D"Bj8E"4%#
¶ CZjI!qDYwDa;Yw4%#
¶ CZNqDoz:
v !n(W?D4,xr#|T>X(ZVNDoz"Tivoli PKI {"M&mZdDxHu#
v !n(Doz4%#
(}%wi/!n(,IT5XTE/i/r<8m;vi/#(}%wa{!n(,IT5X
TLx&mi/a{#
34 f> 3 "Pf 7.1
|
Ywz7B~a{!n(ODi/a{mMj8E"!n(ODYwz7m_P`FDP#ks4,PhvG
GksOD RA Yw#jI4,PhvksD&m4,#
¶ Za{!n(O,i/a{m+T>i/a{P?nD104,#
¶ Zj8E"!n(O,Ywz7mDP+T>T0D?v4,,T0QT>nD104,#
ksM$iDtTTBtTV`*kstT#ITDd;)tTD5#
>$''UZ
$i*''DUZ#
>$DI|B4,
m>GqIT|B$i#
>$ UUID(C(;j6,zIDw|CZa)T}]bG<Dw}#
mszk
m>vVDms`MDZ?zk#KVNMms4VNhvK,yDms#
ms4 &m RA @fksZdvVmsD Tivoli PKI xLrd|*X#
{V jkK+{DZ;v*X#d;b(#GjkKD{V,+K5I\|,Pd{rPd
{DWV8#
jI4,
ksD&m4,#Ywz7+T>K4,#Z373D:GGks4,;+hv?v4,
5#
UO jkKDUO#
T0Dksj6
g{Q-|BK$i,rzmH0D"aksyzIj6D`kV{.#
"ar *$iVP_a)2+J4D"ar#
ksj6
zm*"akszIDj6D`kV{.#
ksE*D~{F
CZ&mGGksDX~#KE*D~|,$iD#e#ZKE*D~PD5+2Gz
I\vDNNd|^D(g{b)^DkE*D~;;B)#Z363D:a)D$i`
M;hvKk?vksE*D~X*D$iXw#
":i4G<DtT1,I\a4=PvK=vksE*D~#kstTI\Pv;
v,y>tTI\Pvm;v#bMb6E"a1}%3v1L2GKksE*D
~#kstTPDE*D~QfGGksDd|tT;p3a#y>tTPDE*
D~G10ksE*D~#
ks4,
GGksD4,#Ywz7+T>K4,#Z373D:GGks4,;+hv?v4,
5#
35Tivoli PKI "aPD@f8O
5.N<
ksd?
GG}LZdks_a)D5#
8]4,
\?8]ksD4,#
V44,
\?V4ksD4,#
$i)9)9T{F=5TDq=mS=$iP,xRI\Z*$iT>DtTP#TZk*9C2+&
CLrDvKD$i,TB$i)9GIS\D:
¶ y><x
¶ \?9C
¶ {F<x
¶ (C\?9CZ
¶ we8C{F
a)D$i`MTivoli PKI 53*|y'VD$i`pM-ia)`v$i`M#b)$iP;,.&,dP|(
P'Z#$iD$iD{F8>|DP'ZM\?Dw*C>#XZ;,XwDhv,kNDJ
cm#
CA ;f$i9VP|D CA (})" CA 9d$iIE#$ia)}V){M;IqOT#
1 jM 2 j}]S\JmVPKS\}]#K$i;CZd|?D#
1 jM 2 jgSJ~#$JmVPK9C2+`C>xJJ~;;(S/MIME)-i#K-i#$gSJ~rd|
MIME Ts#|a)"EKO$"E"Dj{T""EKD;IqOTM#\T#|Gn
UC'DdM!q#
1 jM 2 j IPSecoz7#(} InternetT Internet-i}]|N="MD}]Dj{TM#\T#IPSec
$iGCZ}]x;GCZC'D,-#+d8(x7Iw#
vCZ 1 jM 2 j\?S\JmVPKS\\?#K$i;CZd|?D#
1 jM 2 j;IqOTa)E"S\M}V/){&\,@9E"4D;IqOTrE"+]D;IqOT#
vCZ 1 jM 2 j)pJmVPK}V/)pD~#K$i;CZd|?D#
1 jM 2 j Web M'zO$Jm Web /@wNkM'O$D SSL a0#9CK$i,/@wC'ICJ;vXb
D2+ Web>c#$ia)}V){";IqOTM\?S\#|GnUC'DdM!
q#
36 f> 3 "Pf 7.1
1 jM 2 j Web ~qwO$Jm~qwNk~qwO$D SSL a0#$ia)}V){M\?S\#
GG_r_*{K$"aDKITks;vOJD$i`M#8(ksE*D~1,||,CZ
$i`M.;D#e#
":zy4{DPmI\kKPm;%d#zDi/I\Q-|DK{F,r_uA|DKa)
Djk#z4{DPm2!vZzT"arDmI(#
j8E"iZj8E"!n(O,IT9CT>VN!qk4DtTi#;GyPj8E"<IS RA @f
4{#;)tTvVZ`viP#zITi4Dj8E"V`P:
y>tT
k}]bG<Z>JOX*DtT#
kstT
hvGGksDtT#
&mtT
hvkzDL5_T;BD&mDtT#b)tT|,7z-rtT#
\?8]kstT
k\?8]ksX*DtT#PvKQ8]D PKCS #12D~D\k#
Ywz7
ZksrZQjIDksO4PDyPYwDm#
GGks4,yPD4,GYwz7PDB~#
ks4,|,TBwn:
QK< QK<D"aks#
QjI RA r"a1QK<r\xK"aks#TZQK<ks,$iQ;6xKC'#
":bG"aksDnUks4,#QjIksDjI4,G80lksDsLYwM
B~#}g,g{$iQ|Br7z,rjI4,+m>|,+Gks4,TGQ
jI#
}Zsz
I\Q4iK"aks,+|TZH}K<r\x#
QSU QSU="aks#
Q\x Q\x"aks#4)"$i#
jI4,|,TBwn:
Q;6 $iT;6=C'ITS\|D Web 3f#
;6Q7O
C'Q+$iBX= Web /@w#
Q)" QK<"aks,"RQ)"$i#
37Tivoli PKI "aPD@f8O
|
|
5.N<
4)" 94)"$i#K4,;m>GqQZksO4PYw#
Q|B Q|BkG<X*D$i,<BBDG<MBD$i#
Q7z Q7zkG<X*D$i,9|^'#
!n(DozRA @fa)TBoz,TZ|DyP!n(G+2D:
4,xr
KxrZ!n(DW?,|T>TBwn:
X(VNoz
sj;ZVNO1,+T>CVNDoz#
Tivoli PKI {"|GT>ZIv/DD>rP,"xP;v<jm>{"G/f9Gms#
xHu |T>QksDNN&mDxH#
oz4%
IT%wK4%T>}Z9CD!n(Doz#
":T>Doz9|,6"aPD@f8O7D?<#(}Z?<P%wdu?,IT
T>>iPDyPwb#
`Xwb
Z153D:Z!n(.dF/;
CZ Internet Explorer D JVM20 RA @fCZ Internet Explorer0,Xk_P Javaibz(JVM)DTB"Pf:
¶ "Pf 5.00,9(f> 3167r|_f>
*7(z_P MS JVM DDvf>,k4PTBYw.;:
¶ S Internet Explorerr* JavaXF(#
¶ r* DOS |nP"dkTB|n:jview
(fDf>E&1G 5.00.3167r|_f>#
g{h*}6 JVM,ITS Microsoft Technologies for Java Web3fBXyhD"Pf#
sjD|L8CYwg{;PsjxXk9C RA @f,kiDBm#
bj/9c;C w|
;cE"
,1sXBt/a0 F5 |
Kv RA @f# Ctrl-x
q!10T>D!n(Doz# F1 |
Z!n(P$w
38 f> 3 "Pf 7.1
bj/9c;C w|
Ss`}VNFA!n(j) Ctrl-O}7
!qm;v!n(j),T>C!n(# R}7*AB;v!n(#s}7*A
O;v!n(#
Z!n(Zv/# 4 PgDnrBv/#4 PgUprOv
/#
ZVNP$w
Ss`}VNFAB;VN# Tab
Ss`}VNFAO;VN# Shift-Tab
SmrD>xrFAB;VN# Ctrl-Tab
SmrD>xrFA0;VN# Ctrl-Shift-Tab
ZmP$w
CP5*PEr# Alt-n,dP n GT>PPDw}#}
g,*CZ~PEr,4 Alt-2#
*Pw{s!# ;Psj;I\4PKYw#
ZPdF/"!q;P# B}7rBF/;P#O}7rOF/
;P#
!qPD6'# 4 Shift-O}7r Shift-B}7!q6'
PD?P#
!q;,xDP# ;Psj;I\4PKYw#
Z;PPD%*dF/# 4 Tab |rRF/;v%*#4
Shift-Tab|rsF/;v%*#
g{I`-,r`-10%*# F2 |r*`-D%*#Enter|a;|
D"Kv%*#EscKv%*x;a;|
D#
&mPmPDn
r*Pm# O}7rB}7#
ZnPmPF/# B}7BF#O}7OF#
SPm!qn"XUPm# Enter|
XUPmx;|D!q# Esc|
Kv"FAB;VN# Tab
&m%!4%/(S;v%!4%/*;vVN)
Z%!4%dF/,"!q;n# B}7rBF/,O}7rOF/#
KvVN# Tab
hCUZ
39Tivoli PKI "aPD@f8O
5.N<
bj/9c;C w|
ZUZVNPF/bj# R|7rRF/#s}7rsF/#
SUZVNr*Uz# O}7rB}7
|DUzODj# 4 Ctrl-PgDn|r0F/;j#4
Ctrl-PgUp|rsF/;j
|DUzODB# 4 PgDn|r0F/;vB#4 PgUp
|rsF/;vB
|DAUzOB]D*<rax# 4 Home|F/=B]D*<#4 End
|F/=B]Dax#
|DUzODGZ# B}7rBF/;vGZ#O}7rO
F/;vGZ#
|DUzODl# R|7rRF/;l#s|7rsF/
;l#
F/=UzOqlDUZ# Ctrl-Home
!q;vT>DUZ# Enter|
XUUzx;!qUZ# Esc
&m|n4%
FA|n4%# Tab
4P|n# Uq|r Enter|
IQbp>Za)KKP RA @fDC(8<MIQbp(i#
¶ 9C Microsoft Internet Explorer/@w1,I\a4=TBkC'gf`XDJb:
v g{SU=Kk SSL`XDms,r!q$_ → Internet !n#Z0Internet!nhC1
0ZP,!q_6!n("%wV4,OhC4%#KYw+XB$n SSL 3.0#%w7(
"XUyPr*D Internet Explorer0Z#XBt/ RA @f#
v Zi/(fm`G<Q5Xs,xa{m4;|,G<#
KJbGIZT>!&CLr1DSYx<BD#IT(}%w/@wD"B4%TXB
t/!&CLrIbvKJb#
v ^(9Csj!qiOrDn#
g{/v0ZdZ!&CLrDxr.b,ravVKJb#g{!qKiOr.;44
rBv/fe,raZ0Pm1M0j8E"1fePvVKJb#by+<BZ!&C
LrW?_gBf/viOr#
bv=8G9C|L!qiOr#9COrB}7,;s4 Enter|rUq|#w*!q,
ITv/fe+iOrECZO_;C"|?|!&CLrDPd#
40 f> 3 "Pf 7.1
Jcm
>Jcm(eK>iPI\GBDr;#CDuoMu4T0A_I\PK$Duo#UkDu
oM(e4T:
¶ 6nB IBM® Fcz<uGd7,&<:McGraw-Hill,1994#
¶ 6@zzRj<E"53Vd7,@zzRj<-a X3.172–1990,@zzRj<-a
(ANSI),1990#
¶ 6#{Jbbp7,f> 3.0,S{#aG:RSA Data Security,Inc.,1998#
2A3
2+gS;W(Secure Electronic Transaction ,SET)G;VZ;IExgOxP=c2+DEC(rhG('6D$5j<#IZCj<+*s$iD"P,
yT|aOKV(K"LRM"(xPDm]O$#
2+"Pc((Secure Hash Algorithm ,SHA-1)|GI NIST M NSA hFD;Vc(,M}V){j<;p9C#Kj<G2+"Pj<;SHA GKj
<9CDc(#SHA zz;v 160 ;D"P5#
2+WSVc(Secure Sockets Layer ,SSL)xPTnUC'!I\8wDZC2+~qD IETF j<(E-i#|a)K;u}V/2+(E(@#
P SSL &\D~qw(#Zk HTTP j<;,DKZOS\ SSL ,Sks#Z=(wFbwwd;;E
ET("(EZd,SSL4(a0,K}L;h"z;N#ZK.s,(EMS\K#E"j{Tli+;
1Lx= SSL a0ax#
2+Tr(security domain )I,;v CA 4O$$iDi(+>"$wirES"L}gr~.)#I CA )p$iDC'ITENd
{IK CA )p$iDC'#
2B3
#\T(privacy )@94Z(D}]96#
>XoT'V(National Language Support ,NLS)z7Z?T;,oT73D'V,b|(oT"uR"UZM1dq=,T0}Vm>==#
j<(CjGoT(Standard Generalized Markup Language )
CZhvjGoTD;Vj<#HTML MGyZ SGML D#
;IqOT(non-repudiation )9C}V(C\?\bD~"PLJbqOTD5D)p#
2C3
Ywz7(action history )>$P'ZP}[DB~#
_TvZ(policy exit )Z"a$_P,I"a&CLrwC"i/(eDLr#Z?v_TvZP8(Dfr,|Qi/D5q
M2+T!n&C=GG}LP#
41Tivoli PKI "aPD@f8O
Jcm
cNa9(hierarchy )EN4PDO$PD(CA)Di/,TT)p CA r%KDy*<,"T)"$ixnUC'D CA ax#
,D>(hypertext )|,%J"Lor<NDD>,A_IT(}sjcwTlwMT>m;vD5#byD%J"Lor<
NF*,4SD>#y=lw,D>,MG4S=CD>#
,D>jGoT(Hypertext Markup Language ,HTML)T Web 3f`kDjGoT#|yZ SGML#
,D>Bq&m-i(Hypertext Transaction Protocol ,HTTP)(} Web *F,D>D~DrXxM'z/~qw-i#
iso(m>( 1(Abstract Syntax Notation One ,ASN.1);V ITU F(Dm>(,CZ(eE"}]Do(#|(eKm`r%D}]`M,R*j6b)`MM5
w|GD58(Km>(#1h*(eE"Diso(1,<IT&Cb)m>(,+;C\+db)E
"D`k==D<x#
+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol ,TCP/IP);i'V>XxMcrxDcTc,S&\D(E-i#
2D3
zm~qw(proxy server )ZksCJDFcz(Fcz A)M;CJDFcz(Fcz B).dDPi#rK,g{nUC'ksF
cz A DJ4,rks;(r=zm~qw#zm~qwrFcz B ks"q!l&,YQl&*"xU
KC'#(}Z?@p=4CJr,xJ4D}LPzm~qwpEX*DwC#
zk)p(code signing );VC}V){)pI4PLrD<u#zk)phFC4DxV<ZrXxODm~DI?T#
GG(enrollment )Z Tivoli PKI P,q!ZrXx9CD>$D}L#GG|($iDks"a"|BM7z#
GGd?(enrollment variable )kNDGGtT(enrollment attribute)#
GGtT(enrollment attribute )
|,ZGGm%PDGGd?#|D543KGGZd6qDE"#GGtTD5Z>$9CZZG;d
D#
gS3W(e-commerce )LR=LRD;W#|,(kKM"a)L")&LMd{K)ZrXxOrtL7M~q#|GgSL
qDw**X#
gSLq(e-business )(}xgMFczxPL5;W#||(rtL7M~q#9|((}}V(E*FJp#
%c CA(top CA)Z PKI CA cNa9%cD CA#
TF\ku(symmetric cryptography )
9C`,D\?4S\Mb\D\ku#|D2+T!vZ\? * \?9\Mb6NNK<IT`kMb
k{"#;P1\?#\,(EEG#\D#kTUGTF\ku(asymmetric cryptography)#
42 f> 3 "Pf 7.1
TF\?(symmetric key )ITS\`Ib\D\?#m{TF\ku(symmetric cryptography)#
Ts(object)ZfrTsDhF`LP,k}]`XDisb0}]MYw#m{`(class)#
Tsj6(object identifier ,OID)y>Z\m,8(xiso(m>( 1(ASN.1)P(eD`MD}]5#
Ts`M(object type )ITf"Z Directory PDTs#}g:i/"aiR"h8"K1"Lrr}L#
`&\rXxJ~)9(Multipurpose Internet Mail Extensions ,MIME);WTIICDf6,9CT;,V{/`kDD>IT`%;;#,129`=egSJ~JCZ9C
rXxJ~j<D`V;,Fcz53#}g,}K US-ASCII"v?D>"<qMytb8VV{/,gS
J~{"9IT|,d|V{/#
2F3
@p=(firewall )xgdDxX,CZ^Fxg.dDE"w/#dMX,@p=D?DG#$Z?Dxg,@94Z(D
b?C'9C#
CJXFm(access control list ,ACL);VTQZ(C'^F9CX(J4DzF#
GTF\ku(asymmetric cryptography )
\kuGC;,D"GTF\?xPS\Mb\#?vC'IU=;T\?:;vyPKICJD+C\
?M;vvC'*@D(C\?#1+C\?M`&D(C\?`%d1,t/;Wb\,byM\xP
2+;WK#b2F*\?T\ku#kTUTF\ku(symmetric cryptography)#
qO(repudiate )IZ;f5x\x;}g,qO"MK8({"ra;K8(ks#
~qw(server)(1)ZxgP,*d|>ca)&\D}]>c,}g,D~~qw#(2)Z TCP/IPxg53P*d|
>c53Dksa)&mD53,F*M'z/~qw#
~qw$i(server certificate )I CA )"D}V$i,9 Web~qw\&myZ SSLDBq#1/@wC SSL-ik~qw,S1,
~qwa"x/@w;v+C\?#K\?I'V~qwm]O$#,1|2'V*"Mx~qwDS\
E"#m{ CA $i(CA certificate)"}V$i(digital certificate)M/@w$i(browser certificate)#
2G3
+2S\a9(Common Cryptographic Architecture ,CCA)IBM m~,|9s`} IBM Fc=(<\T;BD=(IC\ku#|'VIC;,D`LoT`4D&
CLrm~#&CLrm~ITwC CCA ~q4jIs6'DS\&\,|( DES M RSA S\#
+2}]2+Te5a9(Common Data Security Architecture ,CDSA)*yZFczD2+T&CLrx4(Dfr2+T~qM2+T\m(eD[O=(#|I Intel hF,
T9Fcz=(T&CLrxT|*2+#
+2xXSZ(Common Gateway Interface ,CGI)Z Web 3fM Web ~qw.d+ME"Dj<=(#
43Tivoli PKI "aPD@f8O
Jcm
+C/(C\?T(public/private key pair )+C/(C\?TG\?T\kuEnD;?V(1976j,I Diffie M Hellman*bv\?\mJbx}
k)#Z{GDEnP,?KqC;T\?,;vF*+C\?,m;vF*(C\?#?vKD+C\?
G+*D,x(C\?G#\D#"M=MSU=;h*2m#\E":+?(Ef0D;G+C\?,
R(C\?"4+dr2m#;Yh*EN(E(@D2+,T@9T}r9\#;*s+C\?k|G
DC'T;VIE(O$)D==(}gZIE?<P)`X*#(}9C+2E"NNK<\"Mz\
{"#;x,C{";\I(C\?b\,$ZDSU=(;5PK(C\?#Kb,\?T\ku;v
CZ#\T(S\),9CZO$(}V){)#
+C\?(public key )(C/+C\?TPTd{KP'D\?#|9d{K\k\?DyP_xPBq&mri$}V){#
C+C\?S\}];\(}`&D(C\?4b\#kTU(C\?(private key)#m{+C/(C\?
T(public/private key pair)#
+C\?y!a9(public key infrastructure ,PKI)yZ+C\?\kuD2+Tm~Dj<#PKI G}V$i"O$PD""aPD"$i\m~qMV<=
?<~qD53#C4i$rXxOf0BqDw=Dm]M(^#b)BqI\f0=h*i$m]D
Yw#}g,|GI\*7Oav6jDp4"gSJ~{"Dw_rpZ5q#
PKI (}CC'D+CS\\?M$iTP'vKri/DO$P'45VK?D#|a)D*z?<|,
CZi$}V$i">$M}V){D+CS\\?M$i#
PKI *+CS\\?Di$i/Mksa)lYP'Dl&#|96p53P1ZD2+T~2",$J4
T&m2+%f#ns,PKI 9*X*DL5Bqa)K}V1dAG~q#
+C\?\kuj<(Public Key Cryptography Standards ,PKCS)G}=D)&L.dDj<,|GI RSA 5iR0;,Fcz)&LDzmZ 1991j*"#Cj<|,
RSA S\"Diffie-Hellman -("yZ\kDS\")9D$io("S\{"o("(C\?E"o(M
$wo(#
¶ PKCS #1hvK9C RSA +C\?\k534S\}]D=(#<ZCZ}V){M}VEbD9l#
¶ PKCS #78(\k{"D;cq=#
¶ PKCS #108($wksDj<o(#
¶ PKCS #11*\kh8(}g:G\()(e<u^XD`LSZ#
¶ PKCS #12*f"r+MC'D(C\?"$i"d|X\E"H8(;VIF2q=#
zJj</i/(International Standards Organization ,ISO)*!=F-s=Fczxg-iDyP+w*"0+<j<DzJi/#
zJgE*K(International Telecommunication Union ,ITU)~.M(E?E-w+r6L(ExgM~qDzJi/#|G6L(E<u"\mMj<E"Dnw*
"<_#
zR2+z9(National Security Agency ,NSA)@z~.Y=D2+zX#
2J3
z\T(confidentiality );+E"96x4Z(=DXT#
y>`kfr(Basic Encoding Rules ,BER)Z ISO 8825P8(DCZT}]%*`kDfr,C}]%*GCiso(m>( 1(ASN.1)4hvD#
fr8(`k<ux;Giso(#
44 f> 3 "Pf 7.1
S\(encrypt )rRE"3r,by9C;PG)5PJ1Db\zkDKE\(}b\q!-<E"#
S\/b\(encryption/decryption )
9CSU=D+C\?*KKS\}],xSU=9CdTD(C\?4bk}]#
r%J~+M-i(Simple Mail Transfer Protocol ,SMTP)ZrXxO*FgSJ~D;V-i#
;f$w(cross-certification )
EN#=,yZ|;v CA *m;v CA )"$i,C$i|,k(C){\?`%dD+C\?#;f
$wD$iJm;v\mrODM'z53rUK5eITkm;vrODM'z53rUK5e2+(
E#
b\(decrypt )CZ7zS\}L#
2K3
*E=}]b,S(Open Database Connectivity ,ODBC);VCJ;,}]b53Dj<#
*E53%,(Open Systems Interconnect ,OSI)IzJj</i/K<DFczxgj<{F#
IEFczy!(trusted computer base ,TCB)2,5)i/Fcz2+T_TDm~M2~*X#0l2+T_T5)D*Xr*XD;?VG2+T
`XDrG TCB D;?V#TCB GI2+T6'<xDTs#5V2+T_TDzFXkG;IFPD,
Xk\h9LrqCT4Z(D53X(DCJ#
M'z(client)(1);vSU4T~qwD2m~qD&\%*#(2);vFczr_Lr,|ksm;vFczr_
Lr*|~q#
M'z/~qw(client/server )V<=&mPD#M,Zbv#MP&Z;v>cDLrTm;v>cDLr"vks"RH}|Dl
&#RGQksLrF*M'z;xQl&=F*~qw#
2L3
`(class)ZfrTsDhFM`LP,;i2m+2(eRrK22m+2XT"YwMP*DTs#
`M(type)kNDTs`M(object type)#
4i$(chain validation )ZENcNa9PTZyP CA ){Di$,(}|)";v8(D$i#}g,g{m;v CA *;v
CA )"K)p$i,G4=v){ZC'a;$ii$1<hi$#
/@w(browser )kND Web /@w(Web browser)#
45Tivoli PKI "aPD@f8O
Jcm
/@w$i(browser certificate )
}V$i,2F*M'zK$i#|GI CA (}tC SSL D Web ~qw4)"D#S\D~PD\?
9$iVP_ITS\"b\M)p}]#dMDiv,Web/@wf"b)\?#;)&CLrJmZG
\(rd|iJOf"\?#m{}V$i(digital certificate)#
2M3
@zzRj<-a(American national standard Institute ,ANSI)G@zD;vi/,|F(;OIDi/Z4(M,$GY=$5j<1yqXD}L#|Izz_"{
Q_M;c{f/EiI#
@zzRE";;j<zk(American National Standard Code for Information ,ASCII)Z}]&m53"}](E53M`Xh8PxPE";;yICDj<zk#ASCII V{/I 7 ;`kV
{(8 ;|,;;f<#i)iI#V{/|(XFV{M<NV{#
\k==(cryptographic )XZ*;}]T~Xd,eD==#
\ku(cryptography )ZFcz2+TP,CZS\wDMb\S\D>D-m"=(MVN#
\?(key)\kuP9CDCZ`kMbkD?#
\?8]kV4(Key Backup and Recovery )Tivoli PKI D&\,9z\8]MV4nU5e$i0dI Tivoli PKI O$D`&+CM(C\?#$iM
\?f"Z PKCS #12D~P#CD~\\k#$#8]$iM\?1+hC\k#
\?T(key pair)ZGTF\kuP9CD`&D\?#;v\?CZS\xm;vCZb\#
wkD>(cleartext )4S\D}]#wD(plaintext),eJ#
wD(plaintext )4S\D}]#wkD>(cleartext)D,eJ#
#=(schema)k Directory `X,(e;,Ts`M.dX5DZ?a9#
#}(modulus )Z RSA +C\k53P,=vsX}(p M q)DK}(n)#RSA #}DnQs!!vZ2+Th*##
}=s2+T=_#10D RSA 5iR(iD\?s!&!vZT\?DF.9C:vK9C* 768;,
+>9C* 1024;,x+*X*D\?(g CA D\?T)r* 2048;#AYZ 2004jT0,768;
D\?;O*G2+D#
?j(target)8(Dr!(D}]4#
2N3
Z?a9(internal structure )
kND#=(schema)#
46 f> 3 "Pf 7.1
Z?x(intranet )s5Z?Dxg,(#;Z@p=.s#|GTrXxDIz"9C`FD<u#S<uO5,Z?xv
vGrXxD)9#HTML M HTTP G|GD;)2,c#
2P3
>$(credential )ZO$;;PCZ$wvKm]Dz\E"#ZxgFc73P,n#{D>$`MGQI CA 4(M)p
D$i#
2Q3
)p(sign)9CzD(C\?zI){#){Gi$zGIE5D;V==,RK<}Z)pD{"#
)p/i$(signing/verifying )
)pG9C(C}V\?zI){#i$G9C`&D+C\?i$){#
a?6?<CJ-i(Lightweight Directory Access Protocol ,LDAP);vCZCJ Directory D-i#
ksj6(request ID);v 24 = 32 V{D ASCII 5,|\(;j6T RA D$iks#C5IT&CZ$iksBqP,T
lwCksD4,r`X*D$i#
2R3
O$(authentication )I?X7((E=m]D}L#
O$PD(certificate authority ,CA);Vm~,:pq-i/2+T_TMT$iN=8(2+gSm]#CA &m4T RA DksT)""|
BM!{$i#CA M RA ;%$wTZ DirectoryP"<$iM CRL#m{}V$i(digital certificate)#
2S3
}X DES(triple DES)}NTwDS\DTFc(#d;fZm`==I5ZK?D,+`XS\Dn2+N=Gx}v`l\
?D}X DES#
L5wLTs(business process objects )
;5PCZ5VX("aYwDzk,}gliGGks4,ri$+C\?Q"M#
L5wL#e(business process template )
48(3rKPD;5PL5wLTs#
sF~qw(Audit server );v Tivoli PKI ~qw,|SsFM'zSUsFB~,"+d4ksFU>#
sFzY(audit trail )}]T_-76DN=44SB~rP#sFzY'VBqrx(n/Dz7DzY#
sFM'z(audit client )53PC4"MsFB~x Tivoli PKI sF~qwDNNM'z#ZsFM'z"MB~xsF~qwT0,
|HksF~qw(",S#,S("s,M'z9CsFS53M'zbxsF~qw+ME"#
47Tivoli PKI "aPD@f8O
Jcm
sFU>(audit log )Z Tivoli PKI P,|G}]bPD;vm,+?vsFB~f"*;uG<#
sFS53(audit subsystem )
Z Tivoli PKI P, *G<2+T`XYwa)'VDS53#|{O*pZ~qz5D+C\?\kuDj
</PDj< X9.57 FvZ]#
5}(instance )Z DB2® P,5}Gf"}]MKP&CLrD_-}]b\m73#|Jm*`}]b(e;i+2Dd
CN}#
Bqj6(transaction ID )I RA a)Dj6,Tl&$"aGGks#|9C'\KP Tivoli PKI M'z&CLr4qC$Hz<
D$i#
X$Lr(daemon);vZs(&mNqDLr#1vVh*|ozDiv1,53+a~=wC|#C';h**@X$L
r,r*|(#GI53T/zzD#X$LrI\@6Gn/D,r_|adtXXBzI#
uo("t* demon)4Tq0#s4,|;]mbM*WV8uTJ DAEMON:Disk And Execution
MONitor#
Z((authorization )CZCJJ4DmI(#
}]f"b(Data Storage Library ,DL)w*;v#i,|a)T$i"CRL"\?"_TMd|k2+T`XTsDVC}]f"DCJ#
}]S\j<(Data Encryption Standard ,DES)w*}=Dj<,Z 1977jI@z~.(eMz<DVi\kS\c(#nuI IBM *"#TS DES+
<T4C=Kc:DP?,VZ|QI*Zy\*"Rc:9CD\k53#
DESG;vTF\k53#1|CZ(E1,"M=MSU=Xk5P,;v\?#C\?CZS\Mb\
{"#DES 2ITCZ%C'DS\,}gTS\Dq=QD~f"=2LO#DES P 64 ;Dis!,
|ZS\Zd9C 56 ;\?#|-H*2~5VxhF#NIST ?tejXBO$;N DESw*@z~.
Y=DS\j<#
}V){(digital signature );vmS=D5r_}]D`k{",|7#K"M=Dm]#
}V){ITa)Hom){|_6pD2+T#bGr*}V){;GS\{Fr;5Pr%Dj6z
k#|z.TQ)p{"DS\**#by,Z{"O=S}V){ITa)"M=DLPj6#(;P"
M=D\?EIT4(C){#)|,y9L(KQ)p{"DZ](S\D{"**XkM{"DZ]`
%d,qr){+^')#by,}V){M^(S{"P4F"R&C=m;v{"P%,r***r"
PE"+;%d#NNTQ)p{"DD/<a9){^'#
}V){c((Digital Signature Algorithm ,DSA)+C\?c(,Cw}V){j<D;?V#|^(CZS\x;\CZ}V){#
}V$w(digital certification )
kND$w(certification)#
}V$i(digital certificate )
IEDZ}=)"xvKr5eDgS>$#?v$iC CA D(C\?4)p#|xpvK"L5r_i
/Dm]#
y] CA DG+,$iIT$5VP_ZrXxOxPgS;WD(^#Z3VbeO,}V$i`FZ]
;mI$r_='D>#|O$K5P`&(C\?DVP__P-*3)gSLqn/D(^#
$i|,dO$D5eDE",^[GK1"zwrFczLr#||,C5eDQO$D+C\?#
48 f> 3 "Pf 7.1
fz}(nonce)I~qwr&CLr"vDV{.,|*sC'Z(#C'C(C\?4)pfz}#C'D+C\?M
)pDfz}"MXAksZ(D~qwr&CLr#;s~qw"TCC'+C\?4bkQ)pDf
z}#g{fz}Dbka{k"MD-~;y,rCC';O$#
m@(tunnel)Z VPN <uP,(}rXx("Dks~qibc=c,S#;),S,6LC'\9Cm@kZ+>D
(CxgO~qw;;2+"S\Mb0DE"#
2T3
3;J4(;w(Uniform Resource Locator ,URL)CZrXxJ4`7D;V=8#URL 8(-i,wz{r IP X7#,12|,KCJX(zwDJ4y
hDKZE"76MJ4j8E"#
2W3
b?x(extranet)9CMrXx`FD<uDIzzo#ws+>}*<TKM"oiMZ?K1`vEe&C Web "<"
gS;W"{"+MM:~#
j{T(integrity )#$}]j{TD53,h94Z(D^D(;,Z#$}]Dz\T,h94Z(D96)#
j{Tli(integrity checking )
TIb?i~-,Bq&mzzDsFG<Dli#
r,x(World Wide Web ,WWW)Z|,,=eDODFcz.diIxg,SDG?VrXx#b)JOa)E""a)=r,xMrX
xPd|JOD4S#RGIT(} Web /@wLrCJr,xJ4#
xX(gateway);V&\%*,Jm%;f]Dxgr&CLr%`xP(E#
D5S\\?(document encrypting key ,DEK)dMX,D5S\\?G;TTFDS\/b\\?,}g DES#
D~+d-i(File Transfer Protocol ,FTP)rXxM'z/~qw-i,CZZFcz.d*FD~#
2X3
{"O$zk(message authentication code ,MAC)"M=MSU=d2mD#\\?#"M=O$,xSU=i$#Z Tivoli PKI P,MAC \?fEZ CA
MsFi~D KeyStoreP#
{"**(message digest )S\Nb$HD{";szIL($HD?D;If&\#MD5 MG;V{"**c(#
!~qLr(servlet);V~qwKDLr,xh'V JavaD~qwT=S&\#
!&CLr(applet)GC Java`4DFczLr,IKPZk Javaf]D Web /@wP#2I1w Java!&CLr#
49Tivoli PKI "aPD@f8O
Jcm
-i(protocol )Fcz.d(ED;B<(#
EN4(trust chain );i$i,ISC'$i=yrT)p$iDIEcNa99I#
EN#M(trust model )\mO$PDgNO$d|O$PDDa9<(#
ENr(trust domain );i5e,|GD$iI`,D CA O$#
ib(Cxg(Virtual Private Network ,VPN)9CrXxx;Gg0_4("6L,SD(C}]xg#r*C'(}rXx~qa)Lx;Gg0+
>CJ+>xgJ4,i/ITs?uY6LCJI>#VPN 9v?K}];;D2+T#Z+3D@p=
<uP,{"Z]ITS\,+G;ITS\?DX7M4X7#Z VPN <uP,C'IT(";v(@
,S,dP{vE"|(Z]M(7)<xPS\Mb0#
2Y3
Q)"$iPm(issued certificate list ,ICL)Q)"D$i0|G104,DjIPm#$iGIrPEM4,4w}D#KPmI CA ,$,"#fZ
CA }]bP#
l=(E(asynchronous communication )
;h*"M=kSU=,=D(E#=#
rXx(Internet)|G@g6'Dxg/O,Ta)Fcz.dDgS,S#9|GIT(}nggSJ~r Web /@wH
m~h84`%(E#}g:;)s'hPT:Dxg,(}k`Fxg4S,i(I3;DrXx#
rXx$LNqi/(Internet Engineering Task Force ,IETF)Y]M*"rXx-iD;vi#|zmK|(xghF_"Yw_")&LMP?1ZZDzJi/#
IETF f0=rXxe5a9D*"MrXxD3{9C#
C'O$(user authentication )
CZi$3v{"D4w_GC{"IxpRO(DyP_#|9i$z}ZkZ{DUKC'r53x
P(E#
$"a(preregistration )Z Tivoli PKI P,Jm;vC'(dMDG\m1)GGd{C'#g{ks;z<,RA a)E",Jm
C'ZTs9C Tivoli PKI M'z&CLrqC$i#
r(domain)kND2+Tr(security domain)M"ar(registration domain)#
2Z3
v?#\TJ~(privacy-enhanced mail ,PEM)IrXxe5a9DhF_(IAB)ICDrXxv?#\TJ~j<4#$rXxOgSJ~#PEM -i
a)KS\"O$"{"j{TM\?\m#
>c$i(site certificate )`FZ CA $i,+GvCZ8(D Web >c#m{ CA $i(CA certificate)#
50 f> 3 "Pf 7.1
$w(certification )IEDZ}=)"CZ##vK"L5ri/m]DgS>$D}L#
$i_T(certificate policy )fr|{/,|mw$iT_P+22+ThsD&CLrX(`DJCT#}g,$i_TI\amw
X(D$w`MGqJmC'Z;vx(D[q6'ZxP;W#
$i7zPm(certificate revocation list ,CRL)O$PDQ7zDT}V)pRjP1dAGD$iPm#ZPmPD$i&1O*;IS\#m{}V
$i(digital certificate)#
$iE*D~(certificate profile )
(eyh$i`MD;iXT(}g:SSL$ir IPSec$i)#E*D~oz\m$if6M"a#"P
LIT*ksPD$i|DE*D~{FM8(XT,}gP'Z"\?C(M DN <xHH#
$i)9(certificate extension )
X.509v3$iq=DI!&\,|a)Z$iP|,=SVN#|_Pj<)9MC'T(e)9#j<)
9*wV?DxfZ,|,\?M_TE""wbM"PLtT"T0O$76<x#
G\((smart card );if"C'}V\?D2~,dMD;PEC(s!#G\(ITIC\k#$#
"a$_(registration facility )
;v Tivoli PKI &CLrr\,*GG5e(}g:/@w"7Iw"gSJ~M2+M'zLr)a)(
CVN"RZ{vP'ZZ\m$i#
"a}L(registration process )
Z Tivoli PKI Pi$C'm]D=h,Sx9C'Md+C\?CTO$"NkBq#C}LITG>Xr
GyZ Web D,|ITT/xPrK$;%4\m#
"a}]b(registration database )
|,K$iksMQ)"$iDE"#C}]bf"KGG}]M{vP'ZPDT$i}]|D#}]
bII RA }LM_TvZr"a14|B#
"ar(registration domain )
;iMX(D$iGG}L`XDJ4"_TMdC!n#Cr{G URL D;vS/,CZKP"a$_#
"a1(Registrar )QZ(CJ RA @fDC',{\\m$iMks$i#
"aPD(RA);V\m}V$iDm~,|7#SGGksDnuSU=$i7zZdi/DL5_T<CT&C#
(C\?(private key )(C/+C\?TP;T\?yP_P'D\?#9yP_\SU=KDBq&mrxP}V){#9C
(C\?)pD}];\I`&D+C\?4i$#kTU+C\?(public key)#m{+C/(C\?T
(public/private key pair)#
(P`kfr(Distinguished Encoding Rules ,DER)a)Z BER OD<x#DER SG)`kfrJmD`k`M(E}yP"M=!n)P!qD;V`M#
(P{F(distinguished name ,DN)f"Z Directory PD}]nD(;{F#DN (;Xj6 Directory DcNa9PDu?D;C#
VZk(bytecode )I Java`kwzI,RI JavabMw4PDkzw`M^XDzk#
51Tivoli PKI "aPD@f8O
Jcm
nU5e(end-entity )|G$iwb,+;G CA#
}V
4758 PCI Cryptographic Coprocessor;VI`LD,Ifl&D PCI \_S\(,C(a)_T\D DESM RSA S\&m#S\}LZ(D
2+bGZ"z#K(Oq{O FIPS PUB 140-16p 4 j<#m~ITZ2+bGZKP#}g,EC
(;W&mI9C SET™ j<#
A
ACLCJXFm#
ANSI@zzRj<-a(American National Standards Institute)#
ASCII@zzRE";;j<zk(American National Standard Code for Information Interchange)#
ASN.1iso(m>( 1(Abstract Syntax Notation One)#
B
base64 `k(base64 encoding )IC MINE +M~xF}]D+2=(#
BERy>`kfr(Basic Encoding Rules)#
C
CAO$PD(Certificate Authority)#
CAST-64;v9C 64 ;i$M 6 ;\?DVi\kc(#GI Carlisle AdamsM Stafford TavareshFD#
CA cNa9(CA hierarchy )Z Tivoli PKI PDENa9,|D%KP;v CA,Z|DBfP`oDcDS CA#1 CA "aC'r
~qw1,C'M~qw+U=C CA )"D$i"+LPdOcD$wcNa9#
CA ~qw(CA server)CZ Tivoli PKI O$PD(CA)i~D~qw#
CA $i(CA certificate )ZzDksB,Web/@wS|^(6pD CA S\D$i#;s/@w9CC$iO$kVP CA )"
D$iD~qw.dD(E#
CCAIBM +2S\e5a9(IBM Common Cryptographic Architecture)#
52 f> 3 "Pf 7.1
CDSA+2}]2+Te5a9(Common Data Security Architecture)#
CGI+2xXSZ(Common Gateway Interface)#
CRL$i7zPm(Certificate revocation list)#
CRL "<1ddt(CRL publication interval )hCZ CA dCD~P,(Z"< CRL = Directory D1ddt#
D
DEKD5S\\?(Document encrypting key)#
DER(P`kfr(Distinguished Encoding Rules)#
DES}]S\j<(Data Encryption Standard)#
Diffie-HellmanZ;I?iJO("2m\?D=(,T"w_(Diffie M Hellman)|{#
Directoryk(E`XDCZE"+VJ4b(}ggSJ~r\k;;)DcNa9#Directory f" PKI a9yX
hDX(n?,|,+C\?"$iM$i7zPm#
DirectoryPD}]GTwDN=Vc\m,wD%KMGDy#(#O_cNDi/zm@"DzRrXx"
~.r+>#?CwD6Zc#CZm>C'Mh8#b)C'"i/"yZX"zRrXxT0h8<
PwTDu?#?v5eI_8`MDtTiI#b)a)K5eyzmTsDE"#
DirectoryPD?vu?<s(=X*D(P{F(DN)#TZV5@gPDTs,15e|(DtT(;1,
b2G(;D#<GTBD>} DN#dP,zRrXx(C)G US,i/(O)G IBM,i/?E(OU)
G Trust,T0+2{F(CN)G CA1#
C=US/O=IBM/OU=Trust/CN=CA1
Directory ~qw(Directory server )Tivoli PKI P,IBM SecureWay® Directory#Directory 'V LDAP j<"9C DB2 w*|Dy!#
DL}]f"b(Data Storage Library)#
DN(P{F(Distinguished name)#
DSA}V){c((Digital Signature Algorithm)#
F
FTPD~+d-i(File Transfer Protocol)#
53Tivoli PKI "aPD@f8O
Jcm
H
HTML,D>jGoT(Hypertext Markup Language)#
HTTP,D>Bq&m-i(Hypertext Transaction Protocol)#
HTTP ~qw(HTTP server){C/@wMd|LrZxgP&myZ Web (ED~qw#
I
ICLQ)"$iPm(Issued certificate list)#
IniEditorZ Tivoli PKI P,CZ`-dCD~D$_#
IPSecI IETF *"D;VrXx-i2+Tj<#IPSecGxgc-i,CZa)\k2+T~q,|TO$"
j{T"CJXFMz\TDiOa)inD'V#r*|?sDO$&\,m` VPN z7)&LIC|
w*-iT("ZrXxOD2+cTc,S#
ISOzJj</i/(International Standards Organization)#
ITUzJgE*K(International Telecommunication Union)#
J
JavaI SUN Microsystems, Incorporated*"D;5PyZxgDg=(Fcz<u#Java73I Java OS";
,=(Dibz"frTsD Java`LoTM8v`b9I#
Java `(Java class )JavaLrzk%*#
Java !&CLr(Java applet )kND!&CLr(applet)#kTU Java&CLr(Java application)#
Java ibz(Java Virtual Machine ,JVM)JavaKP173PD;?V,:pbMVZk#
Java &CLr(Java application )9C JavaoT`4D@"Lr#|KPZ Web /@w73.b#
Java oT(Java language );V`LoT,GI SUN Microsystems*Z!&CLrMzmLr&CLrP9CxhF#
K
KeyStoreTS\q=f" Tivoli PKI i~>$(}g\?M$i)D DL#
54 f> 3 "Pf 7.1
L
LDAPa?6?<CJ-i(Lightweight Directory Access Protocol)#
M
MACE"O$zk(Message authentication code)#
MD2;VI Ron RivesthFD 128 ;{"**"P/}#|Z PEM -iPk MD5 ;p9C#
MD4;VI Ron RivesthFD 128 ;{"**"P/}#Z4PYHO,MD4 *H MD2 lC86#
MD5;VI Ron RivesthFD%r{"**"P/}#bG MD4 DDxf>#MD5 }LT?i 512 ;(V
I 16 v 32 ;Si)dkD>#Kc(DdvG;iDv 32 ;Di,b)i,SINI;v%@D 128
;"PE"5#|2ITZ PEM -iPk MD2 ;p9C#
N
NISTzRj<M<u-a(National Institute of Standard and Technologe),T02F* NBS(zRj<V)#
|YxKyZFczDz5*Ej<M%CT#
NLS>XoT'V(National language support)#
NSAzR2+z9(National Security Agency)#
O
ODBC*E=}]b,S(Open Database Connectivity)#
OSI*E53%,(Open Systems Interconnect)#
P
PC ((PC card)`FZG\((smart card),2F* PCMCIA (#HG\(sR&\|?#
PEMv?#\J~(Privacy-enhanced Mail)#
PKCS+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #1kND+C\?\kuj<(Public Key Cryptography Standards)#
55Tivoli PKI "aPD@f8O
Jcm
PKCS #7kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #10kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #11kND+C\?\kuj<(Public Key Cryptography Standards)#
PKCS #12kND+C\?\kuj<(Public Key Cryptography Standards)#
PKI+C\?y!a9(Public key infrastructure)#
PKIXyZ X.509v3 D PKI#
PKIX CMPPKIX $i\m-i(PKIX certificate management protocol)#
PKIX l}w(PKIX listener )IX(DGGr9CD+C HTTP ~qw,C4l} Tivoli PKI M'z&CLrDks#
PKIX $i\m-i(PKIX certificate management protocol ,CMP)5Vk PKIX `]&CLrD,SD-i#PKIX CMP 9C TCP/IPw*|Dw*+MzF,+GZWS
VOP;visc#|5VT=SV/+MD'V#
R
RA"aPD(Registration authority)#
RA ~qw(RA server)CZ Tivoli PKI "aPDi~D~qw#
RA @f(RA Desktop );v Java!&CLr,T<Ngfa) RA 4&m>$ksM\m|GD{v9CZ#
RC2Id\?s!i\k,GI Ron Rivest* RSA }]2+TxhFD#RCzm Ronzk r Rivest\k#
|H DES|l,RhFw* DESD0kf;#yZnY\?Qw_T,(}9CJ1D\?s!,RC2I
TH DES |2+,2IT|;2+#|P;v$ 64 ;Di,Zm~KPP*H DES s<l==}6#
RC2 ITCk DES `,D==9C#
m~vfL-a(SPA)M@z~..dD-(7(K RC2DXbX;#b9CZvZz<}LH(#D\
kz7vZ}L|r%|lY#;x,*zclYvZz<Jq,z7Xk^F RC2 \?s!* 40 ;,
1;2P}biv#IT9C=SDV{.4h9;)%w_,{GT<$HFcCI\S\DsMi/
m#
RSAT"w_(Rivest"ShamirM Adelman)|{D+C\?\kc(#|CZS\M}V){#
56 f> 3 "Pf 7.1
S
SET2+gS;W(Secure Electronic Transaction)#
SGMLj<(CjGoT(Standard Generalized Markup Language)#
S/MIME'V)pMS\ZrXxO+dDgSJ~D;Vj<#kND MIME#
SMTPr%J~+M-i(Simple Mail Transfer Protocol)#
SSL2+WSVc(Secure Sockets Layer)#
T
TCP/IP+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol)#
Tivoli PKI'V}V$iD"P"|BM7zD/I IBM SecureWay2+Tbv=8#b)$iITZ\s6'ZD
rXx&CLrP9C,a)TC'O$M7#IE(ED=(#
TPEN_T(Trust Policy)#
U
UnicodeI ISO 10646(eD 16 ;V{/#UnicodeV{`kj<GE"&mD;VzJV{zk#Unicodej<
|,@gODw*DV,"a)Km~zJ/M>X/Dy!#Java`L73PDyP4zk<T Unicode
`4#
URL3;J4(;w(Uniform Resource Locator)#
UTF-8;V*;q=#|9;\&m 8 ;V{/DE"&m53\+ 16 ; Unicode*;* 8 ;H'zk,"R
Y4r*;x;ap'E"#
V
VPNib(Cxg(Virtual Private Network)#
W
WebSphere ™ Application ServerIBM z7,ozC'*"M\m_T\ Web >c#|r/KSM6D Web "<=_6gSLq Web &
CLrD*;#WebSphere Application ServerI@"Z Web~qw0dBcYw53DyZ JavaD!~
qLr}f9I#
57Tivoli PKI "aPD@f8O
Jcm
Web ~qw(Web server)~qwLr,|lp4T/@wLrDE"J4ks#m{~qw(server)#
Web /@w(Web browser )KPZ(= PCzDM'zm~,9C'\/@r,xr>X HTML 3f#bG;vlw$_,|a)T
WebMrXxPIC,=eDODsM/OD(CCJ#P)/@wITT>D>M<N,xP)v\T>
D>#s?V/@wI&mrXx(E(}g FTP Bq)Dw*m%#
X
X.500I%,Fcz53)P5V`?D"V<=M?<4F~qDj<#IzJgE*K(ITU)(4T0Dz
Jg(g0I//1a CCITT)"zJj</i/MzJg/'/1a(ISO/IEC)*O(e#
X.509 f> 3 $i(X.509 Version 3 certificate )X.509v3$i_PC4f"Mlw$i&CLrE""$iV"E""$i7zE""_TE"M}V){
D)d}]a9#
X.509v3}L*yP$i4(P1dAGD CRL#?N9C$i1,X.509v3D\&Jm&CLrli$i
DP'T#|9Jm&CLr47(C$iGqZ CRL O#I*X(P'Z9l X.509v3 CRL#|G2I
yZd|I\9$i^'D73#}g,g{M1k*i/,d$i+E= CRL P#
X.509 $i(X.509 certificate );c:S\D$ij<,C4(}2+rXxxg'V2+\mM}V)p$iDV"#X.509 $i(e}
]a9,a)V"IIEDZ}=}V)pD+C\?D}L#
58 f> 3 "Pf 7.1
w}
[A]2+&CLr 3
20 RA @f 8
[B]8],\? 27
XAA_ ix
mq
Ywz7 14, 35
i/a{ 12, 32
w3 13
TPEr 15
tT 14, 35
uE;P 15
!qG< 16
mG<,!q 15
[C]N<wb 29
Ywz7
mPDP 34
i4 14
B~ 35
i/
i4 12
&mZdD4! 12
y]I|BT 31
y]\?V44, 30
y]ks4, 29
''D$i 11
a; 10
$(e 32
}ZszDks 11
'VD!~qLr 28
<8 10
VN 29
i/a{
Yw 16, 18, 19
i4Ywz7 14
i4i/a{ 12
i4tT 14
i/a{ (x)
w3 13
\?V4 11
hClw^F 12, 31
''D$i 11
^F?3DG< 12
!qG< 16
Tj8E"T> 14
}ZszDks 11
w*PmT> 12, 32
i/!n( 29
7zD-r 34
7z,-r 34
XB$n$i 34
XBdC RA @f 9
vfo
hv ix
Tivoli 2+Tz7 x
}% RA @f 21
&mZdD4! 12
&mtT 35
[D]GGks
Ywz7 35
GGm% 23
liks4, 8
@@ 24
}]bG< 25
CZlwDVN 29
I RA &m 16
I RA bv 3
$"a 23
}Zsz 11
"a1 6
4, 37
T/@@ 24
Web /@w'V 23
GGksP'Z 25
GGtT 35
GG Web 3f
CJ 6
9C 23
9CPD CA $i 6
59Tivoli PKI "aPD@f8O
w}
GG Web 3f (x)
CZ9CD CA $i 26
gSJ~(* 6
A_ ix
`v"a1 28
[F]"<$i 20, 27
CJXFm 28
CJ RA @f 5, 10
{O PKIX D&CLr 25
~qw$i 26
[G]Ev
"a1G+ 3
Tivoli PKI 1
E*D~,ks 18, 28
XZ>8O ix
[H]V4$i 27, 34
V4,\? 11
[J]$n]RD$i 20
G<,!q 15
lw^F
hC 12
!n 32
|L,sjD8CYw 38
;f$w 25
a{D3fs!
hC 12
!n 32
a{!n( 32
xHu 38
[K]I|BT 19, 27
M''V x
b,Tivoli PKI Web >c ix
m^Z,$i 27
[L]Pjb
Ywz7m 14
i/a{m 12
tTm 14
Pm!n(
i43f 13
?3G<} 12
P5
Ywz7m 34, 35
i/a{m 32
tTm 34, 35
/@w 6
$"a=8 23
'VD 23
<8 5
URL 6
/@w$i 6, 10, 26
/@w'V 23
[M]?3DG<,a{!n( 32
?3G<},a{!n( 12
\?96 34
\?,8] 27
\?,V4 11, 27
[Q]t/ RA @f 10
0TE" ix
ksj6 6, 8
ksE*D~ 18, 28
kstT 35
60 f> 3 "Pf 7.1
[R]O$ 28
O$PD 25
Uz 11
UZ,8( 11
[S]Lq&md? 17
h8$i 26
9C RA @fD<8 5
}]bG<
i/ 10
hC?3D}? 12
tT 25
^Flw 12
!qYw 16
CZlwDVN 29
I RA &m 3
$(ei/ 32
tT,}]bG< 25
tT,$iMks
i4 14
|D5 17
ksr$i 35
Lq&md? 17
^D 14
$i)9 36
[T]aJ&p 6, 8
Kv RA @f 21
[W]D~mI(,"a1 8, 16
[X]j8E"!n( 34
-i 25
-i,Directory CJ 25
96D\? 34
6X RA @f 21
mI( 33
mI( (x)
TZrPDYw 16, 20
q!r 8
lir 20
!n(oz 38
!n(,RA @f
oz 38
i/!n( 10, 29
+2Xw 38
a{!n( 12, 32
j8E"!n( 14, 34
F/ 15
[Y]I"a1Yw
#Vks}Zsz 18
7z$i 19
"<$i 20
|DI|BT 19
|DP'Z 17
K<\?V4ks 18
K<ks 18
q!4! 12
\x\?V4ks 19
\xks 19
\mIDr 20, 33
hCksE*D~ 18
mS"M 18
^DtT 14
P'Z 17, 28, 36
$"a 23
Nq=8 23
r,"a 24
<( x
[Z]]R$i 27, 34
]R,$i 19
**
9CD<( x
}ZszD\?V4ks,lw 11
$w 25
cNa9 25
;f$w 25
$i 25
Ywz7 14, 35
v> 10
61Tivoli PKI "aPD@f8O
w}
$i (x)
"< 20, 27
}ZD 11
V4 20
I|B 26
I|BT 19, 27
`p 25
`M 36
ks 3
jk/@w 6
}]bG< 24
j8E" 34
CZ9CGG~q 6, 26
P'Z 17
KP RA @f 6
]R 19
}ZxPD\m 28
}ZszDks 11
(P{F 25
4, 37
$i7zPm 25
$iD'' 11, 17
$i)9 26, 36
$i`M 36
$i?D 36
$itT 14, 35
$iP'Z 25, 26
'V RA @fD!~qLr 28
'V,Tivoli M' x
"a 24
Yw 33
_T 24
Nq,"a1 3
&CL5_T 24
CZ 3
T// 3, 24
Web /@w'V 23
"aG< 25
i/ 10
hC?3D}? 12
tT 25
^Flw 12
!qYw 16
CZlwDVN 29
I RA &m 3
$(ei/ 32
"a}]b 3, 24
"ar 6, 8, 24, 28
"a1
Yw 33
YwDz7 14
Ywz7 35
"a1 (x)
GG 6
T"a}]bD0l 25
`v"a1 28
CJ RA @fD$i 6
XZYwD"M 18
liGG4, 8
G+ 3
rDmI( 20, 33
'VNqD!~qLr 28
T/4PNq 3, 24
"a1D(^ 8
"aPD 24
(P{F 25
4,
i4 14
10 29, 37
5 37
4,xr 38
VNoz 38
VN,RA @f
oz 38
Zi/!n(O 29
Za{!n(O 33
Zj8E"!n(O 34
[XpV{]0gNYw1wb 5
0`XE"1wb 23
CCA cNa9 25
CA $i 6, 26
CRL,V4$i 20
DDB2 24
Directory CJ 25
IInternet Explorer
"Pf 38
62 f> 3 "Pf 7.1
Internet Explorer(x)
1!$i 10
LLDAP -i 25
PPKCS #10ks$i 26
RRA @f
20 8
XBdC 9
CJ 10
CJGG 6
(^ 8
Kv 21
6X 21
'VD!~qLr 28
<89C 5
RA @fDoz 29
TTivoli
2+\m Web E" x
Customer Support x
Tivoli PKI
Web E" x
UURL
GG Web 3f 6
"ar 24
Tivoli PKI b3f ix
Tivoli PKI w3 ix
WWeb /@w 6
$"a=8 23
'VD 23
<8 5
URL 6
Web /@w'V 23
Web 3f,GG
CJ 6
9C 23
9CPD CA $i 6
CZ9CD CA $i 26
Web >c
2+\mE" x
Tivoli 2+Tz7 x
Tivoli Customer Support x
Tivoli Public Key Infrastructure x
XX.509v3 $i)9 26
63Tivoli PKI "aPD@f8O
w}
Recommended