Tivoli Public Key Infrastructurepublib.boulder.ibm.com/tividd/td/PKI/SH09-4530-03/zh_CN/PDF/... · 0T..... ix >8ODA_..... ix

Tivoli ® Public Key Infrastructure"aPD@f8O

f> 3 "Pf 7.1 SB84-0416-00

Tivoli ® Public Key Infrastructure"aPD@f8O

f> 3 "Pf 7.1 SB84-0416-00

Tivoli Public Key Infrastructure "aPD@f8O

f(yw

Copyright © 1999, 2001 by Tivoli Systems Inc., an IBM Company, including this documentation and all software. All rights

reserved.vI@U Tivoli Systemsm~mI$-i9C,r_w* IBM M'-irmI$-iPX Tivoli z7D=<9

C#4- Tivoli SystemsBHifmI,{9TNNN=rNNVN(gSD"z5D"E'D"b'D"/'D"K$D

HH)T>iDNN?VxP4F"+%"*<"f"Zlw53Pr-kINNFczoT#Tivoli SystemsZhzFwv

)zT:9CD2=4rNNICFcz&mDD5DP^mI,0aG?vbyD4F7y&XP Tivoli +>Df(y

w#4- Tivoli SystemsBHifmI,;Zhf(PDd|({#>D5;G*zz<8D,"RGT0vK4,1Dy

!a)D,;PNNN=D#$#

rKT>D5;wNN#$yw,|(JzTMJCZ3X(C>D#$#

Lj

TBz7{FG Tivoli Systems Inc.rzJL5zw+>Z@zM/rd|zRrXxDLj:AIX"DB2"DB2"Universal

Database"IBM"RS/6000"SecureWay"Tivoli M WebSphere#

Tivoli PKI Lr(0Lr1)|(?V IBM WebSphere&CLr~qwM?V IBM HTTP Web ~qw(0IBM ~q

w1)#}G!CKLrDmI$sE\9C,qrz^(20r9C IBM ~qw#IBM ~qwMLrXk$tZ,;zw

P,z^(ZkLrVkDivB%@20r9C IBM ~qw#

Lr|(?V DB2 (C}]b#}G!CKLrM IBM WebSphere&CLr~qwDmI$sE\9C,"RLrM

IBM WebSphere&CLr~qwGCZ|GyzIr9CD}]Df"M\m,xGCZd|}]\m?D,qrz^(2

0M9Cb)i~#}g,KmI$;|(Sd|&CLr=}]bDCZi/r(mzIDk>,S#z;P(ZLry

ZD,;(zwO20M9Cb)i~#

Microsoft"Internet Explorer"Windows"Windows NTM WindowsUjG Microsoft CorporationDLjr"aLj#

UNIX GZ@zMd|zRrXxI The Open Group@Rd"D"aLj#

JavaMyPyZ JavaDLjrUjG Sun Microsystems,Inc.DLj#

PentiumG Intel CorporationZ@zMd|zRrXxD"aLj#

KLr|,4T RSA Date Security, Inc.D2+Tm~#Copyright © 1994 RSA Data Security, Inc. All

rights reserved.

KLr|,4T Hewlett-Packard Companyj<#eb(STL)m~#Copyright (c) 1994.

¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5CZNN?DP*bQZkmI,+0aGTOf(yw

XkvVZyP1>P,"Rf(ywMKmIyw<XkvVZ'VD5P#Hewlett-Packard Company;TNN?DT

Km~DJOT"mNN4(#Km~GT0vK4,1Dy!a)D,;=Pw>r,>D#$#

KLr|,4T Silicon Graphics Computer Systems, Inc.Dj<#eb(STL)m~#Copyright (c) 1996–1999#

¶ TK==TNN9C"4F"^D"V"Mv[Km~0dD5DP*bQZkmI,+0aGTOf(ywXkvVZ

yP1>P,"Rf(ywMKmIyw<XkvVZ'VD5P#Silicon Graphics;TNN?DTKm~DJOT"m

NN4(#Km~GT0vK4,1Dy!a)D,;=Pw>r,>D#$#

d|+>"z7M~q{FI\Gd|+>DLjr~qjG#

yw

>vfoPya=D Tivoli Systemsr IBM z7"Lrr~q";5>b)z7"Lrr~q+ZyPP Tivoli Systems

r IBM 5qDzRrXxPa)#NNTb)z7"Lrr~qD}C";5>v\9C Tivoli Systemsr IBM Dz

7"Lrr~q#;*;V8 Tivoli Systemsr IBM DP'*6z(rd|\(I#$D({,NN,H&\Dz7"L

rr~q,<ITC4zfya=Dz7"Lrr~q#Zkd|z7aO9C1,}KG)I Tivoli Systemsr IBM w

78(Dz7.b,d@@Mi$yIC'TP:p#

Tivoli Systemsr IBM I\Q5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhC'9Cb)({DNN

mI$#PXmI$i/DBK,C'ITk IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk,

New York 10504-1785, USAif*5#

iiiTivoli PKI "aPD@f8O

>un;JCZ*OuzrNNbyDunk>X(I;;BDzRrXx#

zJL5zw+>T0vK4,1Dy!a)>vfo,;=PNNN=D(^[Gw>D,9G,>D)#$,|((+

;^Z)TGV(T"JzTMJCZ3X(C>D,>#$#3)zRrXxZ3);WP;Jmb}w>r,>D#

$#rK>unI\;JCZz#

>E"PI\|,P<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b)|D+|,ZBf>P#IBM IT

f1T>E"PhvDz7M/rLrxPDxM/r|D,x;mP(*#

>E"PTG IBM Web >cD}C<;G*K=cp{Ea)D,;TNN==P#TG) Web >cD#$#C Web

>cPDJO;G IBM z7JOD;?V,9CG) Web >cx4DgU+IzTPP##

iv f> 3 "Pf 7.1

?<

0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

>8ODA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

`XE". . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

>8O|,DZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

>8OP9CD<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

*5M''V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Tivoli PKI Web E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Z1B XZ Tivoli PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Z2B Ev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Z3B gNYw? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

I*"a1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

tC/@w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

CJGG Web 3f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

ks/@w$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

liGG4, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

q!(^ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

20 RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

XBdC RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

CJ RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

&mi/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

a;i/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

lw}ZszD$iks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

lw}ZszD\?V4ks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

lw''$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

SUz!qUZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

hClw^F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

hC?3DG<}. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

q!&mZdD4! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

&ma{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

i4i/a{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

i4`3ODa{. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

T>3nDj8E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

i4nDtT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

i4Ywz7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Z!n(.dF/. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

w{mPs! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

y]PTmDPEr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

vTivoli PKI "aPD@f8O

||

||

||

||

||

||

||

!qmPDG< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

xPYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

T`vG<xPYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

T%vG<xPYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

|DtT5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

|DP'Z. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

8(ksE*D~. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

mS"M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

K<ks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

K<\?V4ks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

+ks#VZ}Zsz4, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

\xks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

\x\?V4ks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

|DI|BT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

]R$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

7z$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

V4$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

"<$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

lirDmI( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Kv RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

6X RA @f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Z4B `XE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

GG. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

$"a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Web /@w'V. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

"a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

L5_T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

"aPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

"a}]b. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

"ar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

"aG< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

G<tT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

$w. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

O$PD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

$i7zPm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

(P{F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

$i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

/@w$i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

CA $i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

~qwrh8$i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

vi f> 3 "Pf 7.1

$i)9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

$iP'Z. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

$i]RMV4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

I|BT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

$i\?8]kV4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

"<$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

\m. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

CJXF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

O$MZ(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

"P\m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

RA @f'V!~qLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

ksE*D~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Z5B N< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

i/!n(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

i/VN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

$(ei/. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

lw^F!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

?3G<}!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

a{!n(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

\mYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

7z$iD-r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

j8E"!n( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Ywz7B~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

ksM$iDtT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

$i)9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

a)D$i`M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

j8E"i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

GGks4, . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

!n(Doz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

CZ Internet ExplorerD JVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

sjD|L8CYw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

IQbp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Jcm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

viiTivoli PKI "aPD@f8O

||

viii f> 3 "Pf 7.1

0T

>ihvgN(}9C"aPD(RA)@f4\m Tivoli PKI $i"an/#

>z7D"Pfv'V AIX =(#&1vSyPV[ Microsoft WindowsDDO#

>8ODA_>i*\m1a)K\m Tivoli PKI $iP'ZDfrNqDE"#

>8ODC'&_PyZ}]bKPi/"w*"a1~qD5J-i,"l$yZ WebD&C

Lr#

`XE"Tivoli Web >ca)K Tivoli PKI z7D5DIF2D5q=(PDF)M HTML q=#;)v

foD HTML f>GMz7;p20D,"RIIC'gfCJ#

"bTvfovfs,z7PI\"zd/#XZnBDz7E",T0XZgNTz!qDo

TMq=TvfoxPCJ,kND6"P5w7#nBf>D6"P5w7IZ Tivoli Public

Key Infrastructure Web>cqC:

http://www.tivoli.com/support

Tivoli PKI b|,TBD5:

6hCkKP7

Kia)Kz7Ev#|a)Kz7Dhs,|(20}L,"a)gNCJ?vz7

i~ICD*zoz#Ki+Zr!skz7;pV"#

System Administration GuideKi|,XZ\m Tivoli PKI 53D;cE"#||,t/MXU~qw"|D\k"

\m~qwi~"4PsFT0KP}]j{TliH}L#

6dC8O7

Ki|,XZgN9C20r<4dC Tivoli PKI 53DE"#Zi4r<D*zoz

1,z\CJK8OD HTML f>#

6"aPD@f8O7

Ki|,XZgNZ$iP'ZZ9C RA @f4\m$i#Zi4@fD*zoz1,

z\CJK8OD HTML f>#

6C'8O7

Ki|,XZgNqCM\m$iDE"#|a)K9C Tivoli PKI /@wGGm%4

ks"|BM7z$iD}LDE"#,12V[KgN$"af] PKIX $i#

Customization GuideKiT>KgN(F Tivoli PKI "a$_,T'VL5_TD"ak$w?j#}g,

zI'agN(F HTML M Java® Server3f"(*E"$iE*D~M_TvZ#

ixTivoli PKI "aPD@f8O

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|



>8O|,DZ]>8O|,TBE":

¶ Z13D:XZ Tivoli PKI;r%hvK Tivoli PKI D&\MT\#

¶ Z33D:Ev;hvK\m1r"a1DG+,T09C RA @f4PD;)dMNq#

¶ Z53D:gNYw?;a)KfrNqDE",9z\4P"a1n/#

¶ Z233D:`XE";hvKk RA @fhCPD"a"$wM\m`XDEn#

¶ Z293D:N<;|,VNhv"P'VN5,T0Z RA @fOT>DtTD,e#

¶ Z413D:Jcm;(eK>iPI\GBDr;#CDuoMu4T0A_I\PK$D

uo#

>8OP9CD<(>8OTXbuoMYw9C;,DVM<(#b)<(_PTB,e:

<( ,e

VeV |n"X|V"j>Md|Xk9CDE",TVeVT>#

1eV Xka)Dd?MBuoT1eVT>#?wDJMLo2,yT>*1eV#

HmVe zk>}"dvM53{"THmVeT>#

*5M''Vg{9CNN Tivoli z71v='Q,<ITxk http://www.support.tivoli.com i4 Tivoli

Supportw3#4SA"a;M'"am%s,4ITZ Web OCJ\`M''V~q#

Z@z9CTBg0Ek*5M''V:Tivoli EkG 1–800–848–6548(1-800–TIVOLI8),IBM®

EkG 1–800–237–5511(&rKEks4 8 rXp 8)#b=vEk<a1S+zDg0*A

Tivoli M''Vg0PD#

RG.VVZ}=XZz9C Tivoli z7MD5D-i#RG6-zavDxb{#g{zPX

Z>D5Db{r(i,k"MgSJ~A:[email protected]#

Tivoli PKI Web E"Tivoli M IBM Tivoli M'ITR=XZNN Tivoli 2+Tz7M Tivoli PKI DZ_E"#

XZ T i v o l i P K I DnBz7|BM~qE"DX*E",kCJK W e b >c:

http://www.tivoli.com/support/secure_download_bridge.html

XZ Tivoli Public Key Infrastructurez7DE",kCJK Web >c:

http://www.tivoli.com/products/index/secureway_public_key/

XZd| Tivoli 2+\mz7DE",kCJK Web ;C:

http://www.tivoli.com/products/solutions/security/

x f> 3 "Pf 7.1

|

|

|

|

|

|

|

|

|

|

|

|||

||

||

|||

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|


http://www.tivoli.com/support/secure_download_bridge.html

http://www.tivoli.com/products/index/secureway_public_key/

http://www.tivoli.com/products/solutions/security/

XZ Tivoli PKI

Tivoli Public Key Infrastructure(Tivoli PKI)9&CLr\O$C'"7#IED(E:

¶ |Jmi/y]|GD"aM$w_T4)"""<M\m}V$i#

¶ T X.509 f> 3(PKIX)D+2\?y!a9M+2}]2+a9(CDSA)S\j<D'

V<GK)&LD%YwT#

¶ }V)pM2+-ia)KZ;WPO$yPEeD=(#

¶ yZ/@wD"a\&a)KnsDinT#

¶ S\(EM"aE"D2+f"PzZ7#z\T#

Tivoli PKI 53IZ IBM AIX/6000 M Microsoft Windows NT~qw=(OKP#|,TBw

*&\:

¶ IEO$PD(CA)\m}V$iDP'Z#*7O$iDf5T,CA T}V==)p?;

])"D$i#,1,|2)p$i7zPm(CRL),T7O$i;YP'#*Kx;=

#$d)p\?,zI9C2~S\,2F*2~2+T#i(HSM),g IBM 4758 PCI

Cryptographic Coprocessor#

¶ "aPD(RA)&mC'"aD\mNq#RA a)v)"'V5qn/D$i,Rv)"x

QZ(C'#\mNqI(}T/}LrK$v_==&m#

k CA `F,z2IT9C IBM 4758 PCI Cryptographic Coprocessor#$ RA D)p\?#

¶ yZ WebDGGgf9q!$idCO*]W,b)$iICZ/@w"~qwMd|?D,

gib(Cxg(VPN)h8"G\(M2+gSJ~#

¶ yZ WebD\mgf,RA @f9QZ("a1\;K<r\xGGjk,"Z)"$is

\m$i#

¶ sFS53\*?vsFG<FcdE"i$zk(MAC)#g{sF}]Z4ksF}]

bs;^Dr>},MAC IozzlbkV_#

¶ _TvZML5wLTs(BPO)9&CLr*"_\;(F"a}L#

¶ *S\}fa)/I'V#*KO$(E,KD Tivoli PKI i~IC$'zID(C\?x

P)p#2+TTs,g\?M MAC,<;S\,"f"ZF* KeyStoreD\#$xrZ#

¶ * IBM Directory a)/I'V#DirectoryT{O LDAP Dq=f"XZP'MQ7{$i

DE"#

¶ * IBM WebSphere Application ServerM IBM HTTP Servera)/I'V#Web ~qwk

RA ~qw-,$w,TS\E""K<jkM*$ZDSU=*F$i#

¶ * IBM DB2 (C}]ba)/I'V#

1

1Tivoli PKI "aPD@f8O

|

|

1.XZ

Tivoli

PK

I

2 f> 3 "Pf 7.1

Ev

1i/5P\ Tivoli PKI #$D2+&CLr1,vPG)5PJ1>$DC'EITCJb)

&CLr#g{3Kk*C=>$(g}V$i),ITa)J1DE"#GGksPD}]G

K<r\xKksDy!#g{QK<GGks,+I Tivoli PKI "aPD(RA)&mKks,

Tivoli PKI O$PD(CA))"K$i#GGksDG<M$i$tZQS\D"a}]bP#

@@GGksM\mb)G<G\mNq#P1zDi/adC Tivoli PKI 4T/4Pb)Nq

PD3)?V,"RPLr@@"a}]#d`1d"a1xP+?PO#

Tivoli PKI "aPD@f(RA @f)G<NC'gf(GUI),CZ&mGGks"\ma{D

G<#|w*"a14'VzDNq,}g:

¶ @@}ZszDGGks,TK<r\x|G

¶ <8i/,TlwXb`MrtZX(C'D$iG<

¶ 4iG<Dj8E"

¶ hC$iDP'Z

¶ I!Yw,T|D$irGGksD4,#

¶ TG<xP"M,T5wYwD-r

¶ Z(4T8] PKCS #12D~D$i(C\?V4ks

RA @fG2+!&CLr#*9C|,zXk_P4PX(NqD(^,,1Xk(}v>}7

D}V$i4;O$#

`Xwb

Z53D:I*"a1;

Z103D:CJ RA @f;

2


2.Ev

4 f> 3 "Pf 7.1

gNYw?

>ZPDwba)Kzw*"a1DNqD-r%xD8<,}g:

¶ <8/@w"20 RA @f

¶ q!zD/@w$iMZ(,TI*"a1

¶ i/""a}]b,T&mksM$i

I*"a1ZICJ RA @fT\m$i"ks$i.0,zXkGG*QZ(D Tivoli PKI "a1#K}

L|,8v=h,dP3)XkI53\m1&m#

>ZhvKI9C RA @f.0XkjID$8Nq:

__=h 1. w*;vC',HdG53\m1,Xkq- System Administration GuidePD=h,

+Z;v"a1mS=53P#

__=h 2. hC Web /@w,9|IKP RA @f#

__=h 3. CJ Tivoli PKI GG Web 3f,Tq!X*D$i#

__=h 4. *zD Web /@wks CA $i,;sks/@w$i#zDi/&a)XZy&

!qD/@w$i`MD8<MZ(z\mD"arD{F#

__=h 5. liGG4,"7OQ20$i#

__=h 6. Q)"$is,Xkksw*"a1$wD(^#+ks+]xZ;vZ(D"a

1,"*CC'a)za;$ikss5XxzDksj6#

__=h 7. Z;v"a1Xkq- System Administration GuidePD=h4Z(z*BD"a1#

__=h 8. SU=QGGz*"a1D7Os,20 RA @f#

g{Tsh*|DZ20}LPhCD1!/@w,rg{h*|D RA ~qwD

Web X7,IXBdC RA @f.

tC/@wtC/@w.0,k7#zDzwzcKP RA @fDTB*s:

¶ Intel <Z®&mw,RAM AY* 64MB

¶ 'V VGA VfJ(r|_VfJ)DFczT>w

¶ Microsoft Windows 95"98 r NT Yw53

tC RA @fD Web /@w:

3


3.gNYw?

1. 20'VD Web /@w.;:

¶ Netscape Navigatorr Communicator,v"Pf 4.7 x

¶ Microsoft Internet Explorer,"Pf 5.0 r|_f>

TZ Internet Explorer,Xk_P Javaibz(JVM),"Pf 5.00,9(f> 3167r

|_f>#Z383D:CZ Internet ExplorerD JVM;hvKgN7(z}ZKPD JVM

D"Pf,gPX*,CgN}6#

":Xk20 Netscaper Microsoft V"D/@wY=f>#4TZ}=)&LDf>I\

^(}7T>E",HdGT}"oTbDoTKP!&CLr1#

2. ^DzD Web /@w:

¶ Z NetscapeP,r*W!nK%,tC Java#

¶ Z Internet ExplorerP,r*!nK%,tC Java#

":XZ RA @f!&CLrhsDnBE"Z"P5wPa)#"P5wZ Tivoli Public Key

Infrastructure Web>cPa):


CJGG Web 3fCJ Web 3fxPGG:

1. q!zi/D Web X74CJGG Web 3f#Web X7_PTBq=:

http://MyWebServer:port/MyDomain/index.jsp

dP MyWebServer:portG20K Tivoli PKI "aPDD~qwDwz{MKZ#MyDomain

GC Tivoli PKI 53OD"arDdC{F#}g:

http://MyWebServer:80/MyDomain/index.jsp

2. r** RA @ftCD/@w#

3. dk Web X7:

¶ Z NetscapeP,Z;CD>rPdk Web X7#

¶ Z Internet ExplorerP,X7D>rPdk Web X7#

4. 4 Enter |#

T> Tivoli PKI GG Web 3f#TZ1!20,C3f{FG0>$PD1#

5. g{zGZ;N9C Tivoli PKI GG~q,%w20RGD~qw CA $i#

K$i9zD/@w\;SGG~qPO$(E#B;Nz9Cb)~q1,zIT!TK

=h#

ks/@w$i>ZhvgN9C Tivoli PKI GG3f4ks/@w$i,TcIKP RA @f#

":w*"a1,2I\h*GG~qw"h8r$"a3K#XZG)NqDoz,kN<

6Tivoli PKI C'8O7#

q!P'$iD=hI\ar(F"a$_D=(;,x;,#TBV[r%hvKy>=h#

k*5zD53\m1TqCJOz>cD}LE"#

6 f> 3 "Pf 7.1

|



q!zD/@w$i:

1. SzD/@wOCJGG Web 3f#

2. Z$iGGxr:

a. !qGG`M → /@w$i#

b. !qYw → GG#

c. %w7(#T>zjkDGGm%#

3. q- Web 3fOD8>E"jIVN#;2P=?V:

¶ ;vxPD>rDGGE"?V,CD>rCZzya)XZT:DE"#

¶ ;vxPD>rD$iksE"?V,CD>rCZza)zk*D$iE"#g{z;

PZK?VI!VNPa)5,Tivoli PKI aa)kzks$i`M`X*D1!5#

Xp"bTBVN:

$i`M

!qzDi/#{zv>D/@w$i`M,TCJ RA @f#Z363D:a)D$

i`M; hvb)$iD`M#

Z/@wO20 CA $i%wq!`&D CA $i,C$if]K$i`M#g{z%wK4%,M"4BX

CA $i#

K$i9zD/@w\Zz9C RA @f1S"a$_O$(E#g{r*;)-r

zQ-_P`,D CA $i,GzM;h*m;v CA $i#

gSJ~X7

*!qgSJ~(*,zXka)zDgSJ~X7#

gSJ~(*

!qK!n,TSUXZjka{DgSJ~#

":g{ZzDi/P,RA ~qw20Z Windows NT=(O,"a&\dCD~

(raconfig.cfg)I\h*|B8r SMTPwz,TtCC&\#XZj8E",

kND Tivoli PKI Customization Guide#

aJ&p

7#G!za)DxVs!4DaJ&p#Ts2Xk*@KaJ&p,TliGG

ksD4,#

r{ (I!)dk$i+20DzwDwz{(zDzwDwz{)#dMivB,I!

TKVN,}GQ8>z9CKVN#

g{zh*XZVNDx;=oz,kiD6Tivoli PKI C'8O7D:N<;;Z#

4. %wa;GGks#

Tivoli PKI SUGGm%s,ai$TBE":

¶ g{m|,ms,|aT>zDms#xP|D"%wXBa;GGks#

¶ g{m;|,ms,m;v Web 3faT>zDksj6#

5. 7#G!zDksj6#Ts|aj6zDm],by,zMITliks4,,"Z$i

<8C1SU|#4PTBNN;nYw:


3.gNYw?

¶ + Web3fSOi),TczI5XAK3f"lizD$i#bG5XTli4,Dn

r%=(#

¶ G<Kksj6,Tc1z5X1ITa)|#w*;v2+k),I\*G<ksj

6,x;\Gq*4,3f4(Ki)#

¶ g{ZGGVNO8(*SUgSJ~(*,IH}ksj6(}gSJ~=4#

liGG4,*lizGGksD4,,IT5X=GGZdQmS*i)D Web3f,r_jITB=h:

1. CJGG Web 3f#

2. SGG`M!qzksDGG`M#

3. SYw!qli4,#

4. %w7(#

T>|,KZzITq!NNzksDE".0zXkO$zm]DVN#

5. ZKVNPa)E":

¶ Zksj6|kzZa;GGm%sT>Dksj6#

¶ ZaJ&p|kza)=GGm%O`,DaJ&p#

6. %wliGG4,#

T>{",mwzDksD104,#

¶ g{zDksTZsz,ITs5X"YNli#

¶ g{Q)"zD/@w$i,%wliGG4,1BX|#

7. g{h*,i4zD$i,q- Web 3fOD8>E"#

q!(^Zks53\m1Z(z RA @f.0,kjITBNq:

¶ ks/@w$i,"8(z+\mD"ar#

¶ +/@w$i0dIf] CA $iBX=zD Web /@wP,

20 RA @f20 RA @fD}L_P=?V#20~qwm~1,53\m1Xk!q"aPD@f420

!&CLrD203s#;s\m1XkV"3s,r9.ZzDxgOIC,TczIS$w

>KP20Lr#

":g{ZT0KPK20r<D,;zwO20 RA @f!&CLr,r20r<;\YNK

P#g{ZbT73P9C Tivoli PKI,I\*Z@"DzwO20020r<1M RA @

f,Tcz\X4dC}L,1=<8C+53C*zz==#

9CTB}L,KP RA @f20Lr RADInst.exe#

1. 7#zD$w>zcZ53D:tC/@w;PPvD*s#

2. S53\m1q!z+\mD"arD Web X7#

3. q-zDi/D8>E",4F"CJrBX RA @f203s#

4. XUyPn/DLr#

8 f> 3 "Pf 7.1

5. !q*< → KP,%w/@,(; RADInst.exeD~,"%w7(TKPLr#

6. 4i06-10ZODE","%wB;=#

7. g{*+m~20Z1!;C(c:\Program Files\IBM\Trust Authority\RA desk),rZ0!q

?j;C10ZO%wB;=#qr,k%w/@,!qrdk;,D?jD~P,;s%

wB;=#

8. Z0!q/@w10ZO,!qz*w*1!/@wTCJ RA @f9CD/@w#

":;P,120K Microsoft M Netscape/@wR|G<o=yhD"Pf6p1,Ea

4=K0Z#

9. Z0!qwz10ZO,dk20"aPDD~qwD WebX7#Xk4TBq=dk,d

P h o s t n a m e : p o r t G20"aPDD~qwDibwz{M2+KZE,

RegistrationDomainName G*zDi/D"ardCD{F#

https://hostname:port/RegistrationDomainName

}g:https://MyRAserver:1443/MyDomain

10. g{*9C1!LrD~P(IBM SecureWay Trust Authority),kZ0!qLrD~P10

ZO%wB;=#qr,dkr!qz*9CDD~PD{F,;s%wB;=#

11. Z0*<4FD~10ZO,4iz*KN RA @f208(DhC#g{zbzD!q,

k%wB;=#Lr+D~4F=*sD;C#

12. Z020jI10ZO:

¶ g{*4i Tivoli PKI z7TvD~,k%w4!rTi4TvD~#%wjIs,T

vD~+Zz!qD/@wPT>#

¶ %wjI,jI20}L#

20jIs,RA @fM RA @fdCZ*<K%P,;ZLr → IBM SecureWay TrustAuthority #

XBdC RA @f20 RA @fs,I|DCJ!&CLr1*9CD1!/@w,"|Dw\!&CLrD RA

~qwD Web X7#9CTB}LxPb)|D#

1. !q*< → Lr → IBM SecureWay Trust Authority → RA @fdC#

2. Z0!q/@w10ZO,!qCJ RA @f1*9CD/@w#

3. Z0!qwz10ZO,dkw\ RA @fD RA ~qwD Web X7#Xk8(2+wz

{"KZE,T0zh*\mD"arD{F(r{;\|,Uq)#}g:

https://NewRAServer:1443/NewDomainName

4. Z0!qLrD~P10ZO,;*vNN|D,%wB;=#

5. Z0*<4FD~10ZO,4iyvD|D,;s%wB;=#

6. Z020jI10ZO,%wjI,jIXBdC}L#


3.gNYw?

CJ RA @f?N*t/ RA @f1,XkWH4PTBYw:

1. g{zD"a1$iZ Netscape/@wP,kXUNN}ZKPD Netscapea0#

2. Z WindowsNq8O!q*< → Lr → IBM SecureWay Trust Authority → RA @f#

ks RA @fD Web X71,Web /@wM~qw,bt/2+(M'zO$D)a0#

Z~qwI5X WebX7Z]1,zXkO$*P'"a1#/@wa>zv>$i#Ca

>r9CD/@w;,x;,#

3. v>zD"a1$i#

":g{9CDG Internet Explorer,rZ/@wa0}LP,/@w+T/a;O;Nr~

qwv>D$i#";a>zxP7O#*v>;,D$i,XkKv"XBt//@

w#

Web /@wBX"u</ RA @f!&CLr:

¶ ZBX!&CLr}LP,I\aZ/@wA;W?4=;){"#}g,I\a4=m

>/@w}Zu</ JavaD{"#

¶ u</}LP,I4=m>}LjIivDxHu#g{u</}LPvVms,rxH

u#9,I4=;c/f{"#

jIu</s,I4= RA @f#|Q-IT9C#z\*<\mkzD$iX*D"arD"

aksM$i#

":g{S NetscapeCJ RA @f,R-};N1d RA @fO;PNNn/,r Netscapea

a>zYNu<v>$i#C=SD2+T#$zDi/,T@t1iv9zZKv RA @

f.0k*@f#

&mi/!qi/!n(,<8i/#zITCi/G#w7,rIlw;i_P+2XwDG<#2I

^FlwDG<},"8(i41;3T>`YG<#

a;i/Zi/!n(,<8;vi/,C4lwGGr\?V4ksT0z*&mD$iG<#I+i

/("Zksr$iD104,Dy!O,r("Zd|BM''XwDy!O#Zb=V`p

P,I9Cd|ICVNx;=E/i/#

1. 9C!n(ODVN,<8i/#I(}iOyhDNb`YICVN4E/i/#Z293

D:i/VN;hvb)VN#

¶ 1z+bjFA3vVNO1,!n(DW?aT>CVNDoz#

¶ zIKPi/x;X8(T:DNN5#b+lwyP]RDksG<,x;\|GDd

|Xw#

2. g{h*,|DlwDG<}D^F#

3. g{h*,|Di4a{!n(ODa{1;3T>DG<}#

4. <8Ci/1,k%wa;i/#

H}i/a{1,xHuT>i/}LDxH#i/a{Mw1,T/T>a{!n(#

10 f> 3 "Pf 7.1

5. Za{!n(O,iR*&mDG<#

`Xwb

:lw}ZszD$iks;

:lw}ZszD\?V4ks;

:lw''$i;

Z323D:$(ei/;

lw}ZszD$iksZi/!n(O,4PTBN;Yw:

¶ I;X8(zT:DNb54KPi/#bk8(}ZszD4,`,#

¶ g{h*,;*|Di/`MPD!q,"8(*lwDG<Dd|Xw#}g,YhzD

-m*szZ&md|}ZszDks.0&m3KD"aks#IZi/P8(KKD{

F#

lw}ZszD\?V4ksZi/!n(O,Ilw}ZszD\?V4ks:

1. Zi/`MO!qy]V44,"{FM|BUZ#

2. Z\?V44,O!q}Zsz#

3. %wa;i/#

`Xwb

Z183D:K<\?V4ks;

Z193D:\x\?V4ks;

lw''$iZi/!n(O,<8;vi/,C4lw+ZX(1ZZ''DI|B$iDG<#

1. Zi/`MO!qy]I|BTM''#

2. r*I|BT&DPm,"%wI|B#

3. E/zDi/,;lwZX(1ZZ+''D$iDG<#Z''UZ6':

¶ ZTdkr!qng''UZ#

¶ ZAdkr!qnY''UZ#

`Xwb

Z173D:|DP'Z;

SUz!qUZSUzP!qUZ,x;GZUZVNPdkUZ#

1. %wVND>rT_D!Uz<j#

r*Uz,ZVNPT>10BrUZDB#

2. *!q;,j,k%wUzODj#+T>Pm,SPI!qj#


3.gNYw?

3. *!qB,k%w10B{FT_D}7.;#s}7T>0;B,R|7T>s;B#

4. *!qU,k%wCBP#{!qDU#

XUUz,ZVNPT>!qDUZ#

hClw^FZi/!n(O,I^FlwDG<},49|`G<}ki/%d#hCD^FvCZ}Z<

8Di/#

1. Zlw^FBr*Pm"!q^F#1!5* 150#

K^Fa0li/a{Ds!#

2. 8(i/Dd`?V#

hC?3DG<}Zi/!n(O,I^Fa{!n(P?3T>DG<}#hCD^FvCZ}Z<8Di/#

1. Z?3G<}P,4PTBYw:

¶ r*Pm"!q^F#

¶ dk}5T2GT>D1!5#

C5XFi/DT>#

2. 8(i/Dd`?V#

q!&mZdD4!%wNN!n(OD|n4%s,feW?D4,xT>&mzDksDxL#

&ma{!qa{!n(,T>i/a{#

!n(IT>;9;vlw=DG<#?3DG<}!vZa;i/1!qD5#

i4i/a{KPi/s,IZa{!n(Pi4a{#

i/a{DmP?;P<|,ki/%dDG<#TZy]ks4,"{FM|BUZMy]I

|BTM'',mP|,TBP:

{F kksr$i`XD{F,4TBq=T>:UO,{V

ks4,

GGksD104,,}g0QK<1#Z373D:GGks4,;hv?v4,5#

4P4,

&mksD104,,}g0Q;61#

8]4,

\?8]ksD104,#

ns|B

kksr$i4,`XDUZ#

12 f> 3 "Pf 7.1

|

|

||

|

|

|

|

|

|

|

|

SUUZ

SUGGksDUZ#

TZi/`My]ks4,"{FM|BUZ,mP|,TBb)P:

{F kksr$i`XD{F,4TBq=T>:UO,{V

4P4,

&mksD104,,}g0Q;61#

8]4,

\?8]ksD104,#

V44,

\?V4ksD104,#

ns|B

kksr$i4,`XDUZ#

SUUZ

SUGGksDUZ#

i4i/a{:

1. iRh*DG<#I4PTBNNYw(g{PzZziRh*DG<):

¶ v/m,TPw{s!,rErmPDP#

¶ F/=?v3f,i4|à{#

2. iR*&mDG<1,g{h*,I4PTBYw:

¶ !q;vr`vG<,"+|Gw*;ixPYw#

¶ !q%vG<,i4|`j8E"#

":g{;lwh*DG<,r5X=i/!n(:

¶ g{i/;}7,k|D,;sYNKP#

¶ g{i/}7,khClw^F,Tlw|`G<,;sYNKPi/#

`Xwb

Z123D:hC?3DG<};

i4`3ODa{Za{!n(P,i/a{I\<]`3#3fD}?!vZki/%dDG<}M*T>G<

8(D3fs!#4,xrT>2P`Y3f#

¶ %wB;3,FACiDB;3#

¶ %wO;3,FACiDO;3#

¶ *xX;98v3f,5X=i/!n("XBa;i/I\a|l#;sa{!n(YN

T>i/a{DZ;3#


|

|

|

||

|

|

|

|

|

|

|

|

|

|

|

3.gNYw?

T>3nDj8E"Za{!n(P:

1. Zi/a{mP,!qzDi/a{PDG<P#

2. %wT>j8E"#

T/T>j8E"!n(,T>z!qDG<Dj8E"#

3. ZT>&Dj8E"!n(P,!qz*i4Dj8E"`M#

":2I(}Za{!n(O+wG<,r(}!qG<;s!qj8E"!n(,4T>CG

<Dj8E"#

`Xwb

Z163D:T%vG<xPYw;

i4nDtTZa{!n(P:

1. Si/a{mP!qG<#

2. %wT>j8E",Zj8E"!n(OT>G<D|`j8E"#

3. ZT>&Dj8E"!n(P,!qz*i4DtT`M#Z373D:j8E"i;hvt

TgNVi# 1!*y>tT#

4. i4m#

mP?PPvksr$iDtT#Z353D:ksM$iDtT;hvKkstT# m|,T

BP:

tT{F

tTD{F#

tT5 tTD5#ksr$iDP'ZPI|D5#

5. v/m,TPw{s!,rErmPDP(g{PzZjIzDNq)#

`Xwb

Z173D:|DtT5;

i4Ywz7Za{!n(P:

1. Si/a{mP!qG<#

2. %wT>j8E",Zj8E"!n(OT>G<D|`j8E"#

3. ZT>&Dj8E"!n(,!qYwz7#

4. i4m#||,CnP'ZZD?vB~Dj8E"#

Ywz7PD?PhvKZCnOxPDYw#E"|,|"zDUZ":p=MNN`X

D"M#m_PTBP:

UZ ,;PPT>DYwDUZ#

y] xPYwD"a1D(P{F,rxPYwD RA Lr#

14 f> 3 "Pf 7.1

ks4,

GGksD4,,}g0QK<1#Z373D:GGks4,;hv?v4,5#

jI4,

&mksD4,,}g0Q;61#

"M "a1Yw1a)D"M#

5. v/m,TPw{s!,rErmPDP(g{PzZjIzDNq)#

`Xwb

Z353D:Ywz7B~;

Z!n(.dF/P1T/S;v!n(FAm;v!n(#}g:

¶ Si/!n(KPi/1,1i/a{T>Z RA @fO1,FAa{!n(#

¶ ksG<Dj8E"1,FAj8E"!n(#

¶ Sj8E"!n(jIYw1,FXAa{!n(ODi/a{#

d|1dZ!n(.dF/,;h%w*T>D!n(#Yw1,zav=TBiv:

¶ g{Zi4i/a{s5X=i/!n(,@;T>zDi/#

¶ g{ksmsnDj8E",rI5X=a{!n(ODi/a{#K&,I!q;,G

<,TT>j8E"#i/a{#tZa{!n(P,1=KPm;i/#

¶ !qKa{!n(OD3vG<s,^[N1FAj8E"!n(,j8E"!n(<aT

>CG<#g{a{!n(O4!qG<,rg{!qDG<;9;v,!n(;|,E

"#Zj8E"!n(Oa;Yw1,SC!n(e}E"#

":*<a01,RA @fVN;T>1!5#

w{mPs!*uEmqPs!:

1. QbjECZzkuEDPD_gO#

2. 4!sjs|,;srsrrRO/TDdPm#

3. ZzC=k*DmH1,E*sj4%#

y]PTmDPErZPDy!OTPEr:

¶ %wPjb#

¶ *T`4NrxPEr,kYN%w#

!qmPDG<I!q;vr`vG<:

¶ *!q%vG<,k%w|DP#

¶ *!qtI`ZG<,k%wZ;vG<,;s%wns;vG<14! Shift |#


3.gNYw?

¶ *!q;`ZDtIG<,%w?vG<14! Ctrl |#

¶ *!{!qG<,kYN%w|#

xPYwITGGksxPYw,r|B$iDG<#a{!n(Mj8E"!n(<|,ISP!qY

wDVN#zIxPDYw!vZzZ"ar(zGCrD"a1)PDmI(#

T`vG<xPYwZa{!n(P,mPD?P<Gi/a{PDG<#ITmPD;vr`vG<xPYw,r

IZYw.0i4;vG<D|`j8E"#

¶ i4`vG<1*Yw:

1. !q;vr`vG<#

2. g{h*,ZhCP'Z&8($iP'DP'Z#

3. g{h*,Z!qksE*D~&,*z}ZK<Dks8(;v;,DksE*D~#

Z363D:a)D$i`M;hvKk?vksE*D~X*D$i&\#

4. r*T!qDnxPYw&DPm,"!qYw#z(;ICDYwGIT&mb)G

<#

5. g{!q7zYw,Xk!qbyvD-r#Z!q7zD-r&,r*Pm"!q-

r#Z343D:7z$iD-r;hvK?v-rD,e#

6. g{h*,Z"MzDYw&,dk5wYwD"M#

7. %wa;Yw,a;T!qDG<xPDYw#

¶ Yw.0*i4G<D|`j8E":

1. !q|,CG<DP#

2. %wT>j8E"4%#

`Xwb

Z153D:w{mPs!;

Z153D:y]PTmDPEr;

T%vG<xPYw8(Yw.0,Zj8E"!n(OITT>DG<xPd||D:

1. ZT>&,!qz*i4Dj8E"D`M#

g{T>3nD&mtT,ITmPD;)5xP|D#

2. y]h*,|D3)tT5#Z353D:ksM$iDtT;hvKdP;)tT#

3. g{h*,ZhCP'Z&8($iP'DP'Z#

4. g{h*,Z!qksE*D~&,*z}ZK<Dks8(;v;,DksE*D~#

#Z363D:a)D$i`M;hvKk?vksE*D~X*D$i&\#

5. r*TT>DnxPYw&DPm,"!qYw#z(;ICDYwGIT&mb)G<#

16 f> 3 "Pf 7.1

":g{7zKzDYw,2Xk!q7zD-r# Z343D:7z$iD-r;hvKP'

D-r#

6. g{h*,Z"MzDYw&,dk5wYwD"M#

7. %wa;Yw,a;Yw#

`Xwb

Z153D:w{mPs!;

Z153D:y]PTmDPEr;

|DtT5Zj8E"!n(O,K<GGksrTjIDksxPYw1,I|D;)tTD5#

1. ZT>&,!q&mtT#

2. v/A*|BDtT#

I|BD5_P;vD>r(CZdkB5)r;vPmr(CZ!q;,5)#Z353D

:ksM$iDtT;hvKdP;)tT#

3. dkr!qk*D5#

":ksE*D~PD5I\2GzhCD5#

|DP'ZZa{rj8E"!n(O,K<GGksrTjIDksxPYw1,I|D$iDP'Z#

ZhCP'Z&8(UZ6'#*a)UZ,%wUzr*|,;s%wk*DUZ#g{*d

kUZ,r9CkUzyCD`,q=ndD>r#

¶ Z*<UZ&8($id*P'DUZ#

¶ ZaxUZ&8($i*<''DUZ#

a;Yw1,8(DP'Z+]= RA#

C(8<:

I+$iP'Z^D*(eDksE*D~^FZD\Z#}g,g{C'ks 1 jP'ZD$

i,zI+\ZuL*YZ 1 j#;x,g{h*S$P'Z,9.,vE*D~D^F,Xk

4PTBYw.;:

¶ \x$i,"kC'a;8(|$P'ZDks,}g 2 jD$i#

¶ ^DksE*D~"a;|D#Xk!q#V}ZszYw,1=xPKyP|D#

}g,g{*+$iS 1 j$i`M|D* 2 j$i`M,+^F$iP'Z* 18 vB,

k4PTB=h:

1. !q$iks,"+$i`M|D* 2 j$i#

2. !q#V}Zsz,;s%wa;Yw#

3. YN!q$iks,"4h+*<MaxUZ|D*^FP'Z* 18 vB#

4. !qK<,;s%wa;Yw#


|

3.gNYw?

8(ksE*D~Za{rj8E"!n(O,K<GGks1,I8(;,DksE*D~,TcZ4($i1

9C#

Z!qksE*D~&!qTB3n:

¶ SPmP!qksE*D~#PmODE*D~GJmz8(DE*D~#Z363D:a)

D$i`M;hvKk?vksE*D~X*D$i#

¶ !q9C10E*D~#bG1!5#|9zZ4910E*D~;GmIz8(DE*D

~1,2\Lx#

a;Yws,z8(DE*D~CZ&mksM4($i#

mS"MZa{rj8E"!n(O,ImS"M,T5wz}ZxPDYw:

1. ZxPYw&!qYw#

2. Z"MzDYw&,ZD>rPdk"M#n`\9C 512 vV{#

3. %wa;Yw,T|,|BG<1D"M#

a;Yw1,"MmS=G<P#

K<ksIZa{!n(rj8E"!n(OK<ks#

¶ g{9Ca{!n(,I!q;9;vG<4K<#

¶ g{9Cj8E"!n(,ZK<T>Dks.0,I^D;)tTD5#

SN;!n(:

1. ZxPYw&%wK<#

2. %wa;Yw#

K<\?V4ksIZa{!n(rj8E"!n(OK<\?V4ks#g{9Ca{!n(,I!q;9;v

G<4K<#

SN;!n(:

1. ZxPYw&%wK<\?V4#

2. %wa;Yw#

+ks#VZ}Zsz4,IZa{!n(rj8E"!n(O#Vks}Zsz#g{9Ca{!n(,I!q;9;v

G<,T#V}Zsz#

SN;!n(:

1. ZxPYw&%w#V}Zsz#

2. %wa;Yw#

18 f> 3 "Pf 7.1

\xksIZa{!n(rj8E"!n(O\xks#g{9Ca{!n(,I!q;9;vG<4\

x#

SN;!n(:

1. ZxPYw&%w\x#

2. %wa;Yw#

\x\?V4ksIZa{!n(rj8E"!n(O\x\?V4ks#g{9Ca{!n(,I!q;9;v

G<4\x#

SN;!n(:

1. ZxPYw&%w\x\?V4#

2. %wa;Yw#

|DI|BTIZa{!n(rj8E"|D$iDI|BT#I9I|BD$i;I|B,4.`;#g{

9Ca{!n(,I!q;9;vG<,;s|DCiDI|BT4,#

SN;!n(:

1. ZxPYwP,%wTBn.;:

¶ 9ksI|B

¶ 9ks;I|B

2. %wa;Yw#

]R$iIZa{!n(rj8E"!n(O]R$i#g{9Ca{!n(,I!q;9;v$iT]

R#

SN;!n(:

1. ZxPYw&%w]R$i#

":TsIV4$i,;x,;)$iDm^Z'',M^(V4$i#

2. %wa;Yw#

`Xwb:

Z203D:V4$i;

7z$iIZa{!n(rj8E"!n(O7z$i#g{9Ca{!n(,I!q;9;v$iT7

z#

7z$i.0,Xk9Cj8E"!n(,T4i$iP'Z#a;7zks.0,Xki$$

i10P'#


3.gNYw?

SN;!n(7{$i:

1. ZxPYw&%w7z#

2. Z-rB,!q-r#

3. %wa;Yw#

xPYws,4|BG<D&mtT#07z-r1tTahC*z8(D5#

`Xwb:

Z193D:]R$i;

:V4$i;

V4$iIZTB3V-r,I\*V4 CRL P]RD$i:

¶ *}%;YP'D$iD CRL#

¶ *XB$nT0]RD$i#

":g{$iZ}I1Z'',r;\XB$n|#

r*4"M$iXB$nD(*,Xk(}gSJ~rd|(E=="M(*#

IZa{!n(rj8E"!n(OV44T CRL D$i#g{9Ca{!n(,I!q;9;

v$iTXB$n#

SN;!n(:

1. ZxPYw&%wV4$i#

2. %wa;Yw#

`Xwb:

Z193D:]R$i;

"<$iI9Ca{!n(rj8E"!n(+$i"<x Directory#g{9Ca{!n(,I"<;9

;vD$i#

SN;!n(:

1. ZxPYw&%w"<$i#

":CYwCZTBiv:)"$i1,}#DT/"<'\#

lirDmI(Za{!n(rj8E"!n(O:

1. %wxPYw#

2. i4YwPm#

20 f> 3 "Pf 7.1

b)Gz&m$iG<M"arGGksD\&#g{z;_Pi4G<D(^,rPmO(;

D5GÎCYw#

Kv RA @f*S RA @fDNN!n(PKv RA @f,k4PTBYw.;:

¶ %wKv#

5X=CJ RA @fD Web 3f,}GzDi/*zhCKm;76#

¶ MsXUd|/@w0Z;yXU@f((}%wjb8ODdP;v!<j)#+XU/@

w#

6X RA @fg{h*S$w>}% RA @f!&CLr,k9CTB}L#

1. !q*< → hC → XFfe#

2. +wmS/>}Lr#

3. !q IBM SecureWay Trust Authority RA @f LrD~P,"%wmS/>}#

4. a>7Ok*>}Lr,%wG#

5. g{4=XZ3)D~P4>}D{",k%wj8E"#XkV$>}0j8E"10Z

PPvDNND~P,TS539W}% RA @f#


3.gNYw?

22 f> 3 "Pf 7.1

`XE"

>ZPDwb(erhvKk RA @fhCPD"a"$iM\m`XDEn#

GGGGCZjk$i#Tivoli PKI a)`VGG=(,zDi/D_T+v(D)=(GICD#C

'IT4PTBYw.;:

¶ (} Web/@wjI"a; Tivoli PKI GGm%#Z1! Tivoli PKI 20P,GGm%Z

F*>$PDD Web 3fO#zD>cI\Cm;v{FwCK3f#

¶ $"a|*G}=,;s(}$w>O20D Tivoli PKI M'z&CLra)$"a5x

Tivoli PKI#

w*"aPD(RA)"a1,XkGG$iTCJ RA @f#Ts,IT9CGG Web3f$

"ad|C'#

ITS RA @fi4SGGm%xk}]bG<PD}]#

$"aTivoli PKI 9Lrr\m1\;$"a$ZC'#

g{k*d{K$"a$i,bv=8gB:

¶ WH,h*qCXZk*$"aDKDE"#ITS{Gyr9Ci/G<qCb)E",

}g,4T}]bDE"#

¶ dN,(}zD Web /@wCJGG3f#P(CZ$"aK1DGGm%#

¶ kjIKm%,a)hvKKDE"M{yk*D$i`M#;sa;m%#

¶ liksD4,#

K<$"aks1,+SU=Bqj6"\kMK<ksD RA Web X7#

¶ I+b)E" * (}g0"gSJ~r_WT * a)xz*d$"aDK#*K=cp{,

2I!q+|,d|ksE"D$"aD~a)x{G#1{GMw,ITks$i1,K

KMIT9Cz"MDE"K#

XZ$"aNqZdD8<,kN<6Tivoli PKI C'8O7#

Web /@w'VTivoli PKI 9z\;(}jIMa;GGm%4(GGks,I(}TBN; Web/@wjI:

¶ Microsoft Internet Explorer,"Pf 5.0 r|_f>#

¶ Netscape Navigatorr Communicator,vTZf> 4.7x#

4


4.`XE"

*CJ RA @f,IT9CBP/@w.;:

¶ Microsoft Internet Explorer,"Pf 5.0 r|_f>

¶ Netscape Navigatorr Communicator,vTZf> 4.7x

"a"aG+}V$iZ(vxvKrd|5eD}L#Z Tivoli PKI P,u="a1,Lrr"a

1+@@GGksa)DE"#;s,;\ksGq;Z(,Tivoli PKI RA +Z"a}]bP4

(ksDG<#g{v(GZ($i,Tivoli PKI O$PD(CA)+)"$i#

L5_T1Lrw*"a19d$w1,|aQzi/DL5_T&C=;)GGE"P#|IT@@D

E"`M;gz@@DV`4S#5wrZ!?+7#}g,Z#$ZfPj]Dn!5#

Tivoli PKI 9zDi/+_TE"a)xbyDLr#Lr+Zd@@P9Cb)E"#

"aPDZ Tivoli PKI P,RA G;v~qw&CLr#|:p;)C'"aDXhD\mNq,|,:

¶ 7OC'm]

¶ i$QZhks__PksDtTMmI(D$i#

¶ K<r\xksT4(r7z$i

¶ ]RrXB$n$i

¶ i$"TCJ2+&CLrDC'_Pk$iPD+C\?X*D(C\?

9C RA @f,zITt/r8<;) Tivoli PKI RA DYw#

"a}]bTivoli PKI D"a}]bf""aG<#"a}]bG;vX5}]b,|I IBM DB2

®

(C}

]b4(#Tivoli PKI TG<S\#+(} RA @f,Z(D"a1IA!s?V"aE"#

"ar?v Tivoli PKI 53P%;D"ar#Kr(eKL5_T"$i_TMkzDi/PD"aM

$wX*DJ4#k*CJJ4DC'XkZrPTZCJ4Q"a#

120K RA ~qwm~1,M|,KJmi/4("a$_Dr\#|IT9C RA 'VDN

NoTM_T#r{"oTM20769IKCJi/D"a3fD Web X7#

}g,g{+C Web~qw|{* MyPublicWebServer,r{* MyDomain,rI9CTB Web

X74CJ"a$_:

http://MyPublicWebServer/MyDomain/index.jsp

Tivoli PKI 53|,;v1! Java~qw3f(index.jsp)#K3fZ"arD WebX7OT

>#|a)GG~q:

¶ $ZC'IT*AK Web 3fks$i,|Br7z{GT:D/@w$i#

¶ *'Vb)C',Xk*AC Web3f"q!zT:DCJ RA @f$i#;sIT9C|

$"ad|C'#

CJ RA @fT&mk"arX*D"aksM$i#

24 f> 3 "Pf 7.1

"aG<?v$iksGa;x Tivoli PKI RA DGGm%#?vGGks<Z"a}]bPzz;uG

<#KG<D|B43KksOD?NYw,uA|(ksD\x#g{4(K$i,`,DG

<+43kK$i`XDNNB~#rx,"aG<+|(ksDP'ZMX*D$iPDyP

B~#

G<tTZ"a}]bPDG<tTGhvGGksDd?#TZQjIDks,d?9hvQZ(D$

i#d|tT+GPzZzDi/S?dL5~_D&md?#"a1I(} RA @fi4;)

tT0|GD5#

$w$wG*5ervK4(}V$i#TZ Tivoli PKI,$wvZTGGksxP@@MK<sx

P#w*"aa{,O$PD(CA)+)"$i#TZ Tivoli PKI,)"D$i`MkzDi/

D5q_T;B#

O$PDZ Tivoli PKI P,CA :p)"kzi/D_T`;BD}V$iD~qwLr#

Tivoli PKI 'V;f$w,4 CA .dD`%ENT,b+`%D$iw*f5T$wS\#Tivoli

PKI ,y'V CA DcNa9#CA ENZcNa9PHdH6_D CA "SUG) CA D$

iw*f5T$w#

$i7zPmTivoli PKI RA (ZX"<$i7zPm(CRL)#CRL PvK;YP'D$i,Tczm|GD

$iVP_;Y;O$#

NN CA"RA r&CLr<ICJKPm,T7($iGqQ;7z#1C'T<CJzi/D

2+&CLr1,bG Tivoli PKI RA a)2+TD;V=(#

DirectoryTivoli PKI CZf"$iD DirectoryG IBM SecureWay Directory#K DirectoryI\Gzi/

("D(CZ Tivoli PKI D9C#r_,|2I\GzT0("D"CZd|&CLr#

Tivoli PKI CZCJK Directory D-iGa?6?<CJ-i(LDAP)#

(P{F(P{F(DN)G}V$iD Directory u?D*X#|(;Xj6 Directory DcNa9PD

u?;C#

$i$iG;v}V>$,|I CA )p,7#$i5P_Dm]#1k{K(ErksCJ2+&

CLr1,VP_IT9C$iw*O$#Z Tivoli PKI P,uA~qw"&CLrMh8(g

r!zMG\()<Xh5P$i,TcC'ITO$|G,T0|G.dDO$#

ZTB`pP,Tivoli PKI 'V X.509v3 $i:

¶ /@w$i

¶ ~qw$i


4.`XE"

¶ h8$i

¶ CJ{O PKIX D&CLrD$i

¶ CA D;f$i

Tivoli PKI ,y'VTB-i:

¶ SSL

¶ S/MIME

¶ IPSec

¶ PKIX CMP

1! Tivoli PKI 20a)yZOv`pM-iD`V$i`M#GG_ITks{O{Gh*D

$i#Z363D:a)D$i`M;hv$i`M#

/@w$i/@w$i(#GI Web/@wf"ZS\D~PD}V>$#;)&CLrJmz+\?f"

ZG\(rd|iJO#Z Tivoli PKI 53P,zI(} Web/@w1Sks/@w$i#T

s,g{h*,IT5X=GG Web 3f%|Br7zK$i#

CA $i5P$iIzm Tivoli PKI ~qwD?v/@w"~qw"h8r&CLr<Xh5Pf]D CA

$i#TZ4T5P Tivoli PKI CA )"$iD~qwDO$(E45,K$iGXhD#

ZzD/@wPXh5P Tivoli PKI CA $i,Tc9C2+ Tivoli PKI GG~q#zIZZ

;NCJ Tivoli PKI GG Web3f1q!K$i#ZK.s,^[N1zSGG~qks$i

1,<IBXf]D`& CA $i#

}g,g{kjk;v 2 jD SSL /@w$i,ITSU=;vkC$if]D CA $i#

":gZ Netscape"PfITS\I Tivoli PKI ~qwa;D>c$i#TZ~qwO$D(

EMM'zO$D(E,C$iGITS\D#+G,nBD Netscape"Pfh*M'zO

$Da0D CA $i#

~qwrh8$ig{|Gw5D;?V,IT*~qwrh8ks$i#k9C(} Web /@wa)DGGm

%#

}Zks$iD~qwrh8Xk9C PKCS #10ksq=#

$i)9$i)9G X.509v3$iq=PDI!*X#)99aO=Sr=$iPI*I\#Tivoli PKI a

);i$i)9,9zDi/I(F|)"D$i#b)=SVNF*L5}Ld?#

i4 RA @fODG<1,ITZT>&mtT14=b)VN#Z;)ivB,I\IT|B

|GD5#

$iP'Z1ks$i1,*u</P'ZTLxC>$D9CZ#1$i;7zrd''1,P'Za

x#

w* RA \m1,2IT]R"XB$n$i#

26 f> 3 "Pf 7.1

1$i|B1,Z"a}]bP+4(;uBG<#

$i]RMV4P1,I\*ks]R$i,}g,g{$iVP_3I$iD2+TQ96#,y,wijI

s,I\a*szXB$n]RD$i#b)Nq(} RA @f4P#C'IT)"ksT9$

i]R,+Xk(}gSJ~rd|(E==ksXB$n$i#XkT,y==&mTks_

D(*#

?v$i<P;vm^Z,("Z$i`MDy!O,"Z$iE*D~P(e#w* RA \m

1,IT|D1!m^Z#c5b6E;7(,ITZNb1LV4$i,a)4''D$i#

;)m^Z'',M^(XB$n$i#

IT]R$iDN}GIdCD,certificate_profiles.cfgD~PD max_times_suspendedN}I8

(C5#KN}D1!5Gc,b6E^^F#g{|D1!5,+&CTBiv:g{x-]

RX($i,rIT9C RA @fi4Q]R$iDN}#;)o=KK^F,+7z$i#2

ITi4JmDn`]RN}#XZgN^D$iE*D~Dj8E",kN< Tivoli PKI

Customization Guide#

I|BT$iDI|BTGITS RA @fDdDXw.;#

¶ g{z9$iI*I|BD,d;IDT;P',+VP_TIjkBD#5PI|BD$

i+r/GG}LM*"a6vD,&#

¶ g{z9$iI*;I|BD,g{VP_9h*$i,|GXkH=$i''E\YNG

G#{GGG1,Xka)yPDE",Cs{G}ZxPZ;N"a#

;)C'ITa;{GT:D|Bks:

¶ 5PI|B/@w$iDC'ITZGG Web 3fOjk|B#

¶ _PCZCJ{O PKIX D&CLrDI|B$iDC'IT9C Tivoli PKI M'z&CL

rks|B#

$i\?8]kV4nUC'ITa;ksT4(MV4|,|GD$iM(C\?E"D8]D~#g{\?VP

_;*NJ*'r|GK\?,KD~MGPCD#ITS/@wrM'z&CLrT PKCS #12

q=4(8]D~"+df"Z53D\?V4}]b krbdb P#

(} RA @f,"a1IT4ib)ks"Z(V48]D~#"a1ITS krbdb}]bi4

b\D\k"$irPEM"PLE"#g{K<Kks,8]D~+5XC'CZBX#\?

V4DK<(} RA @f\m#

"<$i1)"$i1,Tivoli PKI +T/"<$i#g{vVJO,"a1IT9C RA @f+b)$

iXB"<= Directory#


|

|

|

|

|

4.`XE"

\mITw*"a1$wT0,XkSF.9C RA @f&ks"SU Web /@wD$i#q!/

@w$is,XkZ?NkCJ RA @f1a;$i#*ZyP"aG<r4T RA @fDks

Oi4rYw,9Xk_PJ1DD~mI(#

>ZPDwbXZ9CM\m$i#

CJXFCJXFPm(ACL)O$"Z(Z? Tivoli PKI C'"h8Mm~#}g,ZITCJ RA @

f.0,RA @f'V!~qLr9C ACL %O$"Z("a1#

O$MZ(O$+a)m]$w,xZ(+a)4PYwDmI(#ZC'CJ2+&CLr0,Tivoli PKI

9zDi/aVxPO$MZ(#,y,$iVP_IT7E{G}Z9CD&CLrG2+

D#

"P\mTivoli PKI a)%;D"ar,+`v"a1ITZCrP$w#g{d{KQ-ZCG<$w

1,RA @f!~qLrM RA DhFI@9NNK|BG<#;x,`v\m1IT,1i4

,;vG<#

RA @f'V!~qLrRA @f'V!~qLrG+ RA @f~qa)x"a1D Tivoli PKI &CLr#1"a1KP

i/1,!~qLr+5XE",1"a1Z(|DG<1,!~qLr+|BG<#

ksE*D~Tivoli PKI a)1!ksE*D~/,zDi/IT9C|Gr/"aM$w#ksE*D~XF

tTMTGGksD&m#?vksE*D~|,;v$iD#e#\'VD$i`p_P;,

DksE*D~#

?nDksE*D~{FGdtT.;#g{h*,K<GGks1IT8(;,DksE*D

~#

I\a4=;vksE*D~{FkkstTPZ;p,xm;vky>tTPZ;p#bb6

E"a1r RA xL,12GKksE*D~#kstTPDE*D~QfGGksDd|tT

;p3a#y>tTPDE*D~G10ksE*D~#

28 f> 3 "Pf 7.1

N<

>ZPDwb|,Z RA @fOT>DVNhv"P'VN5T0tTD,e#wbDi/("

ZzZ RA @fN&h*E"Dy!O#

i/!n(Zi/!n(O,IT<8lw$i"\?V4rGGksE"Di/#

!n(_PTBXw:

¶ CZ<8i/DVN#

¶ CZKPi/Da;i/4%#

¶ CZNqDoz:

v !n(W?D4,xr#|T>X(ZVNDoz"Tivoli PKI {"M&mZdDxHu#

v !n(Doz4%#

1i/a{Mw1,RA @f+T/T>a{!n(#

i/VN<8i/1,9Ch*D!?`DVN#g{|Gkz!qDd|VN%Èb,r;)VNa

;IC:

¶ Zi/`MP,%wTBn.;:

v y]ks4,"{FM|BUZ,lwGGksr|GD4,y!OD$iDG<#

v y]I|BTM'',lwh*I|BTr''E"D$iG<#

v y]V44,"{FM|BUZ,lw$i\?V4ksDG<#

¶ g{Zi/`M!qKy]ks4,"{FM|BUZ,MITy]h*9CTBVNE/

i/:

v 9Cks4,PDPmlw?v4,Dnrv_P;vX(4,Dn#SPmP,!qT

Bks4,5.;#1!!qG}Zsz#

+? ;\|GD4,,lwGGr\?V4ks#

QSU lwBSU=DGGr\?V4ks#

}Zsz

lw94K<r\xDks#;)}ZszksGBD"h*zvvv(#d|

ZzIT&m|G0}ZH}|x;=DE"#bG1!5#

QK< lw RA r"a1QK<Dks#X*$iD4,I\;,#

5


|

|

|

|

|

||

||

|

|

|

||

5.N<

Q\x lw RA r"a1Q\xK<Dks#

QjI lw RA r"a1QK<r\xDks#TZ&ZK4,DQK<ks,$iQ;

6xKC'#

v 9CTBVNvlwkX({FX*Dksr$iDG<:

– ZUOP,dkUO#2ITdk{FD*78vV8TlwyPTb)V8*7D

{F#}g,g{dk Smi,r+lw Smith"Smithers"SmileyMd|T0Smi1*7

DUOG<#

– Z{VP,dk{V#2ITdk{FD*78vV8TlwyPTb)V8*7D

{F#}g,g{dk0Joh*1,r+lw Johanna"John"JohanMd|T0Joh1*

7D{VG<#

v 9Cns|BDUZ6',vlwX(1ZZns|BDn#8(UZ6'#

– ^1!UZ#

– g{;ZNNVN8(UZ,rlwyPki/D#`?V%dDG<#

*a)UZ,%wUzr*|,;s%wk*DUZ#g{*dkUZ,r9CkUzy

CD`,q=ndD>r#

T 6'DngUZ#

g{9KVN#tUW,i/+lwZAVNPDUZT0CUZ.0|BD?

uG<#

A 6'PDn|UZ#

g{9KVN#tUW,i/+lwZTVNPDUZ1MUZs?uQ|BD

G<#

¶ g{Zi/`M!qKy]V44,"{FM|BUZ,MITy]h*9CTBVNE/

i/:

v 9C\?V44,PDPmlw?v4,Dnrv_P;vX(4,Dn#SPmP,!

qTBks4,5.;#1!!qG+?#

+? ;\|GD4,,lwGGr\?V4ks#

QSU lwBSU=DGGr\?V4ks#

}Zsz

lw94K<r\xDks#;)}ZszksGBD"h*zvvv(#d|

ZzIT&m|G0}ZH}|x;=DE"#bG1!5#

QK< lw RA r"a1QK<Dks#X*$iD4,I\;,#

Q\x lw RA r"a1Q\xK<Dks#

QjI lw RA r"a1QK<r\xDks#TZ&ZK4,DQK<ks,$iQ;

6xKC'#

4"T lw94"T\?8]r\?V4ksDGGks#

v 9CTBVNvlwkX({FX*Dksr$iDG<:

30 f> 3 "Pf 7.1

||

||

|

|

|

|

|

|

|

|

|

|

|

|

|

||

|

|

||

|

|

|

– ZUOP,dkUO#2ITdk{FD*78vV8TlwyPTb)V8*7D

{F#}g,g{dk Smi,r+lw Smith"Smithers"SmileyMd|T0Smi1*7

DUOG<#

– Z{VP,dk{V#2ITdk{FD*78vV8TlwyPTb)V8*7D

{F#}g,g{dk0Joh*1,r+lw Johanna"John"JohanMd|T0Joh1*

7D{VG<#

v 9Cns|BDUZ6',vlwX(1ZZns|BDn#8(UZ6'#

– ^1!UZ#



CD`,q=ndD>r#

T 6'DngUZ#

g{9KVN#tUW,i/+lwZAVNPDUZ1MUZ0?uQ|BD

G<#

A 6'PDn|UZ#

g{9KVN#tUW,i/+lwZTVNPDUZ1MUZs?uQ|BD

G<#

¶ g{Zi/`M!qKy]I|BTM'',MITy]h*9CTBVNE/i/:

v 9CI|BTPDPm,9i/yZGq$iGI|BD#SPmP,!qTB5.;:

I|BD

g{94'',r$iIT|B#

;I|B

;\|B$i#

v 9C''UZ6',vlw3v\ZZ*''Dn#8(UZ6'#

– ^1!5#



CD`,q=ndD>r#

T ngD''UZ#

g{9KVN#tUW,i/+lwZAVNPDUZ1MUZ0?uQ''r

+*''DG<#

A nYD''UZ#

g{9KVN#tUW,i/+lwZTVNPDUZ1MUZs?uQ''r

+*''DG<#

¶ 9CTB=vVN.;r,19C=vVN,XF&m"T>i/:

lw^F

*lwDnsG<},;[`YG<ki/%d#!qTBn.;:


5.N<

v 50

v 100

v 150

v 250(1!)

v ^^F(lwyP%dDG<)

3fs!

a{!n(D?3OT>DG<}#ITZb)3.dF/,iRi/a{Pyh

DG<#!qTBn.;rdk;v}2GT>D1!5#

v 10

v 15(1!)

v 20

v 25

$(ei/(;D$(ei/G1!i/,|lwyP}ZszDks#

lw^F!nZi/!n(O,hClw^FD!n*:

¶ 50

¶ 100

¶ 150

¶ 250(1!)

¶ ^^F(lwyP%dDG<)

b)!n+0la{!n(ODi/a{PDG<}#

?3G<}!nZi/!n(O,?3ODG<D!n*:

¶ 10

¶ 15(1!)

¶ 20

¶ 25

¶ dkDNb}(2GQT>1!5)

b)!n+0la{!n(ODi/a{T>#

a{!n(Za{!n(O,+4=KPi/Da{#!n(_PTBXw:

¶ |,i/a{Dm#

v ?P|,ki/%dDnDG<#

v ITZPP5Dy!O*PEr#

v IT*Pw{s!,T|D|GDmH#

v g{m3$ZT>DA;,rITv/a{#

v g{a{Z`v3fO,rIT%wB;3MO;3Ti4|G#

":zI\a"b=1ksB;3rO;31aPS1#1h*3)31,*S~qwl

w|G,yT;P103GZ>XICD#

32 f> 3 "Pf 7.1

¶ hC$iDP'ZDVN(g{#{hC)#

¶ 8(;,DksE*D~DVN(1K<ks1,g{#{hC)#

¶ &m;vr`v!(nICDYw!qPm#g{7zKYw,r9P;vCZ7zD-r

!qPm#

¶ CZT4PDYwxP"MD"MVN#

¶ CZ|j8XT>G<DT>j8E"4%#g{%wK4%,RA @f +T>j8E"!n

(#

¶ CZjI!qDYwDa;Yw4%#

¶ CZNqDoz:


v !n(Doz4%#

(}%wi/!n(,IT5XTE/i/r<8m;vi/#

\mYwz(;ICDYwGIT&mb)G<#I\a4=TBn.;#

K< KYwIK<ks,T9GG_\5PksD$i#

#V}Zsz

SYv(#1h*Sb?4q!E"rv*+"MmSAG<1,9CKYw#

\x \xks#

7z$i

ax$iDP'T#

]R$i

]1]R$iDP'T#

V4$i

XB$n]RD$i#

9ksI*I|BD

+;I|BD$i|D*I|BD#

9ksI*;I|BD

+I|BD$i|D*;I|BD#

"<$i

+$i"<= Directory#

K<\?V4

K<\?V4ks,T9GG_\5PQV4D PKCS #12D~#

\x\?V4

\x\?V4ks#

^YwIC

m>zv_PZ"arPi4G<D(^#


|

|

||

|

|

||

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

5.N<

7z$iD-rg{*7z$i,Xk!qbyvD-r#TBG7{$i1IT!qDP'-r#

1T>G<Dj8E""i4d&mtT1,7z-rtTI\|,TBb)5.;:

Q96 CA \?Q96O$PDD\?

Qfz$i

C'Q5PBD$i,;Yh*K$i#

^-r C'Qks7zx4xv-r#

nu9C;YP'

$iVP_;Yh*$iCZdnuD9C#

C'|DDX*

C';Y_Ph*$iDX*#

C'\?Q96

C'D(C\?Q96#

j8E"!n(Zj8E"!n(O,IT=zSki/%dDG)G<Py!qDG<Dj8E"#!n(_

PTBXw:

¶ !qzk*i4Dj8E"`MDPm#Pm|,CnDYwz7MtZCnD8vtT

i#Z373D:j8E"i;hvKb)i#

¶ T>z!qDj8E"`MDm:

v g{T>KtT,r?P|,;vtT0d5#ITZK<GGks1|B;)5#

v g{T>Ywz7,r?PzmZnOQ4PDYw#

v ITZPP5Dy!O*PEr#

v IT*Pw{s!,T|D|GDmH#

¶ hC$iDP'ZDVN(g{#{hC)#

¶ 8(;,DksE*D~DVN(1K<ks1,g{#{hC)#

¶ zICDYw!qPm#g{7zKYw,r9P;vCZ7zD-r!qPm#

¶ CZT4PDYwxP"MD"MVN#

¶ CZ|BT>D"Bj8E"4%#

¶ CZjI!qDYwDa;Yw4%#

¶ CZNqDoz:


v !n(Doz4%#

(}%wi/!n(,IT5XTE/i/r<8m;vi/#(}%wa{!n(,IT5X

TLx&mi/a{#

34 f> 3 "Pf 7.1

|

Ywz7B~a{!n(ODi/a{mMj8E"!n(ODYwz7m_P`FDP#ks4,PhvG

GksOD RA Yw#jI4,PhvksD&m4,#

¶ Za{!n(O,i/a{m+T>i/a{P?nD104,#

¶ Zj8E"!n(O,Ywz7mDP+T>T0D?v4,,T0QT>nD104,#

ksM$iDtTTBtTV`*kstT#ITDd;)tTD5#

>$''UZ

$i*''DUZ#

>$DI|B4,

m>GqIT|B$i#

>$ UUID(C(;j6,zIDw|CZa)T}]bG<Dw}#

mszk

m>vVDms`MDZ?zk#KVNMms4VNhvK,yDms#

ms4 &m RA @fksZdvVmsD Tivoli PKI xLrd|*X#

{V jkK+{DZ;v*X#d;b(#GjkKD{V,+K5I\|,Pd{rPd

{DWV8#

jI4,

ksD&m4,#Ywz7+T>K4,#Z373D:GGks4,;+hv?v4,

5#

UO jkKDUO#

T0Dksj6

g{Q-|BK$i,rzmH0D"aksyzIj6D`kV{.#

"ar *$iVP_a)2+J4D"ar#

ksj6

zm*"akszIDj6D`kV{.#

ksE*D~{F

CZ&mGGksDX~#KE*D~|,$iD#e#ZKE*D~PD5+2Gz

I\vDNNd|^D(g{b)^DkE*D~;;B)#Z363D:a)D$i`

M;hvKk?vksE*D~X*D$iXw#

":i4G<DtT1,I\a4=PvK=vksE*D~#kstTI\Pv;

v,y>tTI\Pvm;v#bMb6E"a1}%3v1L2GKksE*D

~#kstTPDE*D~QfGGksDd|tT;p3a#y>tTPDE*

D~G10ksE*D~#

ks4,

GGksD4,#Ywz7+T>K4,#Z373D:GGks4,;+hv?v4,

5#


5.N<

ksd?

GG}LZdks_a)D5#

8]4,

\?8]ksD4,#

V44,

\?V4ksD4,#

$i)9)9T{F=5TDq=mS=$iP,xRI\Z*$iT>DtTP#TZk*9C2+&

CLrDvKD$i,TB$i)9GIS\D:

¶ y><x

¶ \?9C

¶ {F<x

¶ (C\?9CZ

¶ we8C{F

a)D$i`MTivoli PKI 53*|y'VD$i`pM-ia)`v$i`M#b)$iP;,.&,dP|(

P'Z#$iD$iD{F8>|DP'ZM\?Dw*C>#XZ;,XwDhv,kNDJ

cm#

CA ;f$i9VP|D CA (})" CA 9d$iIE#$ia)}V){M;IqOT#

1 jM 2 j}]S\JmVPKS\}]#K$i;CZd|?D#

1 jM 2 jgSJ~#$JmVPK9C2+`C>xJJ~;;(S/MIME)-i#K-i#$gSJ~rd|

MIME Ts#|a)"EKO$"E"Dj{T""EKD;IqOTM#\T#|Gn

UC'DdM!q#

1 jM 2 j IPSecoz7#(} InternetT Internet-i}]|N="MD}]Dj{TM#\T#IPSec

$iGCZ}]x;GCZC'D,-#+d8(x7Iw#

vCZ 1 jM 2 j\?S\JmVPKS\\?#K$i;CZd|?D#

1 jM 2 j;IqOTa)E"S\M}V/){&\,@9E"4D;IqOTrE"+]D;IqOT#

vCZ 1 jM 2 j)pJmVPK}V/)pD~#K$i;CZd|?D#

1 jM 2 j Web M'zO$Jm Web /@wNkM'O$D SSL a0#9CK$i,/@wC'ICJ;vXb

D2+ Web>c#$ia)}V){";IqOTM\?S\#|GnUC'DdM!

q#

36 f> 3 "Pf 7.1

1 jM 2 j Web ~qwO$Jm~qwNk~qwO$D SSL a0#$ia)}V){M\?S\#

GG_r_*{K$"aDKITks;vOJD$i`M#8(ksE*D~1,||,CZ

$i`M.;D#e#

":zy4{DPmI\kKPm;%d#zDi/I\Q-|DK{F,r_uA|DKa)

Djk#z4{DPm2!vZzT"arDmI(#

j8E"iZj8E"!n(O,IT9CT>VN!qk4DtTi#;GyPj8E"<IS RA @f

4{#;)tTvVZ`viP#zITi4Dj8E"V`P:

y>tT

k}]bG<Z>JOX*DtT#

kstT

hvGGksDtT#

&mtT

hvkzDL5_T;BD&mDtT#b)tT|,7z-rtT#

\?8]kstT

k\?8]ksX*DtT#PvKQ8]D PKCS #12D~D\k#

Ywz7

ZksrZQjIDksO4PDyPYwDm#

GGks4,yPD4,GYwz7PDB~#

ks4,|,TBwn:

QK< QK<D"aks#

QjI RA r"a1QK<r\xK"aks#TZQK<ks,$iQ;6xKC'#

":bG"aksDnUks4,#QjIksDjI4,G80lksDsLYwM

B~#}g,g{$iQ|Br7z,rjI4,+m>|,+Gks4,TGQ

jI#

}Zsz

I\Q4iK"aks,+|TZH}K<r\x#

QSU QSU="aks#

Q\x Q\x"aks#4)"$i#

jI4,|,TBwn:

Q;6 $iT;6=C'ITS\|D Web 3f#

;6Q7O

C'Q+$iBX= Web /@w#

Q)" QK<"aks,"RQ)"$i#


|

|

5.N<

4)" 94)"$i#K4,;m>GqQZksO4PYw#

Q|B Q|BkG<X*D$i,<BBDG<MBD$i#

Q7z Q7zkG<X*D$i,9|^'#

!n(DozRA @fa)TBoz,TZ|DyP!n(G+2D:

4,xr

KxrZ!n(DW?,|T>TBwn:

X(VNoz

sj;ZVNO1,+T>CVNDoz#

Tivoli PKI {"|GT>ZIv/DD>rP,"xP;v<jm>{"G/f9Gms#

xHu |T>QksDNN&mDxH#

oz4%

IT%wK4%T>}Z9CD!n(Doz#

":T>Doz9|,6"aPD@f8O7D?<#(}Z?<P%wdu?,IT

T>>iPDyPwb#

`Xwb

Z153D:Z!n(.dF/;

CZ Internet Explorer D JVM20 RA @fCZ Internet Explorer0,Xk_P Javaibz(JVM)DTB"Pf:

¶ "Pf 5.00,9(f> 3167r|_f>

*7(z_P MS JVM DDvf>,k4PTBYw.;:

¶ S Internet Explorerr* JavaXF(#

¶ r* DOS |nP"dkTB|n:jview

(fDf>E&1G 5.00.3167r|_f>#

g{h*}6 JVM,ITS Microsoft Technologies for Java Web3fBXyhD"Pf#

sjD|L8CYwg{;PsjxXk9C RA @f,kiDBm#

bj/9c;C w|

;cE"

,1sXBt/a0 F5 |

Kv RA @f# Ctrl-x

q!10T>D!n(Doz# F1 |

Z!n(P$w

38 f> 3 "Pf 7.1

bj/9c;C w|

Ss`}VNFA!n(j) Ctrl-O}7

!qm;v!n(j),T>C!n(# R}7*AB;v!n(#s}7*A

O;v!n(#

Z!n(Zv/# 4 PgDnrBv/#4 PgUprOv

/#

ZVNP$w

Ss`}VNFAB;VN# Tab

Ss`}VNFAO;VN# Shift-Tab

SmrD>xrFAB;VN# Ctrl-Tab

SmrD>xrFA0;VN# Ctrl-Shift-Tab

ZmP$w

CP5*PEr# Alt-n,dP n GT>PPDw}#}

g,*CZ~PEr,4 Alt-2#

*Pw{s!# ;Psj;I\4PKYw#

ZPdF/"!q;P# B}7rBF/;P#O}7rOF/

;P#

!qPD6'# 4 Shift-O}7r Shift-B}7!q6'

PD?P#

!q;,xDP# ;Psj;I\4PKYw#

Z;PPD%*dF/# 4 Tab |rRF/;v%*#4

Shift-Tab|rsF/;v%*#

g{I`-,r`-10%*# F2 |r*`-D%*#Enter|a;|

D"Kv%*#EscKv%*x;a;|

D#

&mPmPDn

r*Pm# O}7rB}7#

ZnPmPF/# B}7BF#O}7OF#

SPm!qn"XUPm# Enter|

XUPmx;|D!q# Esc|

Kv"FAB;VN# Tab

&m%!4%/(S;v%!4%/*;vVN)

Z%!4%dF/,"!q;n# B}7rBF/,O}7rOF/#

KvVN# Tab

hCUZ


5.N<

bj/9c;C w|

ZUZVNPF/bj# R|7rRF/#s}7rsF/#

SUZVNr*Uz# O}7rB}7

|DUzODj# 4 Ctrl-PgDn|r0F/;j#4

Ctrl-PgUp|rsF/;j

|DUzODB# 4 PgDn|r0F/;vB#4 PgUp

|rsF/;vB

|DAUzOB]D*<rax# 4 Home|F/=B]D*<#4 End

|F/=B]Dax#

|DUzODGZ# B}7rBF/;vGZ#O}7rO

F/;vGZ#

|DUzODl# R|7rRF/;l#s|7rsF/

;l#

F/=UzOqlDUZ# Ctrl-Home

!q;vT>DUZ# Enter|

XUUzx;!qUZ# Esc

&m|n4%

FA|n4%# Tab

4P|n# Uq|r Enter|

IQbp>Za)KKP RA @fDC(8<MIQbp(i#

¶ 9C Microsoft Internet Explorer/@w1,I\a4=TBkC'gf`XDJb:

v g{SU=Kk SSL`XDms,r!q$_ → Internet !n#Z0Internet!nhC1

0ZP,!q_6!n("%wV4,OhC4%#KYw+XB$n SSL 3.0#%w7(

"XUyPr*D Internet Explorer0Z#XBt/ RA @f#

v Zi/(fm`G<Q5Xs,xa{m4;|,G<#

KJbGIZT>!&CLr1DSYx<BD#IT(}%w/@wD"B4%TXB

t/!&CLrIbvKJb#

v ^(9Csj!qiOrDn#

g{/v0ZdZ!&CLrDxr.b,ravVKJb#g{!qKiOr.;44

rBv/fe,raZ0Pm1M0j8E"1fePvVKJb#by+<BZ!&C

LrW?_gBf/viOr#

bv=8G9C|L!qiOr#9COrB}7,;s4 Enter|rUq|#w*!q,

ITv/fe+iOrECZO_;C"|?|!&CLrDPd#

40 f> 3 "Pf 7.1

Jcm

>Jcm(eK>iPI\GBDr;#CDuoMu4T0A_I\PK$Duo#UkDu

oM(e4T:

¶ 6nB IBM® Fcz<uGd7,&<:McGraw-Hill,1994#

¶ 6@zzRj<E"53Vd7,@zzRj<-a X3.172–1990,@zzRj<-a

(ANSI),1990#

¶ 6#{Jbbp7,f> 3.0,S{#aG:RSA Data Security,Inc.,1998#

2A3

2+gS;W(Secure Electronic Transaction ,SET)G;VZ;IExgOxP=c2+DEC(rhG('6D$5j<#IZCj<+*s$iD"P,

yT|aOKV(K"LRM"(xPDm]O$#

2+"Pc((Secure Hash Algorithm ,SHA-1)|GI NIST M NSA hFD;Vc(,M}V){j<;p9C#Kj<G2+"Pj<;SHA GKj

<9CDc(#SHA zz;v 160 ;D"P5#

2+WSVc(Secure Sockets Layer ,SSL)xPTnUC'!I\8wDZC2+~qD IETF j<(E-i#|a)K;u}V/2+(E(@#

P SSL &\D~qw(#Zk HTTP j<;,DKZOS\ SSL ,Sks#Z=(wFbwwd;;E

ET("(EZd,SSL4(a0,K}L;h"z;N#ZK.s,(EMS\K#E"j{Tli+;

1Lx= SSL a0ax#

2+Tr(security domain )I,;v CA 4O$$iDi(+>"$wirES"L}gr~.)#I CA )p$iDC'ITENd

{IK CA )p$iDC'#

2B3

#\T(privacy )@94Z(D}]96#

>XoT'V(National Language Support ,NLS)z7Z?T;,oT73D'V,b|(oT"uR"UZM1dq=,T0}Vm>==#

j<(CjGoT(Standard Generalized Markup Language )

CZhvjGoTD;Vj<#HTML MGyZ SGML D#

;IqOT(non-repudiation )9C}V(C\?\bD~"PLJbqOTD5D)p#

2C3

Ywz7(action history )>$P'ZP}[DB~#

_TvZ(policy exit )Z"a$_P,I"a&CLrwC"i/(eDLr#Z?v_TvZP8(Dfr,|Qi/D5q

M2+T!n&C=GG}LP#


Jcm

cNa9(hierarchy )EN4PDO$PD(CA)Di/,TT)p CA r%KDy*<,"T)"$ixnUC'D CA ax#

,D>(hypertext )|,%J"Lor<NDD>,A_IT(}sjcwTlwMT>m;vD5#byD%J"Lor<

NF*,4SD>#y=lw,D>,MG4S=CD>#

,D>jGoT(Hypertext Markup Language ,HTML)T Web 3f`kDjGoT#|yZ SGML#

,D>Bq&m-i(Hypertext Transaction Protocol ,HTTP)(} Web *F,D>D~DrXxM'z/~qw-i#

iso(m>( 1(Abstract Syntax Notation One ,ASN.1);V ITU F(Dm>(,CZ(eE"}]Do(#|(eKm`r%D}]`M,R*j6b)`MM5

w|GD58(Km>(#1h*(eE"Diso(1,<IT&Cb)m>(,+;C\+db)E

"D`k==D<x#

+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol ,TCP/IP);i'V>XxMcrxDcTc,S&\D(E-i#

2D3

zm~qw(proxy server )ZksCJDFcz(Fcz A)M;CJDFcz(Fcz B).dDPi#rK,g{nUC'ksF

cz A DJ4,rks;(r=zm~qw#zm~qwrFcz B ks"q!l&,YQl&*"xU

KC'#(}Z?@p=4CJr,xJ4D}LPzm~qwpEX*DwC#

zk)p(code signing );VC}V){)pI4PLrD<u#zk)phFC4DxV<ZrXxODm~DI?T#

GG(enrollment )Z Tivoli PKI P,q!ZrXx9CD>$D}L#GG|($iDks"a"|BM7z#

GGd?(enrollment variable )kNDGGtT(enrollment attribute)#

GGtT(enrollment attribute )

|,ZGGm%PDGGd?#|D543KGGZd6qDE"#GGtTD5Z>$9CZZG;d

D#

gS3W(e-commerce )LR=LRD;W#|,(kKM"a)L")&LMd{K)ZrXxOrtL7M~q#|GgSL

qDw**X#

gSLq(e-business )(}xgMFczxPL5;W#||(rtL7M~q#9|((}}V(E*FJp#

%c CA(top CA)Z PKI CA cNa9%cD CA#

TF\ku(symmetric cryptography )

9C`,D\?4S\Mb\D\ku#|D2+T!vZ\? * \?9\Mb6NNK<IT`kMb

k{"#;P1\?#\,(EEG#\D#kTUGTF\ku(asymmetric cryptography)#

42 f> 3 "Pf 7.1

TF\?(symmetric key )ITS\Ìb\D\?#m{TF\ku(symmetric cryptography)#

Ts(object)ZfrTsDhF`LP,k}]`XDisb0}]MYw#m{`(class)#

Tsj6(object identifier ,OID)y>Z\m,8(xiso(m>( 1(ASN.1)P(eD`MD}]5#

Ts`M(object type )ITf"Z Directory PDTs#}g:i/"aiR"h8"K1"Lrr}L#

`&\rXxJ~)9(Multipurpose Internet Mail Extensions ,MIME);WTIICDf6,9CT;,V{/`kDD>IT`%;;#,129`=egSJ~JCZ9C

rXxJ~j<D`V;,Fcz53#}g,}K US-ASCII"v?D>"<qMytb8VV{/,gS

J~{"9IT|,d|V{/#

2F3

@p=(firewall )xgdDxX,CZ^Fxg.dDE"w/#dMX,@p=D?DG#$Z?Dxg,@94Z(D

b?C'9C#

CJXFm(access control list ,ACL);VTQZ(C'^F9CX(J4DzF#

GTF\ku(asymmetric cryptography )

\kuGC;,D"GTF\?xPS\Mb\#?vC'IU=;T\?:;vyPKICJD+C\

?M;vvC'*@D(C\?#1+C\?M`&D(C\?`%d1,t/;Wb\,byM\xP

2+;WK#b2F*\?T\ku#kTUTF\ku(symmetric cryptography)#

qO(repudiate )IZ;f5x\x;}g,qO"MK8({"ra;K8(ks#

~qw(server)(1)ZxgP,*d|>ca)&\D}]>c,}g,D~~qw#(2)Z TCP/IPxg53P*d|

>c53Dksa)&mD53,F*M'z/~qw#

~qw$i(server certificate )I CA )"D}V$i,9 Web~qw\&myZ SSLDBq#1/@wC SSL-ik~qw,S1,

~qwa"x/@w;v+C\?#K\?I'V~qwm]O$#,1|2'V*"Mx~qwDS\

E"#m{ CA $i(CA certificate)"}V$i(digital certificate)M/@w$i(browser certificate)#

2G3

+2S\a9(Common Cryptographic Architecture ,CCA)IBM m~,|9s`} IBM Fc=(<\T;BD=(IC\ku#|'VIC;,D`LoT`4D&

CLrm~#&CLrm~ITwC CCA ~q4jIs6'DS\&\,|( DES M RSA S\#

+2}]2+Te5a9(Common Data Security Architecture ,CDSA)*yZFczD2+T&CLrx4(Dfr2+T~qM2+T\m(eD[O=(#|I Intel hF,

T9Fcz=(T&CLrxT|*2+#

+2xXSZ(Common Gateway Interface ,CGI)Z Web 3fM Web ~qw.d+ME"Dj<=(#


Jcm

+C/(C\?T(public/private key pair )+C/(C\?TG\?T\kuEnD;?V(1976j,I Diffie M Hellman*bv\?\mJbx}

k)#Z{GDEnP,?KqC;T\?,;vF*+C\?,m;vF*(C\?#?vKD+C\?

G+*D,x(C\?G#\D#"M=MSU=;h*2m#\E":+?(Ef0D;G+C\?,

R(C\?"4+dr2m#;Yh*EN(E(@D2+,T@9T}r9\#;*s+C\?k|G

DC'T;VIE(O$)D==(}gZIE?<P)`X*#(}9C+2E"NNK<\"Mz\

{"#;x,C{";\I(C\?b\,$ZDSU=(;5PK(C\?#Kb,\?T\ku;v

CZ#\T(S\),9CZO$(}V){)#

+C\?(public key )(C/+C\?TPTd{KP'D\?#|9d{K\k\?DyP_xPBq&mri$}V){#

C+C\?S\}];\(}`&D(C\?4b\#kTU(C\?(private key)#m{+C/(C\?

T(public/private key pair)#

+C\?y!a9(public key infrastructure ,PKI)yZ+C\?\kuD2+Tm~Dj<#PKI G}V$i"O$PD""aPD"$i\m~qMV<=

?<~qD53#C4i$rXxOf0BqDw=Dm]M(^#b)BqI\f0=h*i$m]D

Yw#}g,|GI\*7Oav6jDp4"gSJ~{"Dw_rpZ5q#

PKI (}CC'D+CS\\?M$iTP'vKri/DO$P'45VK?D#|a)D*z?<|,

CZi$}V$i">$M}V){D+CS\\?M$i#

PKI *+CS\\?Di$i/Mksa)lYP'Dl&#|96p53P1ZD2+T~2",$J4

T&m2+%f#ns,PKI 9*X*DL5Bqa)K}V1dAG~q#

+C\?\kuj<(Public Key Cryptography Standards ,PKCS)G}=D)&L.dDj<,|GI RSA 5iR0;,Fcz)&LDzmZ 1991j*"#Cj<|,

RSA S\"Diffie-Hellman -("yZ\kDS\")9D$io("S\{"o("(C\?E"o(M

$wo(#

¶ PKCS #1hvK9C RSA +C\?\k534S\}]D=(#<ZCZ}V){M}VEbD9l#

¶ PKCS #78(\k{"D;cq=#

¶ PKCS #108($wksDj<o(#

¶ PKCS #11*\kh8(}g:G\()(e<u^XD`LSZ#

¶ PKCS #12*f"r+MC'D(C\?"$i"d|X\E"H8(;VIF2q=#

zJj</i/(International Standards Organization ,ISO)*!=F-s=Fczxg-iDyP+w*"0+<j<DzJi/#

zJgE*K(International Telecommunication Union ,ITU)~.M(E?E-w+r6L(ExgM~qDzJi/#|G6L(E<u"\mMj<E"Dnw*

"<_#

zR2+z9(National Security Agency ,NSA)@z~.Y=D2+zX#

2J3

z\T(confidentiality );+E"96x4Z(=DXT#

y>`kfr(Basic Encoding Rules ,BER)Z ISO 8825P8(DCZT}]%*`kDfr,C}]%*GCiso(m>( 1(ASN.1)4hvD#

fr8(`k<ux;Giso(#

44 f> 3 "Pf 7.1

S\(encrypt )rRE"3r,by9C;PG)5PJ1Db\zkDKE\(}b\q!-<E"#

S\/b\(encryption/decryption )

9CSU=D+C\?*KKS\}],xSU=9CdTD(C\?4bk}]#

r%J~+M-i(Simple Mail Transfer Protocol ,SMTP)ZrXxO*FgSJ~D;V-i#

;f$w(cross-certification )

EN#=,yZ|;v CA *m;v CA )"$i,C$i|,k(C){\?`%dD+C\?#;f

$wD$iJm;v\mrODM'z53rUK5eITkm;vrODM'z53rUK5e2+(

E#

b\(decrypt )CZ7zS\}L#

2K3

*E=}]b,S(Open Database Connectivity ,ODBC);VCJ;,}]b53Dj<#

*E53%,(Open Systems Interconnect ,OSI)IzJj</i/K<DFczxgj<{F#

IEFczy!(trusted computer base ,TCB)2,5)i/Fcz2+T_TDm~M2~*X#0l2+T_T5)D*Xr*XD;?VG2+T

`XDrG TCB D;?V#TCB GI2+T6'<xDTs#5V2+T_TDzFXkG;IFPD,

Xk\h9LrqCT4Z(D53X(DCJ#

M'z(client)(1);vSU4T~qwD2m~qD&\%*#(2);vFczr_Lr,|ksm;vFczr_

Lr*|~q#

M'z/~qw(client/server )V<=&mPD#M,Zbv#MP&Z;v>cDLrTm;v>cDLr"vks"RH}|Dl

&#RGQksLrF*M'z;xQl&=F*~qw#

2L3

`(class)ZfrTsDhFM`LP,;i2m+2(eRrK22m+2XT"YwMP*DTs#

`M(type)kNDTs`M(object type)#

4i$(chain validation )ZENcNa9PTZyP CA ){Di$,(}|)";v8(D$i#}g,g{m;v CA *;v

CA )"K)p$i,G4=v){ZC'a;$ii$1<hi$#

/@w(browser )kND Web /@w(Web browser)#


Jcm

/@w$i(browser certificate )

}V$i,2F*M'zK$i#|GI CA (}tC SSL D Web ~qw4)"D#S\D~PD\?

9$iVP_ITS\"b\M)p}]#dMDiv,Web/@wf"b)\?#;)&CLrJmZG

\(rd|iJOf"\?#m{}V$i(digital certificate)#

2M3

@zzRj<-a(American national standard Institute ,ANSI)G@zD;vi/,|F(;OIDi/Z4(M,$GY=$5j<1yqXD}L#|Izz_"{

Q_M;c{f/EiI#

@zzRE";;j<zk(American National Standard Code for Information ,ASCII)Z}]&m53"}](E53M`Xh8PxPE";;yICDj<zk#ASCII V{/I 7 ;`kV

{(8 ;|,;;f<#i)iI#V{/|(XFV{M<NV{#

\k==(cryptographic )XZ*;}]T~Xd,eD==#

\ku(cryptography )ZFcz2+TP,CZS\wDMb\S\D>D-m"=(MVN#

\?(key)\kuP9CDCZ`kMbkD?#

\?8]kV4(Key Backup and Recovery )Tivoli PKI D&\,9z\8]MV4nU5e$i0dI Tivoli PKI O$D`&+CM(C\?#$iM

\?f"Z PKCS #12D~P#CD~\\k#$#8]$iM\?1+hC\k#

\?T(key pair)ZGTF\kuP9CD`&D\?#;v\?CZS\xm;vCZb\#

wkD>(cleartext )4S\D}]#wD(plaintext),eJ#

wD(plaintext )4S\D}]#wkD>(cleartext)D,eJ#

#=(schema)k Directory `X,(e;,Ts`M.dX5DZ?a9#

#}(modulus )Z RSA +C\k53P,=vsX}(p M q)DK}(n)#RSA #}DnQs!!vZ2+Th*##

}=s2+T=_#10D RSA 5iR(iD\?s!&!vZT\?DF.9C:vK9C* 768;,

+>9C* 1024;,x+*X*D\?(g CA D\?T)r* 2048;#AYZ 2004jT0,768;

D\?;O*G2+D#

?j(target)8(Dr!(D}]4#

2N3

Z?a9(internal structure )

kND#=(schema)#

46 f> 3 "Pf 7.1

Z?x(intranet )s5Z?Dxg,(#;Z@p=.s#|GTrXxDIz"9C`FD<u#S<uO5,Z?xv

vGrXxD)9#HTML M HTTP G|GD;)2,c#

2P3

>$(credential )ZO$;;PCZ$wvKm]Dz\E"#ZxgFc73P,n#{D>$`MGQI CA 4(M)p

D$i#

2Q3

)p(sign)9CzD(C\?zI){#){Gi$zGIE5D;V==,RK<}Z)pD{"#

)p/i$(signing/verifying )

)pG9C(C}V\?zI){#i$G9C`&D+C\?i$){#

a?6?<CJ-i(Lightweight Directory Access Protocol ,LDAP);vCZCJ Directory D-i#

ksj6(request ID);v 24 = 32 V{D ASCII 5,|\(;j6T RA D$iks#C5IT&CZ$iksBqP,T

lwCksD4,r`X*D$i#

2R3

O$(authentication )I?X7((E=m]D}L#

O$PD(certificate authority ,CA);Vm~,:pq-i/2+T_TMT$iN=8(2+gSm]#CA &m4T RA DksT)""|

BM!{$i#CA M RA ;%$wTZ DirectoryP"<$iM CRL#m{}V$i(digital certificate)#

2S3

}X DES(triple DES)}NTwDS\DTFc(#d;fZm`==I5ZK?D,+`XS\Dn2+N=Gx}v`l\

?D}X DES#

L5wLTs(business process objects )

;5PCZ5VX("aYwDzk,}gliGGks4,ri$+C\?Q"M#

L5wL#e(business process template )

48(3rKPD;5PL5wLTs#

sF~qw(Audit server );v Tivoli PKI ~qw,|SsFM'zSUsFB~,"+d4ksFU>#

sFzY(audit trail )}]T_-76DN=44SB~rP#sFzY'VBqrx(n/Dz7DzY#

sFM'z(audit client )53PC4"MsFB~x Tivoli PKI sF~qwDNNM'z#ZsFM'z"MB~xsF~qwT0,

|HksF~qw(",S#,S("s,M'z9CsFS53M'zbxsF~qw+ME"#


Jcm

sFU>(audit log )Z Tivoli PKI P,|G}]bPD;vm,+?vsFB~f"*;uG<#

sFS53(audit subsystem )

Z Tivoli PKI P, *G<2+T`XYwa)'VDS53#|{O*pZ~qz5D+C\?\kuDj

</PDj< X9.57 FvZ]#

5}(instance )Z DB2® P,5}Gf"}]MKP&CLrD_-}]b\m73#|Jm*`}]b(e;i+2Dd

CN}#

Bqj6(transaction ID )I RA a)Dj6,Tl&$"aGGks#|9C'\KP Tivoli PKI M'z&CLr4qC$Hz<

D$i#

X$Lr(daemon);vZs(&mNqDLr#1vVh*|ozDiv1,53+a~=wC|#C';h**@X$L

r,r*|(#GI53T/zzD#X$LrI\@6Gn/D,r_|adtXXBzI#

uo("t* demon)4Tq0#s4,|;]mbM*WV8uTJ DAEMON:Disk And Execution

MONitor#

Z((authorization )CZCJJ4DmI(#

}]f"b(Data Storage Library ,DL)w*;v#i,|a)T$i"CRL"\?"_TMd|k2+T`XTsDVC}]f"DCJ#

}]S\j<(Data Encryption Standard ,DES)w*}=Dj<,Z 1977jI@z~.(eMz<DVi\kS\c(#nuI IBM *"#TS DES+

<T4C=Kc:DP?,VZ|QI*Zy\*"Rc:9CD\k53#

DESG;vTF\k53#1|CZ(E1,"M=MSU=Xk5P,;v\?#C\?CZS\Mb\

{"#DES 2ITCZ%C'DS\,}gTS\Dq=QD~f"=2LO#DES P 64 ;Dis!,

|ZS\Zd9C 56 ;\?#|-H*2~5VxhF#NIST ?tejXBO$;N DESw*@z~.

Y=DS\j<#

}V){(digital signature );vmS=D5r_}]D`k{",|7#K"M=Dm]#

}V){ITa)Hom){|_6pD2+T#bGr*}V){;GS\{Fr;5Pr%Dj6z

k#|z.TQ)p{"DS\**#by,Z{"O=S}V){ITa)"M=DLPj6#(;P"

M=D\?EIT4(C){#)|,y9L(KQ)p{"DZ](S\D{"**XkM{"DZ]`

%d,qr){+^')#by,}V){M^(S{"P4F"R&C=m;v{"P%,r***r"

PE"+;%d#NNTQ)p{"DD/<a9){^'#

}V){c((Digital Signature Algorithm ,DSA)+C\?c(,Cw}V){j<D;?V#|^(CZS\x;\CZ}V){#

}V$w(digital certification )

kND$w(certification)#

}V$i(digital certificate )

IEDZ}=)"xvKr5eDgS>$#?v$iC CA D(C\?4)p#|xpvK"L5r_i

/Dm]#

y] CA DG+,$iIT$5VP_ZrXxOxPgS;WD(^#Z3VbeO,}V$i`FZ]

;mI$r_='D>#|O$K5P`&(C\?DVP__P-*3)gSLqn/D(^#

$i|,dO$D5eDE",^[GK1"zwrFczLr#||,C5eDQO$D+C\?#

48 f> 3 "Pf 7.1

fz}(nonce)I~qwr&CLr"vDV{.,|*sC'Z(#C'C(C\?4)pfz}#C'D+C\?M

)pDfz}"MXAksZ(D~qwr&CLr#;s~qw"TCC'+C\?4bkQ)pDf

z}#g{fz}Dbka{k"MD-~;y,rCC';O$#

m@(tunnel)Z VPN <uP,(}rXx("Dks~qibc=c,S#;),S,6LC'\9Cm@kZ+>D

(CxgO~qw;;2+"S\Mb0DE"#

2T3

3;J4(;w(Uniform Resource Locator ,URL)CZrXxJ4`7D;V=8#URL 8(-i,wz{r IP X7#,12|,KCJX(zwDJ4y

hDKZE"76MJ4j8E"#

2W3

b?x(extranet)9CMrXx`FD<uDIzzo#ws+>}*<TKM"oiMZ?K1`vEe&C Web "<"

gS;W"{"+MM:~#

j{T(integrity )#$}]j{TD53,h94Z(D^D(;,Z#$}]Dz\T,h94Z(D96)#

j{Tli(integrity checking )

TIb?i~-,Bq&mzzDsFG<Dli#

r,x(World Wide Web ,WWW)Z|,,=eDODFcz.diIxg,SDG?VrXx#b)JOa)E""a)=r,xMrX

xPd|JOD4S#RGIT(} Web /@wLrCJr,xJ4#

xX(gateway);V&\%*,Jm%;f]Dxgr&CLr%`xP(E#

D5S\\?(document encrypting key ,DEK)dMX,D5S\\?G;TTFDS\/b\\?,}g DES#

D~+d-i(File Transfer Protocol ,FTP)rXxM'z/~qw-i,CZZFcz.d*FD~#

2X3

{"O$zk(message authentication code ,MAC)"M=MSU=d2mD#\\?#"M=O$,xSU=i$#Z Tivoli PKI P,MAC \?fEZ CA

MsFi~D KeyStoreP#

{"**(message digest )S\Nb$HD{";szIL($HD?D;If&\#MD5 MG;V{"**c(#

!~qLr(servlet);V~qwKDLr,xh'V JavaD~qwT=S&\#

!&CLr(applet)GC Java`4DFczLr,IKPZk Javaf]D Web /@wP#2I1w Java!&CLr#


Jcm

-i(protocol )Fcz.d(ED;B<(#

EN4(trust chain );i$i,ISC'$i=yrT)p$iDIEcNa99I#

EN#M(trust model )\mO$PDgNO$d|O$PDDa9<(#

ENr(trust domain );i5e,|GD$iI`,D CA O$#

ib(Cxg(Virtual Private Network ,VPN)9CrXxx;Gg0_4("6L,SD(C}]xg#r*C'(}rXx~qa)Lx;Gg0+

>CJ+>xgJ4,i/ITs?uY6LCJI>#VPN 9v?K}];;D2+T#Z+3D@p=

<uP,{"Z]ITS\,+G;ITS\?DX7M4X7#Z VPN <uP,C'IT(";v(@

,S,dP{vE"|(Z]M(7)<xPS\Mb0#

2Y3

Q)"$iPm(issued certificate list ,ICL)Q)"D$i0|G104,DjIPm#$iGIrPEM4,4w}D#KPmI CA ,$,"#fZ

CA }]bP#

l=(E(asynchronous communication )

;h*"M=kSU=,=D(E#=#

rXx(Internet)|G@g6'Dxg/O,Ta)Fcz.dDgS,S#9|GIT(}nggSJ~r Web /@wH

m~h84`%(E#}g:;)s'hPT:Dxg,(}k`Fxg4S,i(I3;DrXx#

rXx$LNqi/(Internet Engineering Task Force ,IETF)Y]M*"rXx-iD;vi#|zmK|(xghF_"Yw_")&LMP?1ZZDzJi/#

IETF f0=rXxe5a9D*"MrXxD3{9C#

C'O$(user authentication )

CZi$3v{"D4w_GC{"IxpRO(DyP_#|9i$z}ZkZ{DUKC'r53x

P(E#

$"a(preregistration )Z Tivoli PKI P,Jm;vC'(dMDG\m1)GGd{C'#g{ks;z<,RA a)E",Jm

C'ZTs9C Tivoli PKI M'z&CLrqC$i#

r(domain)kND2+Tr(security domain)M"ar(registration domain)#

2Z3

v?#\TJ~(privacy-enhanced mail ,PEM)IrXxe5a9DhF_(IAB)ICDrXxv?#\TJ~j<4#$rXxOgSJ~#PEM -i

a)KS\"O$"{"j{TM\?\m#

>c$i(site certificate )`FZ CA $i,+GvCZ8(D Web >c#m{ CA $i(CA certificate)#

50 f> 3 "Pf 7.1

$w(certification )IEDZ}=)"CZ##vK"L5ri/m]DgS>$D}L#

$i_T(certificate policy )fr|{/,|mw$iT_P+22+ThsD&CLrX(`DJCT#}g,$i_TI\amw

X(D$w`MGqJmC'Z;vx(D[q6'ZxP;W#

$i7zPm(certificate revocation list ,CRL)O$PDQ7zDT}V)pRjP1dAGD$iPm#ZPmPD$i&1O*;IS\#m{}V

$i(digital certificate)#

$iE*D~(certificate profile )

(eyh$i`MD;iXT(}g:SSL$ir IPSec$i)#E*D~oz\m$if6M"a#"P

LIT*ksPD$i|DE*D~{FM8(XT,}gP'Z"\?C(M DN <xHH#

$i)9(certificate extension )

X.509v3$iq=DI!&\,|a)Z$iP|,=SVN#|_Pj<)9MC'T(e)9#j<)

9*wV?DxfZ,|,\?M_TE""wbM"PLtT"T0O$76<x#

G\((smart card );if"C'}V\?D2~,dMD;PEC(s!#G\(ITIC\k#$#

"a$_(registration facility )

;v Tivoli PKI &CLrr\,*GG5e(}g:/@w"7Iw"gSJ~M2+M'zLr)a)(

CVN"RZ{vP'ZZ\m$i#

"a}L(registration process )

Z Tivoli PKI Pi$C'm]D=h,Sx9C'Md+C\?CTO$"NkBq#C}LITG>Xr

GyZ Web D,|ITT/xPrK$;%4\m#

"a}]b(registration database )

|,K$iksMQ)"$iDE"#C}]bf"KGG}]M{vP'ZPDT$i}]|D#}]

bII RA }LM_TvZr"a14|B#

"ar(registration domain )

;iMX(D$iGG}L`XDJ4"_TMdC!n#Cr{G URL D;vS/,CZKP"a$_#

"a1(Registrar )QZ(CJ RA @fDC',{\\m$iMks$i#

"aPD(RA);V\m}V$iDm~,|7#SGGksDnuSU=$i7zZdi/DL5_T<CT&C#

(C\?(private key )(C/+C\?TP;T\?yP_P'D\?#9yP_\SU=KDBq&mrxP}V){#9C

(C\?)pD}];\I`&D+C\?4i$#kTU+C\?(public key)#m{+C/(C\?T

(public/private key pair)#

(P`kfr(Distinguished Encoding Rules ,DER)a)Z BER OD<x#DER SG)`kfrJmD`k`M(E}yP"M=!n)P!qD;V`M#

(P{F(distinguished name ,DN)f"Z Directory PD}]nD(;{F#DN (;Xj6 Directory DcNa9PDu?D;C#

VZk(bytecode )I Java`kwzI,RI JavabMw4PDkzw`M^XDzk#


Jcm

nU5e(end-entity )|G$iwb,+;G CA#

}V

4758 PCI Cryptographic Coprocessor;VI`LD,Ifl&D PCI \_S\(,C(a)_T\D DESM RSA S\&m#S\}LZ(D

2+bGZ"z#K(Oq{O FIPS PUB 140-16p 4 j<#m~ITZ2+bGZKP#}g,EC

(;W&mI9C SET™ j<#

A

ACLCJXFm#

ANSI@zzRj<-a(American National Standards Institute)#

ASCII@zzRE";;j<zk(American National Standard Code for Information Interchange)#

ASN.1iso(m>( 1(Abstract Syntax Notation One)#

B

base64 `k(base64 encoding )IC MINE +M~xF}]D+2=(#

BERy>`kfr(Basic Encoding Rules)#

C

CAO$PD(Certificate Authority)#

CAST-64;v9C 64 ;i$M 6 ;\?DVi\kc(#GI Carlisle AdamsM Stafford TavareshFD#

CA cNa9(CA hierarchy )Z Tivoli PKI PDENa9,|D%KP;v CA,Z|DBfPòDcDS CA#1 CA "aC'r

~qw1,C'M~qw+U=C CA )"D$i"+LPdOcD$wcNa9#

CA ~qw(CA server)CZ Tivoli PKI O$PD(CA)i~D~qw#

CA $i(CA certificate )ZzDksB,Web/@wS|^(6pD CA S\D$i#;s/@w9CC$iO$kVP CA )"

D$iD~qw.dD(E#

CCAIBM +2S\e5a9(IBM Common Cryptographic Architecture)#

52 f> 3 "Pf 7.1

CDSA+2}]2+Te5a9(Common Data Security Architecture)#

CGI+2xXSZ(Common Gateway Interface)#

CRL$i7zPm(Certificate revocation list)#

CRL "<1ddt(CRL publication interval )hCZ CA dCD~P,(Z"< CRL = Directory D1ddt#

D

DEKD5S\\?(Document encrypting key)#

DER(P`kfr(Distinguished Encoding Rules)#

DES}]S\j<(Data Encryption Standard)#

Diffie-HellmanZ;I?iJO("2m\?D=(,T"w_(Diffie M Hellman)|{#

Directoryk(E`XDCZE"+VJ4b(}ggSJ~r\k;;)DcNa9#Directory f" PKI a9yX

hDX(n?,|,+C\?"$iM$i7zPm#

DirectoryPD}]GTwDN=Vc\m,wD%KMGDy#(#O_cNDi/zm@"DzRrXx"

~.r+>#?CwD6Zc#CZm>C'Mh8#b)C'"i/"yZX"zRrXxT0h8<

PwTDu?#?v5eI_8`MDtTiI#b)a)K5eyzmTsDE"#

DirectoryPD?vu?<s(=X*D(P{F(DN)#TZV5@gPDTs,15e|(DtT(;1,

b2G(;D#<GTBD>} DN#dP,zRrXx(C)G US,i/(O)G IBM,i/?E(OU)

G Trust,T0+2{F(CN)G CA1#

C=US/O=IBM/OU=Trust/CN=CA1

Directory ~qw(Directory server )Tivoli PKI P,IBM SecureWay® Directory#Directory 'V LDAP j<"9C DB2 w*|Dy!#

DL}]f"b(Data Storage Library)#

DN(P{F(Distinguished name)#

DSA}V){c((Digital Signature Algorithm)#

F

FTPD~+d-i(File Transfer Protocol)#


Jcm

H

HTML,D>jGoT(Hypertext Markup Language)#

HTTP,D>Bq&m-i(Hypertext Transaction Protocol)#

HTTP ~qw(HTTP server){C/@wMd|LrZxgP&myZ Web (ED~qw#

I

ICLQ)"$iPm(Issued certificate list)#

IniEditorZ Tivoli PKI P,CZ`-dCD~D$_#

IPSecI IETF *"D;VrXx-i2+Tj<#IPSecGxgc-i,CZa)\k2+T~q,|TO$"

j{T"CJXFMz\TDiOa)inD'V#r*|?sDO$&\,m` VPN z7)&LIC|

w*-iT("ZrXxOD2+cTc,S#

ISOzJj</i/(International Standards Organization)#

ITUzJgE*K(International Telecommunication Union)#

J

JavaI SUN Microsystems, Incorporated*"D;5PyZxgDg=(Fcz<u#Java73I Java OS";

,=(Dibz"frTsD Java`LoTM8v`b9I#

Java `(Java class )JavaLrzk%*#

Java !&CLr(Java applet )kND!&CLr(applet)#kTU Java&CLr(Java application)#

Java ibz(Java Virtual Machine ,JVM)JavaKP173PD;?V,:pbMVZk#

Java &CLr(Java application )9C JavaoT`4D@"Lr#|KPZ Web /@w73.b#

Java oT(Java language );V`LoT,GI SUN Microsystems*Z!&CLrMzmLr&CLrP9CxhF#

K

KeyStoreTS\q=f" Tivoli PKI i~>$(}g\?M$i)D DL#

54 f> 3 "Pf 7.1

L

LDAPa?6?<CJ-i(Lightweight Directory Access Protocol)#

M

MACE"O$zk(Message authentication code)#

MD2;VI Ron RivesthFD 128 ;{"**"P/}#|Z PEM -iPk MD5 ;p9C#

MD4;VI Ron RivesthFD 128 ;{"**"P/}#Z4PYHO,MD4 *H MD2 lC86#

MD5;VI Ron RivesthFD%r{"**"P/}#bG MD4 DDxf>#MD5 }LT?i 512 ;(V

I 16 v 32 ;Si)dkD>#Kc(DdvG;iDv 32 ;Di,b)i,SINI;v%@D 128

;"PE"5#|2ITZ PEM -iPk MD2 ;p9C#

N

NISTzRj<M<u-a(National Institute of Standard and Technologe),T02F* NBS(zRj<V)#

|YxKyZFczDz5*Ej<M%CT#

NLS>XoT'V(National language support)#

NSAzR2+z9(National Security Agency)#

O

ODBC*E=}]b,S(Open Database Connectivity)#

OSI*E53%,(Open Systems Interconnect)#

P

PC ((PC card)`FZG\((smart card),2F* PCMCIA (#HG\(sR&\|?#

PEMv?#\J~(Privacy-enhanced Mail)#

PKCS+C\?\kuj<(Public Key Cryptography Standards)#

PKCS #1kND+C\?\kuj<(Public Key Cryptography Standards)#


Jcm





PKI+C\?y!a9(Public key infrastructure)#

PKIXyZ X.509v3 D PKI#

PKIX CMPPKIX $i\m-i(PKIX certificate management protocol)#

PKIX l}w(PKIX listener )IX(DGGr9CD+C HTTP ~qw,C4l} Tivoli PKI M'z&CLrDks#

PKIX $i\m-i(PKIX certificate management protocol ,CMP)5Vk PKIX `]&CLrD,SD-i#PKIX CMP 9C TCP/IPw*|Dw*+MzF,+GZWS

VOP;visc#|5VT=SV/+MD'V#

R

RA"aPD(Registration authority)#

RA ~qw(RA server)CZ Tivoli PKI "aPDi~D~qw#

RA @f(RA Desktop );v Java!&CLr,T<Ngfa) RA 4&m>$ksM\m|GD{v9CZ#

RC2Id\?s!i\k,GI Ron Rivest* RSA }]2+TxhFD#RCzm Ronzk r Rivest\k#

|H DES|l,RhFw* DESD0kf;#yZnY\?Qw_T,(}9CJ1D\?s!,RC2I

TH DES |2+,2IT|;2+#|P;v$ 64 ;Di,Zm~KPP*H DES s<l==}6#

RC2 ITCk DES `,D==9C#

m~vfL-a(SPA)M@z~..dD-(7(K RC2DXbX;#b9CZvZz<}LH(#D\

kz7vZ}L|r%|lY#;x,*zclYvZz<Jq,z7Xk^F RC2 \?s!* 40 ;,

1;2P}biv#IT9C=SDV{.4h9;)%w_,{GT<$HFcCI\S\DsMi/

m#

RSAT"w_(Rivest"ShamirM Adelman)|{D+C\?\kc(#|CZS\M}V){#

56 f> 3 "Pf 7.1

S

SET2+gS;W(Secure Electronic Transaction)#

SGMLj<(CjGoT(Standard Generalized Markup Language)#

S/MIME'V)pMS\ZrXxO+dDgSJ~D;Vj<#kND MIME#

SMTPr%J~+M-i(Simple Mail Transfer Protocol)#

SSL2+WSVc(Secure Sockets Layer)#

T

TCP/IP+dXF-i/xJ-i(Transmission Control Protocol/Internet Protocol)#

Tivoli PKI'V}V$iD"P"|BM7zD/I IBM SecureWay2+Tbv=8#b)$iITZ\s6'ZD

rXx&CLrP9C,a)TC'O$M7#IE(ED=(#

TPEN_T(Trust Policy)#

U

UnicodeI ISO 10646(eD 16 ;V{/#UnicodeV{`kj<GE"&mD;VzJV{zk#Unicodej<

|,@gODw*DV,"a)Km~zJ/M>X/Dy!#Java`L73PDyP4zk<T Unicode

`4#

URL3;J4(;w(Uniform Resource Locator)#

UTF-8;V*;q=#|9;\&m 8 ;V{/DE"&m53\+ 16 ; Unicode*;* 8 ;H'zk,"R

Y4r*;x;ap'E"#

V

VPNib(Cxg(Virtual Private Network)#

W

WebSphere ™ Application ServerIBM z7,ozC'*"M\m_T\ Web >c#|r/KSM6D Web "<=_6gSLq Web &

CLrD*;#WebSphere Application ServerI@"Z Web~qw0dBcYw53DyZ JavaD!~

qLr}f9I#


Jcm

Web ~qw(Web server)~qwLr,|lp4T/@wLrDE"J4ks#m{~qw(server)#

Web /@w(Web browser )KPZ(= PCzDM'zm~,9C'\/@r,xr>X HTML 3f#bG;vlw$_,|a)T

WebMrXxPIC,=eDODsM/OD(CCJ#P)/@wITT>D>M<N,xP)v\T>

D>#s?V/@wI&mrXx(E(}g FTP Bq)Dw*m%#

X

X.500I%,Fcz53)P5V`?D"V<=M?<4F~qDj<#IzJgE*K(ITU)(4T0Dz

Jg(g0I//1a CCITT)"zJj</i/MzJg/'/1a(ISO/IEC)*O(e#

X.509 f> 3 $i(X.509 Version 3 certificate )X.509v3$i_PC4f"Mlw$i&CLrE""$iV"E""$i7zE""_TE"M}V){

D)d}]a9#

X.509v3}L*yP$i4(P1dAGD CRL#?N9C$i1,X.509v3D\&Jm&CLrli$i

DP'T#|9Jm&CLr47(C$iGqZ CRL O#I*X(P'Z9l X.509v3 CRL#|G2I

yZd|I\9$i^'D73#}g,g{M1k*i/,d$i+E= CRL P#

X.509 $i(X.509 certificate );c:S\D$ij<,C4(}2+rXxxg'V2+\mM}V)p$iDV"#X.509 $i(e}

]a9,a)V"IIEDZ}=}V)pD+C\?D}L#

58 f> 3 "Pf 7.1

w}

[A]2+&CLr 3

20 RA @f 8

[B]8],\? 27

XAA_ ix

mq

Ywz7 14, 35

i/a{ 12, 32

w3 13

TPEr 15

tT 14, 35

uE;P 15

!qG< 16

mG<,!q 15

[C]N<wb 29

Ywz7

mPDP 34

i4 14

B~ 35

i/

i4 12

&mZdD4! 12

y]I|BT 31

y]\?V44, 30

y]ks4, 29

''D$i 11

a; 10

$(e 32

}ZszDks 11

'VD!~qLr 28

<8 10

VN 29

i/a{

Yw 16, 18, 19

i4Ywz7 14

i4i/a{ 12

i4tT 14

i/a{ (x)

w3 13

\?V4 11

hClw^F 12, 31

''D$i 11

^F?3DG< 12

!qG< 16

Tj8E"T> 14

}ZszDks 11

w*PmT> 12, 32

i/!n( 29

7zD-r 34

7z,-r 34

XB$n$i 34

XBdC RA @f 9

vfo

hv ix

Tivoli 2+Tz7 x

}% RA @f 21

&mZdD4! 12

&mtT 35

[D]GGks

Ywz7 35

GGm% 23

liks4, 8

@@ 24

}]bG< 25

CZlwDVN 29

I RA &m 16

I RA bv 3

$"a 23

}Zsz 11

"a1 6

4, 37

T/@@ 24

Web /@w'V 23

GGksP'Z 25

GGtT 35

GG Web 3f

CJ 6

9C 23

9CPD CA $i 6


w}

GG Web 3f (x)

CZ9CD CA $i 26

gSJ~(* 6

A_ ix

`v"a1 28

[F]"<$i 20, 27

CJXFm 28

CJ RA @f 5, 10

{O PKIX D&CLr 25

~qw$i 26

[G]Ev

"a1G+ 3

Tivoli PKI 1

E*D~,ks 18, 28

XZ>8O ix

[H]V4$i 27, 34

V4,\? 11

[J]$n]RD$i 20

G<,!q 15

lw^F

hC 12

!n 32

|L,sjD8CYw 38

;f$w 25

a{D3fs!

hC 12

!n 32

a{!n( 32

xHu 38

[K]I|BT 19, 27

M''V x

b,Tivoli PKI Web >c ix

m^Z,$i 27

[L]Pjb

Ywz7m 14

i/a{m 12

tTm 14

Pm!n(

i43f 13

?3G<} 12

P5

Ywz7m 34, 35

i/a{m 32

tTm 34, 35

/@w 6

$"a=8 23

'VD 23

<8 5

URL 6

/@w$i 6, 10, 26

/@w'V 23

[M]?3DG<,a{!n( 32

?3G<},a{!n( 12

\?96 34

\?,8] 27

\?,V4 11, 27

[Q]t/ RA @f 10

0TE" ix

ksj6 6, 8

ksE*D~ 18, 28

kstT 35

60 f> 3 "Pf 7.1

[R]O$ 28

O$PD 25

Uz 11

UZ,8( 11

[S]Lq&md? 17

h8$i 26

9C RA @fD<8 5

}]bG<

i/ 10

hC?3D}? 12

tT 25

^Flw 12

!qYw 16

CZlwDVN 29

I RA &m 3

$(ei/ 32

tT,}]bG< 25

tT,$iMks

i4 14

|D5 17

ksr$i 35

Lq&md? 17

^D 14

$i)9 36

[T]aJ&p 6, 8

Kv RA @f 21

[W]D~mI(,"a1 8, 16

[X]j8E"!n( 34

-i 25

-i,Directory CJ 25

96D\? 34

6X RA @f 21

mI( 33

mI( (x)

TZrPDYw 16, 20

q!r 8

lir 20

!n(oz 38

!n(,RA @f

oz 38

i/!n( 10, 29

+2Xw 38

a{!n( 12, 32

j8E"!n( 14, 34

F/ 15

[Y]I"a1Yw

#Vks}Zsz 18

7z$i 19

"<$i 20

|DI|BT 19

|DP'Z 17

K<\?V4ks 18

K<ks 18

q!4! 12

\x\?V4ks 19

\xks 19

\mIDr 20, 33

hCksE*D~ 18

mS"M 18

^DtT 14

P'Z 17, 28, 36

$"a 23

Nq=8 23

r,"a 24

<( x

[Z]]R$i 27, 34

]R,$i 19

**

9CD<( x

}ZszD\?V4ks,lw 11

$w 25

cNa9 25

;f$w 25

$i 25

Ywz7 14, 35

v> 10


w}

$i (x)

"< 20, 27

}ZD 11

V4 20

I|B 26

I|BT 19, 27

`p 25

`M 36

ks 3

jk/@w 6

}]bG< 24

j8E" 34

CZ9CGG~q 6, 26

P'Z 17

KP RA @f 6

]R 19

}ZxPD\m 28

}ZszDks 11

(P{F 25

4, 37

$i7zPm 25

$iD'' 11, 17

$i)9 26, 36

$i`M 36

$i?D 36

$itT 14, 35

$iP'Z 25, 26

'V RA @fD!~qLr 28

'V,Tivoli M' x

"a 24

Yw 33

_T 24

Nq,"a1 3

&CL5_T 24

CZ 3

T// 3, 24

Web /@w'V 23

"aG< 25

i/ 10

hC?3D}? 12

tT 25

^Flw 12

!qYw 16

CZlwDVN 29

I RA &m 3

$(ei/ 32

"a}]b 3, 24

"ar 6, 8, 24, 28

"a1

Yw 33

YwDz7 14

Ywz7 35

"a1 (x)

GG 6

T"a}]bD0l 25

`v"a1 28

CJ RA @fD$i 6

XZYwD"M 18

liGG4, 8

G+ 3

rDmI( 20, 33

'VNqD!~qLr 28

T/4PNq 3, 24

"a1D(^ 8

"aPD 24

(P{F 25

4,

i4 14

10 29, 37

5 37

4,xr 38

VNoz 38

VN,RA @f

oz 38

Zi/!n(O 29

Za{!n(O 33

Zj8E"!n(O 34

[XpV{]0gNYw1wb 5

0`XE"1wb 23

CCA cNa9 25

CA $i 6, 26

CRL,V4$i 20

DDB2 24

Directory CJ 25

IInternet Explorer

"Pf 38

62 f> 3 "Pf 7.1

Internet Explorer(x)

1!$i 10

LLDAP -i 25

PPKCS #10ks$i 26

RRA @f

20 8

XBdC 9

CJ 10

CJGG 6

(^ 8

Kv 21

6X 21

'VD!~qLr 28

<89C 5

RA @fDoz 29

TTivoli

2+\m Web E" x

Customer Support x

Tivoli PKI

Web E" x

UURL

GG Web 3f 6

"ar 24

Tivoli PKI b3f ix

Tivoli PKI w3 ix

WWeb /@w 6

$"a=8 23

'VD 23

<8 5

URL 6

Web /@w'V 23

Web 3f,GG

CJ 6

9C 23

9CPD CA $i 6

CZ9CD CA $i 26

Web >c

2+\mE" x

Tivoli 2+Tz7 x

Tivoli Customer Support x

Tivoli Public Key Infrastructure x

XX.509v3 $i)9 26


w}

64 f> 3 "Pf 7.1

Pz!"

SB84-0416-00

Documents

Tivoli Public Key Infrastructurepublib.boulder.ibm.com/tividd/td/PKI/SH09-4530-03/zh_CN/PDF/... · 0T..... ix >8ODA_..... ix