²¤¶
·í±z¨ú±o 128 ¦ì¤¸ SSL ¾ÌÃҮɡAVerisign ©M¨ä¥L¨ÑÀ³°Ó·|´£¨Ñ¦hºØ¤É¯Å¾ÌÃҨѱz¿ï¾Ü¡C·í¾ÌÃÒ¤¤¤ß°e¥X¦¹Ãþ¾ÌÃҮɡA¨ä®æ¦¡³q±`¬° PKCS#7¡C¥»¤å±N»¡©ú¦p¦ó³z¹L²ÕºAºÞ²zµ{¦¡¡A±N Verisign ªº¥þ°ì¦øªA¾¹¾ÌÃÒ»P¨ä¥L PKCS#7 ¾ÌÃҶפJ¦Ü SonicWALL SSL À³¥Î¨t²Î
¦ó¿×¤É¯Å¾ÌÃÒ
¤É¯Å¾ÌÃÒ¬O¤@ºØ³qºÙ¡A«üªº¬O¥iÅý¥~¾Pª©ÂsÄý¾¹¤ä´© 128 SSL ¥[±Kªº¨ºÃþ¾ÌÃÒ¡C¹L¥h¬ü°ê¥H¥~¦a°ÏªºÂsÄý¾¹¥u¨Ï¥Î 40 ¦ì¤¸¥[±K¡C³¡¥÷¡u¾ÌÃÒºÞ²z¤¤¤ß¡v¤w¨ú±o¬ü°ê¬F©²ªº¯S®í±ÂÅv¡A¯à°÷µo¦æ¾ÌÃҨѰê»Úª©ÂsÄý¾¹¶i¦æ 128 ¦ì¤¸¥[±K¡C³o¶µ±ÂÅv¥iÅý¾ÌÃÒºÞ²z¤¤¤ßµo¦æ¡u±j¤Æ¥[±K¾ÌÃÒ¡v¡A¨Ï°ê»Úª©ÂsÄý¾¹¯à°÷¥H±j¤Æ¥[±K (128 ¦ì¤¸) ¶i¦æ³q°T¡C©Ò¦³¬ü°ê¡u¥»¦a¡vª©ÂsÄý¾¹À³¸Ó¤@«ß´£¨Ñ 128 ¦ì¤¸ªº¦w¥þ©Ê¡A¦ý±zªº¦øªA¾¹¥²¶·¯à°÷¤ä´© 128 ¦ì¤¸¡A¥B±z¥²¶·¤w¸g²£¥Í1024 ¦ì¤¸ª÷Æ_¡C
¤£¦Pªº¾ÌÃÒºÞ²z¤¤¤ß¹ï³oÃþ¾ÌÃÒ¦³¤£¦PªººÙ©I¡C¨Ò¦p¡A Verisign ºÙ¤§¬°¡u¥þ°ì¦øªA¾¹ ID¡v(Global Server ID)¡AMicrosoft ºÙ¤§¬°¡uMicrosoft ¦øªA¾¹¹h¹D«¬¥[±K¡v(Microsoft Server Gated Cryptography)¡ANetscape «h¨Ï¥ÎSuperCert §@¬°¦WºÙ¡C¾¨ºÞºÙ©I¤£¦P¡A¦ý¤j¦h¼Æ²£«~³£¦³¬Û¦Pªº¥\¯à¡C
¦ó¿×Ã즡¾ÌÃÒ
©Ò¦³ SonicWALL ¥æ©ö¦w¥þ¸Ë¸m¬Ò¤ä´©Ã즡¾ÌÃÒ¡CÃ즡¾ÌÃÒ¥i¥Î©ó¼ÆºØª¬ªp¡A¦p·í¬YÓ¤wª¾¥i±µ¨üªº¾ÌÃÒºÞ²z¤¤¤ß (CA) ´£¨Ñ¾ÌÃÒ¡A¥HÃÒ©ú¬YÓ¤£¥i¿ëÃѾ÷ºc©Ò«Ø¥ßªº¾ÌÃÒ¬O¥i«H¥ôªº¡C¨Ò¦p¡A¤½¥q¥i«Ø¥ß¶È¨Ñ¤º³¡¨Ï¥Îªº¾ÌÃÒ¡A¦ý¤@¯ë¥Î¤áºÝµLªk±µ¨ü³oºØ¾ÌÃÒ¡A¦]¬°¥¦Ì¤£¬O¥Ñ¤wª¾ CA ©Ò«Ø¥ßªº¡C³z¹L¨p±K¾ÌÃÒ¨ÓÃìµ²¥i«H¥ô CA ªº¾ÌÃÒ¡A¥Î¤áºÝ´N¯à¦bSSL ¨ó½Õ³B²z´Á¶¡±µ¨ü³oÃþ¤º³¡¾ÌÃÒ¡C
¤@¦ý±N PKCS#7
¾ÌÃҰϤÀ¦¨¦hÓ¾ÌÃÒ¡A¥²¶·¥ý¨Ï¥ÎÃ즡¾ÌÃÒ«ü¥O¨Ó¶×¤J¾ÌÃÒ¡A¤~¯à±N¾ÌÃҶפJ¦Ü SSL À³¥Î¨t²Î¡C¦¹¥~¡APKCS#7 ¾ÌÃÒ°£¤F CA ¦øªA¾¹¾ÌÃÒ¤§¥~¡AÁÙ¾Ö¦³¤@©Î¦hÓ¤¤¤¶¾ÌÃÒ¡C
¦p¦ó¶}©l
·í±z®Ú¾Ú Verisign «ü¥Ü´£¥æ¾ÌÃÒñ³¹n¨D (CSR) ¤§«á¡A±z±N·|¦¬¨ì¤@«Ê»P¤U¦C¬Û¦üªº¹q¤l¶l¥ó¡C
PKCS#7 ¾ÌÃÒ½d¨Ò
-----Original Message-----
From:someone@verisign.com [mailto:someone@verisign.com]
Sent:Thursday, February 29, 2001 8:53 PM
To:you@yourcompany.com Subject:Your Digital ID is ready
Dear Applicant,
Your Administrator has approved your request for a Server OnSite Class 3 Global Server ID.
If you have any questions or problems, please contact your Administrator by replying to this e-mail message.
THE COMMON NAME OF THIS CERTIFICATE:WWW.YOURCOMPANY.COM THE ORGANIZATION OF THIS CERTIFICATE:YOURCOMPANY INC. THE ORGANIZATION UNIT OF THIS CERTIFICATE:WEB1
Your VeriSign Global Server ID, is included within this message.
VeriSign has digitally signed your Certificate, providing assurance that your certificate has not been damaged or changed without detection.
The procedures for installing a Global Server ID differ substantially depending on which Web Server software package you are using.In particular, certain web server packages (such as Microsoft IIS) require that you install a single, integrated PCKS#7 chain.Other web server packages (such as Netscape Navigator) require that you install two certificates--a Server Certificate and an Intermediate CA Certificate.
For installation instructions for your Global Server ID, please refer to :http://www.verisign.com/support/tlc/class3_install_docs/g/index.html
*********************************************** ***********************************************
CERTIFICATES BEGIN HERE
INTERMEDIATE CA CERTIFICATE (note - this is also referred to as SERVER CERT CHAIN-YOU DO NOT NEED THIS CERTIFICATE IF YOU ARE USING MICROSOFT IIS)
-----BEGIN CERTIFICATE-----MIIFKDCCBJGgAwIBAgIQVl7d2FmYuFiBKMEpwN8MFjANBgkqhkiG9w0BAQQFADCB ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w MTA0MjYwMDAwMDBaFw0wMjA0MjYyMzU5NTlaMH8xCzAJBgNVBAYTAlVTMQ4wDAYD VQQIEwVUZXhhczEPMA0GA1UEBxQGSXJ2aW5nMSMwIQYDVQQKFBpWZXJpem9uIERh dGEgU2VydmljZXMgSW5jLjEOMAwGA1UECxQFc3NscjExGjAYBgNVBAMUEXd3dzIw LnZlcml6b24uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPsGs5C5lN aYwsMdSqehQ41psNfqSiKBVk8nifhoyrXKrPoSKASamM9f17xaopauNmvUshL8oE MspBXsqL9wnFohWyJnxI0XA9e8RLnYyV2LvyzJh77VFdvyF0UWkmyVGJj+Iw/1/D X3T0ruwD1pSPnl5/d/sfkQfB07gIQEGzGQIDAQABo4ICZzCCAmMwCQYDVR0TBAIw ADCCAh8GA1UdAwSCAhYwggISMIICDjCCAgoGC2CGSAGG+EUBBwEBMIIB+RaCAadU aGlzIGNlcnRpZmljYXRlIGluY29ycG9yYXRlcyBieSByZWZlcmVuY2UsIGFuZCBp dHMgdXNlIGlzIHN0cmljdGx5IHN1YmplY3QgdG8sIHRoZSBWZXJpU2lnbiBDZXJ0 aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudCAoQ1BTKSwgYXZhaWxhYmxlIGF0 OiBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vQ1BTOyBieSBFLW1haWwgYXQgQ1BT LXJlcXVlc3RzQHZlcmlzaWduLmNvbTsgb3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwg SW5jLiwgMjU5MyBDb2FzdCBBdmUuLCBNb3VudGFpbiBWaWV3LCBDQSA5NDA0MyBV U0EgVGVsLiArMSAoNDE1KSA5NjEtODgzMCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVy aVNpZ24sIEluYy4gIEFsbCBSaWdodHMgUmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFO VElFUyBESVNDTEFJTUVEIGFuZCBMSUFCSUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4 RQEHAQEBoQ4GDGCGSAGG+EUBBwEBAjAsMCoWKGh0dHBzOi8vd3d3LnZlcmlzaWdu LmNvbS9yZXBvc2l0b3J5L0NQUyAwEQYJYIZIAYb4QgEBBAQDAgZAMCAGA1UdJQQZ MBcGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzANBgkqhkiG9w0BAQQFAAOBgQCCeKcS 4nDccG5gLgHsqOpAXkjV4PrP5ldCPWbF+xNq2r7JqZVJXbc5yTb4WP0HYBKekn6H zn4PW+Pukl3/ZmZeHvghfCPfL+FjTCZk5urm5BOIJ5lq1GE3RqXeLyT+cG9CPr+Q 1DSmw0H1AHk4l3z271nqOIsj3/fNxqnlgW1LNg==
-----END CERTIFICATE-----
SERVER SUBSCRIBER CERTIFICATE
-----BEGIN CERTIFICATE-----MIIJzQYJKoZIhvcNAQcCoIIJvjCCCboCAQExADALBgkqhkiG9w0BBwGgggmiMIIF KDCCBJGgAwIBAgIQVl7d2FmYuFiBKMEpwN8MFjANBgkqhkiG9w0BAQQFADCBujEf MB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNp Z24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVy IENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5j b3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0wMTA0 MjYwMDAwMDBaFw0wMjA0MjYyMzU5NTlaMH8xCzAJBgNVBAYTAlVTMQ4wDAYDVQQI EwVUZXhhczEPMA0GA1UEBxQGSXJ2aW5nMSMwIQYDVQQKFBpWZXJpem9uIERhdGEg U2VydmljZXMgSW5jLjEOMAwGA1UECxQFc3NscjExGjAYBgNVBAMUEXd3dzIwLnZl cml6b24uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPsGs5C5lNaYws MdSqehQ41psNfqSiKBVk8nifhoyrXKrPoSKASamM9f17xaopauNmvUshL8oEMspB XsqL9wnFohWyJnxI0XA9e8RLnYyV2LvyzJh77VFdvyF0UWkmyVGJj+Iw/1/DX3T0 ruwD1pSPnl5/d/sfkQfB07gIQEGzGQIDAQABo4ICZzCCAmMwCQYDVR0TBAIwADCC Ah8GA1UdAwSCAhYwggISMIICDjCCAgoGC2CGSAGG+EUBBwEBMIIB+RaCAadUaGlz IGNlcnRpZmljYXRlIGluY29ycG9yYXRlcyBieSByZWZlcmVuY2UsIGFuZCBpdHMg dXNlIGlzIHN0cmljdGx5IHN1YmplY3QgdG8sIHRoZSBWZXJpU2lnbiBDZXJ0aWZp Y2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudCAoQ1BTKSwgYXZhaWxhYmxlIGF0OiBo dHRwczovL3d3dy52ZXJpc2lnbi5jb20vQ1BTOyBieSBFLW1haWwgYXQgQ1BTLXJl cXVlc3RzQHZlcmlzaWduLmNvbTsgb3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwgSW5j LiwgMjU5MyBDb2FzdCBBdmUuLCBNb3VudGFpbiBWaWV3LCBDQSA5NDA0MyBVU0Eg VGVsLiArMSAoNDE1KSA5NjEtODgzMCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVyaVNp Z24sIEluYy4gIEFsbCBSaWdodHMgUmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFOVElF UyBESVNDTEFJTUVEIGFuZCBMSUFCSUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4RQEH AQEBoQ4GDGCGSAGG+EUBBwEBAjAsMCoWKGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv bS9yZXBvc2l0b3J5L0NQUyAwEQYJYIZIAYb4QgEBBAQDAgZAMCAGA1UdJQQZMBcG CWCGSAGG+EIEAQYKKwYBBAGCNwoDAzANBgkqhkiG9w0BAQQFAAOBgQCCeKcS4nDc
cG5gLgHsqOpAXkjV4PrP5ldCPWbF+xNq2r7JqZVJXbc5yTb4WP0HYBKekn6Hzn4P W+Pukl3/ZmZeHvghfCPfL+FjTCZk5urm5BOIJ5lq1GE3RqXeLyT+cG9CPr+Q1DSm w0H1AHk4l3z271nqOIsj3/fNxqnlgW1LNjCCBHIwggPboAMCAQICECg0MO7JTHUI A6REZjhkq/kwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoT DlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5 IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk3MDQxNzAwMDAwMFoXDTA0MDEw NzIzNTk1OVowgboxHzAdBgNVBAoTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxFzAV BgNVBAsTDlZlcmlTaWduLCBJbmMuMTMwMQYDVQQLEypWZXJpU2lnbiBJbnRlcm5h dGlvbmFsIFNlcnZlciBDQSAtIENsYXNzIDMxSTBHBgNVBAsTQHd3dy52ZXJpc2ln bi5jb20vQ1BTIEluY29ycC5ieSBSZWYuIExJQUJJTElUWSBMVEQuKGMpOTcgVmVy aVNpZ24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANiCgOjWGQJ9H4UYOSWi ZSvhv9QF07zmNjuq8ExsW7bnqjxzRVWy8b3ql0LtmjQKFdSpXPVAJd3ZB8EysnVs xMq7o/5WJ3FDqmP1MD6TKOX68Qk787dNTjn3XElauMEd07KK/nAwlULL/itRi1o8 OvkiT5CyAqdTnE8056sEsntvAgMBAAGjggHRMIIBzTALBgNVHQ8EBAMCAQYwEQYJ YIZIAYb4QgEBBAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwudmVy aXNpZ24uY29tL3BjYTMuMS4xLmNybDAqBgNVHSUEIzAhBgpghkgBhvhFAQgBBglg hkgBhvhCBAEGCCsGAQUFBwMBMIIBNQYDVR0gBIIBLDCCASgwggEkBgtghkgBhvhF AQcBATCCARMwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9D UFMwgeYGCCsGAQUFBwICMIHZMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEagb9WZXJp U2lnbidzIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50LCB3d3cudmVy aXNpZ24uY29tL0NQUywgZ292ZXJucyB0aGlzIGNlcnRpZmljYXRlICYgaXMgaW5j b3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZSBoZXJlaW4uIFNPTUUgV0FSUkFOVElFUyBE SVNDTEFJTUVEICYgTElBQklMSVRZIExURC4gKGMpMTk5NyBWZXJpU2lnbjAPBgNV HRMECDAGAQH/AgEAMA0GCSqGSIb3DQEBAgUAA4GBAAUjOBXu6wB3drXDPWBT3Dx9 cnggc8rrP0++eYmyyh3gqzbWddLkg939yd7jK6mLTCZbLoKeIJts3wOwvi2Th2jv UUJDzI+Ak9fQCihzCKNHFQ65LDPunEJ7s/iT89sOwO4kYZVtXdrpS27uAGQ+28NR F8J0I4K3O/YP7Y8/Yo0/MQA=
-----END CERTIFICATE-----
½d¨Ò OpenSSL ¨Ï¥Î²¤¶
²{¦b±z¤w¦¬¨ì¾ÌÃÒ¡A§ÚÌ¥²¶·±N¾ÌÃÒ¤À¦¨¤¤¤¶¾ÌÃÒ»P¦øªA¾¹¾ÌÃÒ¡A¤~¯à±N³o¨Ç¾ÌÃÒ¿é¤J¨ì SonicWALL SSL À³¥Î¨t²Î¤¤¡C
1. º¥ý½Ð±N¹q¤l¶l¥ó¤¤ªº²Ä¤G¥÷¾ÌÃÒ¡A§Y¤å¦r "SERVER SUBSCRIBER CERTIFICATE" ¤U¤èªº¤å¦r¡AÀx¦s¦¨ÀÉ®× (¦p¡A/home/user/fullcert or C:\fullcert)¡C
2. ±Ò°Ê openssl.exe¡A³oÓÀ³¥Îµ{¦¡»P SonicWALL ²ÕºAºÞ²zµ{¦¡¦P®É¦w¸Ë¡A¥B¦w¸Ë¦ì¸m¤]¬Û¦P¡C±z¤]¥i¥H°õ¦æ¦w¸Ëµ{¦¡¡AµM«á¿ï¾Ü ‘Custom Installation?¿ï¶µ¡A¥u¦w¸Ë OpenSSL §Y¥i¡C
3. ±Ò°Ê¤§«á¡A±z¥²¶·µo¥X¤U¦C«ü¥O¡G
(¿é¥X¦Üµe±¡A¥H«K¦bµe±¤W¶i¦æ°Å¶K)
pkcs7 -in C:\fullcert -print_certs
©ÎªÌ
(¿é¥X¦ÜÀɮסA¥H«Kµy«á¶i¦æ°Å¶K)
pkcs7 -in C:\fullcert -print_certs -out C:\outfile
³o·|¿é¥X¨âÓ x509v3 ¾ÌÃÒ¡C
4. «H¥ó¥D¦®©Mµo¦æ¤H¸ê°T¤]·|¥]§t¦b¿é¥X¤º®e¸Ì¡C½Ð©¿²¤³o¨Ç¸ê°T¡A¥u±N "BEGIN CERTIFICATE" ¨ì "END CERTIFICATE" ¤§¶¡ªº¸ê°T°Å¶K¨ì¨â¥÷¾ÌÃÒ¤¤¡C
5. ²Ä¤@¥÷¾ÌÃÒÀ³¸Ó¬O¦øªA¾¹¾ÌÃÒ¡A²Ä¤G¥÷¾ÌÃÒÀ³¸Ó¬O¤¤¤¶¾ÌÃÒ¡C½Ð±N³o¨â¥÷¾ÌÃÒÀx¦s¦¨ÀÉ®× (¦p C:\server.pem and C:\inter.pem)
6. ¨Ï¥Î openssl ¨ÓÅçÃÒ¾ÌÃÒ¸ê°T¡G
x509 -in C:\server.pem -text
( ¤Î)
x509 -in :C\inter.pem -text
½d¨Ò ?³]©wÃ즡¾ÌÃÒ
²{¦b±z¤w¾Ö¦³¾A·í¾ÌÃÒ¡A¥i¥H¶}©l±N¾ÌÃÒ¸ü¤J¦Ü¾ÌÃÒª«¥ó¤¤¡Cµy«á³o¨ÇÓ§Oªº¾ÌÃÒª«¥ó·|¦A¸ü¤J¦Ü¾ÌÃÒ¸s²Õ¡C¦¹½d¨Ò»¡©ú¦p¦ó±N¨â¥÷¾ÌÃÒ¸ü¤J¦ÜÓ§O¾ÌÃÒª«¥ó¤¤¡B«Ø¥ß¾ÌÃÒ¸s²Õ¡B¨Ã¨Ï¥Î¸s²Õ§@¬°¾ÌÃÒÃì¡C
¡u¥æ©ö¦w¥þ¡v¸Ë¸mªº¦WºÙ¬° myDevice¡A¦w¥þÅÞ¿è¦øªA¾¹ªº¦WºÙ¬° server1¡C¥ÑPEM ½s½X¡BCA ²£¥Íªº¾ÌÃÒ¦WºÙ¬° server.pem¡A¦b¥»ºÝ²£¥Íªº PEM ½s½X¾ÌÃÒ¦WºÙ¬° inter.pem¡C¥i¿ëÃѾÌÃÒª«¥ó¤Î¥»ºÝ¾ÌÃÒª«¥óªº¦WºÙ«h¤À§O¬°trustedCert ¤Î myCert¡C¾ÌÃÒ¸s²Õªº¦WºÙ¬° CACertGroup¡C
1. ±Ò°Ê²ÕºAºÞ²zµ{¦¡¡A¦p¤â¥U©Òz¡C
2. ³s±µ²ÕºAºÞ²zµ{¦¡¡A¨Ã¶i¤J¡u²ÕºA¡v(Configuration) ¼Ò¦¡¡C(¦pªG¤w«ü¬£³s±µ±K½X©Î²ÕºA¯Å±K½X¡A±N´£¥Ü±z¿é¤J¥ô¤@ºØ±K½X¡C)
inxcfg> attach myDevice inxcfg> configure myDevice (config[myDevice])>
3. ¶i¤J¡uSSL ²ÕºA¡v(SSL Configuration) ¼Ò¦¡¡A¨Ã«Ø¥ß¦W¬° CACert ªº¤¤¤¶¾ÌÃÒ¡AµM«á¶i¤J¡u¾ÌÃÒ²ÕºA¡v(Certificate Configuration) ¼Ò¦¡¡C±NPEM ½s½XÀɮ׸ü¤J¦Ü¾ÌÃÒª«¥ó¤¤¡AµM«á¦^¨ì¡uSSL ²ÕºA¡v¼Ò¦¡¡C
(config[myDevice])> ssl (config-ssl[myDevice])> cert myCert create (config-ssl-cert[CACert])> pem inter.pem (config-ssl-cert[CACert])> end (config-ssl[myDevice])>
4. ¶i¤J¡uª÷Æ_ÃöÁp²ÕºA¡v(Key Association Configuration) ¼Ò¦¡¡A¸ü¤J PEM ½s½X CA ¾ÌÃÒ»P¨p±Kª÷Æ_ÀÉ¡AµM«á¦^¨ì¡uSSL ²ÕºA¡v¼Ò¦¡¡C
(config-ssl[myDevice])> keyassoc localKeyAssoc create (config-ssl-keyassoc[localKeyAssoc])> pem server.pem key.pem (config-ssl-keyassoc[localKeyAssoc])> end
(config-ssl[myDevice])>
5. ¶i¤J¡u¾ÌÃÒ¸s²Õ²ÕºA¡v(Certificate Group Configuration) ¼Ò¦¡¡A«Ø¥ß¾ÌÃÒ¸s²ÕCACertGroup¡A¸ü¤J¾ÌÃÒª«¥ó CACert¡AµM«á¦^¨ì¡uSSL ²ÕºA¡v¼Ò¦¡¡C
(config-ssl[myDevice])> certgroup CACertGroup create (config-ssl-certgroup[CACertGroup])> cert myCert (config-ssl-certgroup[CACertGroup])> end (config-ssl[myDevice])>
6. ¶i¤J¡u¦øªA¾¹²ÕºA¡v(Server Configuration) ¼Ò¦¡¡A«Ø¥ßÅÞ¿è¦w¥þ¦øªA¾¹ server1¡A«ü¬£ IP ¦ì§}¡BSSL ¤Î¸Ô²Ó¤º¤å³s±µ°ð¡B¦w¥þì«h myPol¡B¾ÌÃÒ¸s²ÕCACertGroup¡Bª÷Æ_ÃöÁpÀÉ localKeyAssoc¡AµM«á¦^¨ì¡u³Ì¤W¼h¡v(Top Level) ¼Ò¦¡¡C
(config-ssl[myDevice])> server server1 create (config-ssl-server[server1])> ip address 10.1.2.4 netmask 255.255.0.0 (config-ssl-server[server1])> sslport 443 (config-ssl-server[server1])> remoteport 81 (config-ssl-server[server1])> secpolicy myPol (config-ssl-server[server1])> certgroup chain CACertGroup (config-ssl-server[server1])> keyassoc localKeyAssoc (config-ssl-server[server1])> end (config-ssl[myDevice])> end (config[myDevice])> end inxcfg>
7. ±N²ÕºAÀx¦s¦Ü§Ö°{°O¾ÐÅ餤¡C¦pªG¤£Àx¦s¡A¦b¹q·½¶}Ãö¤§¶¡©Î¨Ï¥Î reload «ü¥O®É´N·|¿ò¥¢²ÕºA¤º®e¡C
inxcfg> write flash myDevice inxcfg>
ºKn
±N PKCS#7 ¾ÌÃÒ¤À¦¨¤¤¤¶¥¥¿»P¦øªA¾¹¾ÌÃÒ¤§«á¡A³z¹L SonicWALL ²ÕºAºÞ²zµ{¦¡¨Ó¶×¤JÃ즡¾ÌÃÒ´N«D±`²³æ¡C¾¨ºÞ¥»¤å¬O°w¹ï¡uVerisign ¥þ°ì¦øªA¾¹ ID¡v©Ò°µªº»¡©ú¡A¦ý¹ï©Ò¦³ PKCS#7 ®æ¦¡ªº¾ÌÃÒ¦Ó¨¥¡A¦¹¶×¤Jµ{§Ç³£«ÜÃþ¦ü¡C¦pªG±z¹ï¥»¤å©Î´£¤Îµ{§Ç¦³¥ô¦óºÃ°Ý¡A½ÐÁpµ¸ SonicWALL §Þ³N¤ä´©¤¤¤ß¡AÁpµ¸®É¶¡¬° 8:30 AM ¨ì
5:30 PM ( ¤Ó¥¬v¼Ð·Ç®É¶¡)¡A¶g¤@¦Ü¶g¤¡C
Phone:(408)752-7819 Fax:(408)745-9300 Web:<http://support.sonicwall.com> |
Welcome to Global Trust 256 bit SSL Security Site
¥Dn°ÝÃD¤jÃþ
