Professional Documents
Culture Documents
I.
Gii thiu
Ngy nay, vic giao tip qua mng Internet ang tr thnh mt nhu cu cp thit. Cc thng tin truyn trn mng u rt quan trng, nh m s ti khon, thng tin !t... "uy nhin, vi cc th #n tinh vi, nguy c $ %n c&p thng tin qua mng cng ngy cng gia t%ng. 'in giao tip qua Internet ch yu s ()ng giao thc "C *I . +y , giao thc cho ph-p cc thng tin c gi t my t.nh ny ti my t.nh khc thng qua mt ,ot cc my trung gian ho/c cc mng ring $it. Ch.nh 0u ny 1o c hi cho nhng 22k trm22 cng ngh cao c3 th thc hin cc hnh ng phi php. Cc thng tin truyn trn mng u c3 th $ nghe trm (Eavesdropping), gi P o (Tampering), Po danh (Impersonation) .v.v. Cc $in php $o m!t hin nay, chng hn nh (4ng m!t khu, u khng m $o v5 c3 th $ nghe trm ho/c $ (6 ra nhanh ch3ng. 7o v!y, $o m!t, cc thng tin truyn trn Internet ngy nay u c3 8u hng c m ho. "rc khi truyn qua mng Internet, ngi gi m ho thng tin, trong qu tr5nh truyn, (4 c3 22ch/n22 c cc thng tin ny, k trm cng khng th c c v5 $ m ho. 9hi ti .ch, ngi nh!n s s ()ng mt cng c) /c $it gii m. hng php m ho v $o m!t ph: $in nht ang c th gii p ()ng , chng ch s ;7igita, Certi<icate=. >i chng ch s, ngi s ()ng c3 th m ho thng tin t cch hiu qu, chng gi mo ;cho ph-p ngi nh!n kim tra thng tin c3 $ thay :i khng=, xc thc (anh t.nh ca ngi gi. Ngoi ra chng ch s c6n , Eng chng gi?p chng chi ci ngun gc, ng%n ch/n ngi gi chi ci ngun gc ti ,iu m5nh gi. @t cch m h3a ( ,iu m $o an ton 3 , m h3a kh3a cng khai. > ()ng c cch m h3a ny, cn phi c3 mt chng ch s t t: chc qun tr c Ai , nh cung cp chng ch s ; certi<ication authority B CC=.
ti khoa hc cp Trin khai cc dch v da trn CA tr ngcung cp ang mun a ra nhng chun 9I ring khc $it. @t tiu chun nh
chung v 9I trn Internet cng ang trong qu tr5nh 8+y (ng. Dt c s h tng kho cng khai $ao gmG
Trang 2
ti khoa hc cp trng
Dt Nh cung cp chng thc s ;CC= chuyn cung cp v 8c minh cc chng ch s. @t chng ch $ao gm kho cng khai ho/c thng tin v kho cng khai. Dt nh qun ,H %ng kH ;#egistration Cuthority ;#C== 3ng vai tr6 nh ngi thm tra cho CC trc khi mt chng ch s c cp pht ti ngi yu cu. Dt ho/c nhiu (anh m)c ni cc chng ch s ;vi kho cng khai ca n3= c ,u gi, ph)c v) cho cc nhu cu tra cu, ,y kho cng khai ca i tc cn thc hin giao (ch chng thc s. Dt h thng qun ,H chng ch.
"rong cc h thng qun ,H chng thc s ang hot ng trn th gii, Nh cung Ep chng thc s ;Certi<icate authority I CC= , mt t: chc chuyn a ra v qun ,H cc ni (ung 8c thc $o m!t trn mt mng my t.nh, c4ng cc kho cng khai m ho thng tin. 0 mt phn trong C s h tng kho cng khai ;pu$,ic key in<rastructure I 9I=, mt CC s kim sot c4ng vi mt nh qun ,H %ng kH ;#egistration authority I #C= 8c minh thng tin v mt chng ch s m ngi yu cu 8c thc a ra. Nu #C 8c nh!n thng tin ca ngi cn 8c thc, CC sau 3 s a ra mt chng ch. "u thuc vo vic trin khai c s h tng kho cng khai, chng ch s s $ao Am kho cng khai ca ngi s hu, thi hn ht hiu ,c ca chng ch, tn ch s 9u v cc thng tin khc v ch kho cng khai.
II.% Chng ch s
II.%.1 Khi nim Chng ch s , mt tp tin 0n t (4ng 8c minh (anh t.nh mt c nh+n, mt my ch, mt cng ty... trn Internet. N3 ging nh $!ng ,i 8e, h chiu, chng minh th hay nhng giy t 8c minh c nh+n. c3 chng minh th, $n phi c c quan Cng Cn s ti cp. Chng ch s Eng v!y, phi (o mt t: chc ng ra chng nh!n nhng thng tin ca $n , ch.nh 8c, c gi , Nh cung cp chng thc s ;Certi<icate Cuthority, vit t&t , CA=. CC phi m $o v tin c!y, chu trch nhim v ch.nh 8c ca chng ch s m m5nh
Trang 3
ti khoa hc cp tr ng c p.
"rong chng ch s c3 $a thnh phn ch.nhG "hng tin c nh+n ca ngi c cp. 9ho cng khai ;!"#$ic ke%= ca ngi c cp. Ch kH s ca CC cp chng ch. "hi gian hp ,. &hng tin c nh'n
Trang
ti khoa hc cp trng
+y , cc thng tin ca i tng c cp chng ch s, gm tn, quc tch, a ch, 0n thoi, emai,, tn t: chc .v.v. hn ny ging nh cc thng tin trn chng minh th ca m"i ngi. Kho cng khai "rong khi nim m!t m, kho cng khai , mt gi tr c nh cung cp chng ch a ra nh mt kho m ho, kt hp c4ng vi mt kho c nh+n (uy nht c 1o ra t kho cng khai to thnh c/p m kho $t i 8ng. Nguyn ,H hot ng ca kho cng khai trong chng ch s , hai $n giao (ch phi $it kho cng khai ca nhau. Jn C mun gi cho $n J th5 phi (4ng kho cng khai ca $n J m ho thng tin. Jn J s (4ng kho c nh+n ca m5nh thng tin 3 ra. ".nh $t i 8ng trong m ho th hin ch" kho c nh+n c3 th gii m ( ,iu c m ho $!ng kho cng khai ;trong c4ng mt c/p kho (uy nht m mt c nh+n s hu=, nhng kho cng khai khng c3 kh n%ng gii m ,i thng tin, k c nhng thng tin (o ch.nh kho cng khai 3 m ho. +y , /c t.nh cn thit v5 c3 th nhiu c nh+n J,C, 7... c4ng thc hin giao (ch v c3 kho cng khai ca C, nhng C,7... khng th gii m c cc thng tin m J gi cho C (4 cho ch/n $&t c cc g3i thng tin gi i trn mng. Dt cch hiu nm na, nu chng ch s , mt chng minh th nh+n (+n, th5 kho cng khai 3ng vai tr6 nh (anh t.nh ca $n trn giy chng minh th ;gm tn a ch, nh...=, c6n kho c nh+n , gng m/t v (u v+n tay ca $n. Nu coi mt Ku phm , thng tin truyn i, c Lm hoL $!ng a ch v tn ngi nh!n ca Kn, th5 (4 ai 3 c3 (4ng chng minh th ca $n vi m)c ich ,y $u phm ny, h Eng khng c nh+n vin $u 0n giao $u kin v5 nh m/t v (u v+n tay khng ging. Ch k( s ca CA cp chng ch C6n gi , chng ch gc. +y ch.nh , s 8c nh!n ca CC, $o m t.nh ch.nh 8c v hp , ca chng ch. @un kim tra mt chng ch s, trc tin phi kim tra ch kH s ca CC c3 hp , hay khng. "rn chng minh th, +y ch.nh , con Fu 8c nh!n ca Cng Cn "nh ho/c "hnh ph m $n trc thuc. > nguyn t&c, khi kim tra chng minh th, ?ng ra u tin phi , 8em con (u ny, $it chng minh th c3 $ ,m gi hay khng. II.%.2 )i *ch ca chng ch s a$ + ho 0i .ch u tin ca chng ch s , t.nh $o m!t thng tin. 9hi ngi gi
Trang &
ti khoa hc cp Trin khai cc dch v da trn CA tr ng m ho thng tin $!ng kho cng khai ca $n, ch&c ch&n ch c3 $n mi gii m
c thng tin c. "rong qu tr5nh truyn thng tin qua Internet, (4 c3 c c cc g3i tin m ho ny, k 8u cng khng th $it c trong g3i tin c3 thng tin g5. +y , mt t.nh n%ng rt quan trng, gi?p ngi s ()ng hon ton tin c!y v kh M%ng $o m!t thng tin. Nhng trao :i thng tin cn $o m!t cao, chng hn giao Fch ,in ng+n hng, ng+n hng 0n t, thanh ton $!ng th t.n ()ng, u cn phi c3 chng ch s m $o an ton.
Trang '
ti khoa hc cp trng
,$ Chng gi mo 9hi $n gi i mt thng tin, c3 th , mt ( ,iu ho/c mt emai,, c3 s ()ng chng ch s, ngi nh!n s kim tra c thng tin ca $n c3 $ thay :i hay khng. Jt k mt s sa :i hay thay th ni (ung ca thng 0p gc u s $ pht hin. a ch mai,, tn (omain... u c3 th $ k 8u ,m gi nh ,a ngi nh!n ,+y ,an virus, %n c&p thng tin quan trng. "uy nhin, chng ch s th5 khng th ,m gi, nn vic trao :i thng tin c3 kNm chng ch s ,un m $o an ton. c$ -c thc 9hi gi mt thng tin kNm chng ch s, ngi nh!n I c3 th , i tc kinh (oanh, 1: chc ho/c c quan ch.nh quyn I s 8c nh rO c (anh t.nh ca $n. C3 ngh#a , (4 khng nh5n thy $n, nhng qua h thng chng ch s m $n v ngi nh!n c4ng s ()ng, ngi nh!n s $it ch&c ch&n 3 , $n ch khng phi , mt ngi khc. Pc thc , mt t.nh n%ng rt quan trng trong vic thc hin cc giao (ch 0n 1 qua mng, cng nh cc th t)c hnh ch.nh vi c quan php quyn. Cc hot ng ny cn phi 8c minh rO ngi gi thng tin s ()ng t cch php nh+n. +y ch.nh , nn tng ca mt Ch.nh ph 0n t, mi trng cho ph-p cng (+n c3 th giao tip, thc hin cc cng vic hnh ch.nh vi c quan nh nc hon ton qua ng. C3 th n3i, chng ch s , mt phn khng th thiu, , phn ct ,Oi ca Ch.nh ph 0n t. .$ Chng chi ci ngun gc 9hi s ()ng mt chng ch s, $n phi chu trch nhim hon ton v nhng thng tin m chng ch s i kNm. "rong trng hp ngi gi chi ci, ph nh!n mt thng tin no 3 khng phi (o m5nh gi ;chng hn mt n /t hng qua mng=, chng ch s m ngi nh!n c3 c s , $!ng chng khng nh ngi gi , tc gi Ea thng tin 3. "rong trng hp chi ci, CC cung cp chng ch s cho hai $n s chu trch nhim 8c minh ngun gc thng tin, chng t$ ngun gc thng tin c Ai. $ Ch k( /)n t Kmai, 3ng mt vai tr6 kh quan trng trong trao :i thng tin hng ngy ca ch?ng ta v5 u 0m nhanh, r v (% s ()ng. Nhng thng 0p c3 th gi i nhanh ch3ng, qua Internet, n nhng khch hng, ng nghip, nh cung cp v cc i tc. "uy nhin, emai, rt (% $ c $i cc hacker. Nhng thng 0p c3 th $ c hay $ gi mo trc khi n ngi nh!n. Q!ng vic s ()ng chng ch s c nh+n, $n s ng%n nga c cc nguy c ny m vRn khng ,m gim nhng ,i th ca emai,. >i chng ch s c nh+n, $n
Trang (
ti khoa hc cp Trin khai cc dch v da trn CA tr c3ng th to thm mt ch kH 0n t vo emai, nh mt $!ng chng 8c nh!n ca
m5nh. Ch kH 0n t cng c3 cc t.nh n%ng 8c thc thng tin, ton v&n ( ,iu v chng chi ci ngun gc. Ngoi ra, chng ch s c nh+n c6n cho ph-p ngi (4ng c3 th chng thc m5nh Si mt Te$ server thng qua giao thc $o m!t UU0. hng php chng thc ( a
Trang )
ti khoa hc cp trng
trn chng ch s c nh gi , tt, an ton v $o m!t hn phng php chng thc truyn thng (a trn m!t khu. "$ 0o m1t 2 ,sit 9hi 1e$site ca $n s ()ng cho m)c .ch thng mi 0n t hay cho nhng )c .ch quan trng khc, nhng thng tin trao :i gia $n v khch hng ca $n c3 th $ ,. trnh nguy c ny, $n c3 th (4ng chng ch s UU0 Uerver $o !t cho 1e$site ca m5nh. Chng ch s UU0 Uerver s cho ph-p $n ,!p cu h5nh 1e$site ca m5nh theo giao thc $o m!t UU0 ;Uecure Uockets 0ayer=. 0oi chng ch s ny s cung cp cho 1e$site ca $n mt nh (anh (uy nht nh!m m $o vi khch hng ca $n S t.nh 8c thc v t.nh hp php ca 1e$site. Chng ch s UU0 Uerver cng cho ph-p trao :i thng tin an ton v $o m!t gia 1e$site vi khch hng, nh+n vin v i tc ca $n thng qua cng ngh UU0 m n:i $!t , cc t.nh n%ngG V "hc hin mua $n $!ng th t.n ()ng. V Jo v nhng thng tin c nh+n nhy cm ca khch hng. V m $o hacker khng th (6 t5m c m!t khu. g$ 3m ,o phn mm Wu $n , mt nh sn 8ut phn mm, ch&c ch&n $n s cn nhng 22con tem chng hng gi22 cho sn phm ca m5nh. +y , mt cng c) khng th thiu trong vic p ()ng h5nh thc s hu $n quyn. Chng ch s Nh pht trin phn mm s cho ph-p $n kH vo cc app,et, script, Aava so<tTare, CctiveP contro,, cc <i,e (ng KPK, CCJ, 700... Nh v!y, thng qua chng ch s, $n s m $o t.nh hp php Eng nh ngun gc 8ut 8 ca sn phm. 'n na ngi (4ng sn phm c3 th 8c thc c $n , nh cung cp, pht hin c s thay :i ca chng tr5nh ;(o v t5nh h$ng hay (o virus ph, $ crack v $n ,!u...=. Xi nhng ,i .ch v $o m!t v 8c thc, chng ch s hin c s ()ng rng ri trn th gii nh mt cng c) 8c minh (anh t.nh ca cc $n trong giao (ch thng mi 0n t. +y , mt nn tng cng ngh mang t.nh tiu chun trn ton Eu, m/c (4 m"i nc c3 mt s ch.nh sch qun ,H chng thc s khc nhau. @"i quc gia u cn c3 nhng CC $n a ch ng v cc hot ng chng thc s trong nc. Nhng ngoi ra, nu mun thc hin "@" vt ra ngoi $in gii, cc quc gia cng phi tu+n theo cc chun cng ngh chung, v thc hin chng thc ch-o, trao :i v cng nh!n cc CC ca nhau.
W. C,ick vo Utart Contro, ane, C(( \r #emove rograms. 'p thoi C(( \r #emove rograms 8ut hin.
Trang 1+
ti khoa hc cp trng
Y. C,ick C((*#emove 1in(oTs Components. 'p thoi C((*#emove 1in(oTs Components 8ut hin chn Certi<icate Uervices.
Z. C,ick chn chn 7etai,s. 'p thoi Certi<icate Uervices 8ut hin. ]. Vp thoi cnh $o v thnh vin (omain v rng $uc :i tn my t.nh 8ut hin c,ick Ses.
Trang 11
ti khoa hc cp trng
^. "rong trang ,oi CC, c,ick chn Knterprise #oot CC c,ick Ne8t.
_. "rn trang thng tin nh!n ra CC, trong hp Common name, nh tn ca server c,ick ne8t.
Trang 12
ti khoa hc cp trng
`. "rn trang Certi<icate 7ata$ase Uettings, ng (Rn m/c nh trong hp Certi<icate (ata$ase $o8 v Certi<icate (ata$ase ,og c,ick Ne8t.
Ch k( /)n t< _ ()ng 8c nh!n ngi gi thng 0p, <i,e ho/c ( ,iu khc. Ch kH 0n t khng h" tr $o v ( ,iu khi truyn. Chng thc int !n t< C3 th s ()ng 9I chng thc c,ient v server c thit ,!p ni kt trn internet, v5 v!y server c3 th nh!n (ng my c,ient ni kt n n3 v c,ient c3 th 8c nh!n ni kt ?ng server. 0o m1t I= ( I= 8 cu!it# > I=8 c$< m rng I Uec cho ph-p m h3a v truyn ch kH s, nh!m ng%n ch/n ( ,iu $ , khi truyn trn mng. "rin khai I Uec trn 1in(oTs Uerver YDDZ khng phi (4ng 9I c3 c kh3a m h3a ca n3, nhng
Trang 13
8 cu! >mai?G Fiao thc eImai, trn internet truyn thng 0p mai, ch $n rO, v5 v!y ni (ung mai, (% (ng c c khi truyn. >i 9I, ngi gi c3 th $o !t eImai, khi truyn $!ng cch m h3a ni (ung mai, (4ng kh3a cng khai ca ngi nh!n. Ngoi ra, ngi gi c3 th kH ,n thng 0p $!ng kh3a ring ca m5nh. 8ma!t ca!. ?ogon< Umart car( , mt ,oi th t.n ()ng. 1in(oTs Uerver YDDZ c3 th (4ng smart car( nh , mt thit $ chng thc. Umart car( cha chng ch ca
Trang 1
ti khoa hc cp trng
user v kh3a ring, cho ph-p ngi (4ng ,ogon ti $t k my no trong (oanh nghip vi an ton cao. 8o"t7a! co. signing< 9' thu!t Cuthentico(e ca @icroso<t (4ng chng ch chng thc nhng phn mm ngi (4ng (oTn,oa( v ci /t ch.nh 8c , ca tc gi v khng c chnh sa. 2i! ? ss n t7o!k auth nticationG 9hi ci /t mt 0CN Tire,ess, phi ch&c ch&n b!ng ch ngi (4ng chng thc ?ng th5 mi c ni kt mng v khng c3 ai c3 th nghe ,-n khi giao tip trn Tire,ess. C3 th s ()ng 1in(oTs Uerver YDDZ 9I Ko v mng Tire,ess $!ng cch nh!n (ng v chng thc ngi (4ng trc khi h truy c!p mng.
"rn Tin(oTs Uerver YDDZ c3 hai ,oi CCG Ent !p!is < Enterprise CAs c t.ch hp trong (ch v) Cctive 7irectory. Ch?ng > ()ng mRu chng ch, 8ut $n ;pu$,ish= chng ch v C#0s n Cctive 7irectory, > ()ng thng tin trong c s ( ,iu Cctive 7irectory chp nh!n ho/c t chi yu Eu cp pht chng ch t ng. Ji v!y c,ient ca t: chc CC phi truy 8ut n Cctive 7irectory nh!n chng ch, nhiu t: chc CC khng th.ch hp cho vic cp pht chng ch cho cc c,ient $n ngoi t: chc. 8tan.>a?on ,tand-a$one CAs khng (4ng mRu chng ch hay Cctive 7irectoryc ch?ng ,u tr thng tin c)c $ ca n3. 'n na, m/c nh, stan(Ia,one CCs khng t ng p ,i yu cu cp pht chng ch s ging nh enterprise CCs ,m. Su cu ch trong hng i cho ngi qun tr chp nh!n ho/c t chi $!ng tay. 74 ngi (4ng chn to ra mt enterprise CC hay , mt stan(Ia,one CC, u phi ch rO CC , gc ;root= hay cp (i ;su$or(inate=.
t cch t ng.
Trang 1'
ti khoa hc cp trng
Dt k' thu!t khc $n c3 th (4ng 0u khin autoIenro,,ment , 8+y (ng mRu chng ch c3 8c nh /c t.nh ca kiu chng ch s rO rng. qun ,H mRu chng ch s, $n (4ng mRu chng ch s c3 s[n ; Certi<icate "emp,ates snapIin=, nh h5nh Fi. U ()ng cng c) ny, $n c3 th ch rO thi gian hiu ,c v thi gian gia hn Ea ,oi chng ch s chn, chn (ch v) m h3a ;cryptographic= cung cp cho ch?ng. 74ng ta$ Uecurity, $n cng c3 th ch rO nhng user v group c ph-p yu Eu chng ch s (4ng mRu ny.
Trang 1(
ti khoa hc cp trng
9hi c,ient yu cu mt chng ch s, CC kim tra /c t.nh i tng Cctive 7irectory ca c,ient quyt nh ,iu c,ient c3 quyn ti thiu c nh!n chng ch khngf. Nu c,ient c3 quyn th.ch hp th5 CC s cp pht chng ch s mt cch t ng. III.@.2 Cp pht khng t:ng (+anua? En!o??m nt$ Utan(Ia,one CCs khng th (4ng autoIenro,,ment, v5 v!y khi mt stan(Ia,one CC nh!n yu cu v chng ch s t c,ient, n3 s ,u tr nhng yu cu 3 vo trong mt hng i cho ti khi ngi qun tr quyt nh ,iu c3 cp pht chng ch s hay khngf. gim st v 8 ,H cc yu cu vo, ngi qun tr (4ng Certi<ication Cuthority conso,e, nh h5nh sauG
"rong Certi<ication Cuthority conso,e, tt c yu cu cp pht chng ch s 8ut hin trong th m)c en(ing #equest. Uau khi nh gi thng tin trong m"i yu cu, ngi qun tr c3 th chn chp nh!n ;issue= hay t chi yu cu. Ngi qun tr Eng c3 th 8em /c t.nh ca vic cp pht chng ch v thu hi chng ch khi cn. III.@.% Cc cch #6u cu cp pht CA III.4.3.1 S d ng Certificates Snap-in: Certi<icate UnapIin , mt cng c) (4ng 8em v qun ,H chng ch ca mt user ho/c computer c) th. @n h5nh ch.nh ca snapIin $ao gm nhiu th m)c cha tt c 9ng m)c chng ch s c ch nh cho user ho/c computer. Nu t: chc ca ngi (4ng s ()ng enterprise CCs, Certi<icate UnapIin cng cho ph-p ngi (4ng yu cu v thay :i chng ch s $!ng cch (4ng Certi<icate #equest 1igar( v Certi<icate
Trang 1)
Trang 1*
ti khoa hc cp trng
III.4.3.2 Yu c u cp ph t th!ng "ua #e$ %#e$ &nro''ment( 9hi $n ci /t Certi<icate Uervices trn my t.nh chy 1in(oTs Uerver YDDZ, ngi (4ng c3 th chn ci /t mo(u,e Certi<icate Uervices 1e$ Knro,,ment Uupport. hot ng mt cch ?ng &n, mo(u,e ny yu cu ngi (4ng phi ci /t IIU trn my t.nh trc. Chn mo(u,e ny trong qu tr5nh ci /t Certi<icate Uervices to ra trang 1e$ trn my t.nh chy CC, nhng trang 1e$ ny cho ph-p ngi (4ng gi yu cu cp chng ch s yu cu m h chn.
Trang 2+
ti khoa hc cp trng
Fiao (in 1e$ Knro,,ment Uupport c (4ng cho ngi s ()ng $n ngoi ho/c $n trong mng truy 8ut n stan(Ia,one CCs. >5 stan(Ia,one server khng (4ng Ru chng ch s, c,ient gi yu cu $ao gm tt c cc thng tin cn thit v chng ch s v thng tin v ngi s ()ng chng ch s. 9hi c,ient yu cu chng ch s (4ng giao (in 1e$ Knro,,ment Uupport, ch?ng c3 th chn t (anh sch ,oi chng ch c nh ngh#a trc ho/c to ra chng ch cao cp $!ng cch ch rO tt c cc thng tin yu cu trong <orm 1e$I$ase(.
Trang 21
ti khoa hc cp trng
III.@.@ &hu hi chng ch s C3 vi nguyn nh+n cnh $o cho ngi qun tr thu hi chng ch. Nu nh kh3a ring ; private key= $ ,, ho/c ngi (4ng tri ph-p ,i ()ng truy 8ut n CC, th!m ch. nu $n mun cp pht chng ch (4ng tham s khc nh , kh3a (i hn, $n phi c thu hi chng ch trc 3. @t CC (uy tr5 mt C#0 ;Certi<icate #evocation 0ist=. Knterprise CCs 8ut $n C#0s ca ch?ng trong c s ( ,iu Cctive 7irectory, v5 v!y c,ient c3 th truy 8ut ch?ng (4ng giao thc truyn thng Cctive (irectory chun, gi , 0ightTeight 7irectory Cccess rotoco, ;07C =. @t stan(Ia,one CC ,u tr C#0 ca n3 nh , mt <i,e trn #a c)c $ ca server, v5 v!y c,ient truy 8ut (4ng giao thc truyn thng Internet nh 'yperte8t "rans<er rotoco, ;'"" = or Ei,e "rans<er rotoco, ;E" =. D"i chng ch s cha ng (Rn ti 0m ph+n phi ca CC cho C#0s. C3 th >a :i ng (Rn ny trong Certi<ication Cuthority conso,e $!ng cch hin th hp thoi roperties cho CC, c,ick vo ta$ K8tension. 9hi mt ng ()ng chng thc c,ient ang (4ng chng ch s, n3 kim tra 0m ph+n phi C#0 nh rO trong chng ch >, ch&c ch&n r!ng chng ch s khng $ thu hi. Nu C#0 khng c3 ti 0m ph+n phi nh rO ca n3, ng ()ng t chi chng ch. Q!ng cch chn th m)c #evoke( Certi<icates trong Certi<ication Cuthority conso,e v sau 3 hin th hp thoi roperties ca n3, $n c3 th ch rO $ao ,+u th5 Trang 22
ti khoa hc cp Trin khai cc dch v da trn CA tr ng nn 8ut $n mt C#0 mi, v cng cu h5nh CC 8ut $n (e,ta CC
C#0s.@t
Trang 23
ti khoa hc cp trng
(e,ta C#0 , mt (anh sch tt c cc chng ch thu hi t khi C#0 cui c4ng 8ut Kn. "rong t: chc vi s ,ng chng ch s ,n, s ()ng C#0s thay v5 C#0s c $n c3 th ,u mt s ,n.
@y 1e$ Uerver c cu h5nh (ch v) Te$ s ()ng UU0 $!ng cch nh!n chng ch t CC service. Y= ku h5nh (ch v)G `i 1e$ server yu cu cp pht chng chG
Trang 2
ti khoa hc cp trng
Qc WG @ IIU, c,ick chut phi vo Te$site cn cu h5nh UU0, chn ta$ 7irectory Uecurity, chn Uerver Certi<icate
Qc YG Chn to mi mt chng ch
Trang 2&
ti khoa hc cp trng
Nhn Ne8t, chn repare <or #equest noT, $ut sen( it ,ater v ,u yu cu cp pht 8ung <i,e
Trang 2'
ti khoa hc cp trng
Trang 2(
ti khoa hc cp trng
Chn #equest a Certi<icate v chn ,"#mit a certi.icate re/"est #% "sing a #ase' -encoded C0C or !1C, 21+ .i$e, or s"#mit a rene3a$ re/"est #% "sing a #ase-' encoded !1C, 2( .i$eG
Trang 2)
ti khoa hc cp trng
Qc ]G Muay tr ,i IIU, chn !rocess the pending re/"est and insta$$ the certi.icate Import chng ch va c3 c trn.
Chn K(it, chn #equire secure channe,;UU0= cu h5nh cho Te$ site (4ng UU0 khi c3 yu cu kt ni. Trang 2*
ti khoa hc cp trng
Z= @inh ha kt quG Fi s ta c3 trang Te$ vi ni (ung sau c /t ti Te$ server v c,ient s kt Mi $!ng giao thc '"" 8em trang Te$ ny.
Trang 3+
ti khoa hc cp trng
9hi khng (4ng UU0, nu (4ng cc cng c) $&t g3i ( ,iu ta c3 th 8em c ni (ung, c6n khi (4ng UU0 ( ,iu s c m h3a v khng 8em c (4 $&t c g3i tin.
Trang 31
ti khoa hc cp trng
Trang 32
ti khoa hc cp trng
$= I Kncapsu,ating Uecurity ay,oa(IKU G m h3a ton $ ni (ung g3i tin I , ng%n khng cho ngi nghe ,-n c3 th c c ni (ung khi g3i tin (i chuyn trn mng. KU cung cp cc (ch v) chng thc, m $o ton v&n v m h3a ( ,iu.
Trang 33
ti khoa hc cp trng
"rong m h5nh trn, E" server , my t.nh cung cp cc (ch v) truyn <i,e trong ng, c,ient s kt ni vo server ny (oTn,oa( v up,oa( cc <i,e ( ,iu."rc khi cc c,ient to kt ni th5 phi qua mt qu tr5nh chng thc, m $o an ton trong qu tr5nh ny, cng nh cho ni (ung ca cc <i,e ( ,iu, ta s t.ch hp vi (ch S) CC.@y CC Uervice s cung cp cc chng ch thc hin chng thc gia E" server v cc c,ient. ,m c 0u ny th5 my cung cp (ch v) CC cng 3ng vai tr6 , 7omain Contro,er, cp cc chng ch t ng cho cc my khi c3 yu cu. Y= "rin khai (ch v)G hn ny tr5nh $y mt s $c thit ,!p ch.nh sch I Uec c3 s ()ng CC cho m h5nh $n trn. Ch.nh sch ny to ti m "i my c3 yu cu truyn thng $!ng I Uec. Qc WG "rong ca s: chng tr5nh I Uecurity o,icy, to mt ch.nh sch mi
Qc YG Chn Ne8t thm mt ,u!t mi, trong ta$ #u,e chn C(( thm mt (anh sch cc yu cu ,c trn giao thc I ;I Ei,ter 0ist=
Trang 3
ti khoa hc cp trng
Qc ZG Chn C(( thm cc ,u!t theo yu cu cn ,c. Fi s +y ta thit ,!p ,u!t ,c giao thc E" khi chng thc gia my hin ti vi tt cc my khc
Trang 3&
ti khoa hc cp trng
"rong Erom this port, nh!p gi tr YW, +y , c:ng m E" s (4ng chng thc ngi (4ng.
Qc ]G Nhn o9 n ca s: Ei,ter Cction, chn #equire Uecurity yu cu > ()ng I Uec $t c khi no cn chng thc E" .
Trang 3'
ti khoa hc cp trng
Qc ^G Chn phng php chng thc, chn cch chng thc $!ng CC, nhn n?t JroTse (Rn CC ca m h5nh mng trn.
Qc _G >i ch.nh sch va to, chn Cssign ch.nh sch c p ()ng. Z= @inh ha kt quG Fi s t c,ientW kt ni vo E" Uerver, khi khng (4ng I Uec ta s $it c username v passTor( khi ngi (4ng chng thc nu $&t c cc g3i ( ,iu ny.
Trang 3(
ti khoa hc cp trng
Trang 3)
ti khoa hc cp trng
> NI>irtua, rivate NetTork, , mt mng ring (4ng mng cng cng;Internet= kt ni cc 0m ho/c ngi s ()ng ti mng 0CN trung t+m. > N cho ph-p truyn ( ,iu gia hai my t.nh s ()ng mi trng mng cng Eng ging nh cch c3 mt ng kt ni ring gia hai my ny. to mt kt ni 0m 0m;pointItoIpoint=, ( ,iu c 3ng g3i;encapsu,ate=, $ao $c;Trap= vi t hea(er cung cp cc thng tin nh tuyn. gi ,!p mt knh truyn ring, ( ,iu s c m h3a.
Trang 3*
ti khoa hc cp trng
"rong m h5nh ny, (ch v) > N s c trin khai ti v%n ph6ng 0t, ngi (4ng ni khc nh ' Ni "p ' Ch. @inh c3 th kt ni, truy c!p cc ti nguyn $n trong mng 0CN ti 0t. Fiao thc > N s ()ng 0Y" *I Uec, chng thc K!ng chng ch s (o CC. Y= "rin khai (ch v)G hn ny s gii th.ch chc n%ng v tr5nh $y mt s cu h5nh quan trng mt cc my t.nh trong m h5nh trn. a. 7omain Contro,,erG hot ng nh mt trung t+m 0u khin, cung cc (ch v) ph+n gii tn min;7NUI7omain Name Uystem=, cp pht a ch I ng ;7'C I7yamic 'ost Con<iguration rotoco,=. ng thi +y cng , CC server ni cp pht cc chng ch theo yu cu. $. 1e$ UerverG cung cp (ch v) 1e$site cho ngi (4ng. c. ICUG , my qun ,H ngi s ()ng truy c!p t 8a, #C7IbU ;#emote Cccess 7ia,Iin bser Uervice=. s ()ng (ch v) phi c ci /t trc. ci /t ICU chn Contro, ane,IlC(( an( #emove rogramIl1in(oT ComponentIlNetTork Uervices Il Internet Cuthentication Uerivce.
Trang +
ti khoa hc cp trng
D chng tr5nh ICU, to mi mt #C7IbU c,ient v mt ch.nh sch ch nh nh3m ho/c ngi (4ng no c ph-p truy c!p t 8a. m "hm #C7IbU c,ientG
m "hm ch.nh sch mi, qui nh cho nhng ngi (4ng trong nh3m > Nbsers c truy c!p.
Trang 1
ti khoa hc cp trng
ti khoa hc cp trng
Dt s cu h5nh ch.nhG Qc WG@ chng tr5nh #outing an( #emote Ccces, chn Con<igure an( Kna$,e #outing an( #emote Cccess. Qc YGChn #emote Cccess;(ia,Iup or > N=
Qc ZG Chn > N
Trang 3
ti khoa hc cp trng
Trang
ti khoa hc cp trng
I. Fii thiu............................................................................................................. W II. k s h tng kh3a cng khai ............................................................................ W II.W 9hi nim .................................................................................................. W II.Y Nh cung cp chng thc s CC ;Certi<icate Cuthority= ............................ Y II.Z Chng ch s .............................................................................................. Y II.Z.W 9hi nim ........................................................................................... Y II.Z.Y *i .ch ca chng ch s ..................................................................... Z III. "rin khai (ch v) CC trn mi trng 1in(oT Uerver YDDZ............................ ^ III.W Ci /t (ch v) CC ..................................................................................... ^ III.Y Cc (ch v) chng ch CC 1in(oTs Uerver YDDZ cung cp ....................... a III.Z Cc ,oi CC trn 1in(oTs Uerver YDDZ ..................................................... X III.] kp pht v qun ,. cc chng ch s .......................................................... X III.].W kp pht t ng ;CutoIKnro,,ment= ................................................... X III.].Y kp pht khng t ng ;@anua, Knro,,ment= .................................. WW III.].Z Cc cch yu cu cp pht CC .......................................................... WW III.].Z.W _ ()ng Certi<icates UnapIinG ....................................................... WW III.].Z.Y Su cu cp pht thng qua 1e$ ;1e$ Knro,,ment= .................... WY III.].] "hu hi chng ch s ......................................................................... W] I>. "rin khai mt s (ch v) mng s ()ng CC ................................................... W^ I>.W 2ch v) 1e$ s ()ng UU0 ....................................................................... W^ I>.Y 2ch v) I Uec .......................................................................................... YZ I>.Z 2ch v) > N............................................................................................ YX >. .t qu v hng pht trin ............................................................................ Z_ >.W .t qu..................................................................................................... Z_ >.Y Vng pht trin ...................................................................................... Z_
9EC )EC