home *** CD-ROM | disk | FTP | other *** search
Wrap
<?xml version="1.0" encoding="EUC-JP"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja"><head><!-- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX This file is generated from xml source: DO NOT EDIT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --> <title>SSL/TLS ░┼╣µ▓╜: ñ╧ñ╕ñßñ╦ - Apache HTTP Ñ╡í╝Ñ╨</title> <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /> <link href="../images/favicon.ico" rel="shortcut icon" /></head> <body id="manual-page"><div id="page-header"> <p class="menu"><a href="../mod/">ÑΓÑ╕Ñσí╝Ñδ</a> | <a href="../mod/directives.html">Ñ╟ÑúÑ∞Ñ»Ñ╞ÑúÑ╓</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">═╤╕∞</a> | <a href="../sitemap.html">Ñ╡ÑñÑ╚Ñ▐Ñ├Ñ╫</a></p> <p class="apache">Apache HTTP Ñ╡í╝Ñ╨ Ñ╨í╝Ñ╕ÑτÑ≤ 2.2</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> <div id="path"> <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Ñ╡í╝Ñ╨</a> > <a href="http://httpd.apache.org/docs/">Ñ╔Ñ¡ÑσÑßÑ≤Ñ╞í╝Ñ╖ÑτÑ≤</a> > <a href="../">Ñ╨í╝Ñ╕ÑτÑ≤ 2.2</a> > <a href="./">SSL/TLS</a></div><div id="page-content"><div id="preamble"><h1>SSL/TLS ░┼╣µ▓╜: ñ╧ñ╕ñßñ╦</h1> <div class="toplang"> <p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../ja/ssl/ssl_intro.html" title="Japanese"> ja </a></p> </div> <div class="outofdate">This translation may be out of date. Check the English version for recent changes.</div> <blockquote> <p>╔╕╜α╡¼│╩ñ╬╬╔ññ╜Ωñ╧íóñ┐ñ»ñ╡ñ≤ñ╬╡¼│╩ñ½ñΘ┴¬ñ┘ñδñ╚ñññªñ│ñ╚ñ└íú ñ╜ñ╖ñ╞íóñΓñ╖╦▄┼÷ñ╦ñ╔ñ╬╡¼│╩ñΓ╡ññ╦╞■ñΘñ╩ñ▒ñ∞ñ╨íó ░∞╟»┬╘ñ─ñ└ñ▒ñ╟├╡ñ╖ñ╞ñññ┐╡¼│╩ñ¼╕╜ñ∞ñδíú</p> <p class="cite">-- <cite>A. Tanenbaum</cite>, "Introduction to Computer Networks"</p> </blockquote> <p> ╞■╠τñ╚ñññªñ│ñ╚ñ╟íóñ│ñ╬╛╧ñ╧ WebíóHTTPíóApache ñ╦─╠ñ╕ñ╞ñññδ ╞╔╝╘╕■ñ▒ñ╟ñ╣ñ¼íóÑ╗Ñ¡ÑσÑΩÑ╞Ñú└∞╠τ▓╚╕■ñ▒ñ╟ñ╧ñóñΩñ▐ñ╗ñ≤íú SSL Ñ╫ÑφÑ╚Ñ│Ñδñ╬╖Φ─Ω┼¬ñ╩╝Ω░·ñ¡ñ╟ñóñδñ─ñΓñΩñ╧ñóñΩñ▐ñ╗ñ≤íú ñ▐ñ┐íó┴╚┐Ñ╞Γñ╬╟º╛┌┤╔═²ñ╬ñ┐ñßñ╬╞├─Ωñ╬Ñ╞Ñ»Ñ╦Ñ├Ñ»ñΣíó ╞├╡÷ñΣ═ó╜╨╡¼└⌐ñ╩ñ╔ñ╬╜┼═╫ñ╩╦í┼¬ñ╩╠Σ┬Ωñ╦ñ─ñññ╞ñΓ░╖ñññ▐ñ╗ñ≤íú ñαñ╖ñφíó╣╣ñ╩ñδ╕ª╡µñ╪ñ╬╜╨╚»┼└ñ╚ñ╖ñ╞┐ºí╣ñ╩│╡╟░íó─Ω╡┴íó╬πñ≥╩┬ñ┘ñδñ│ñ╚ñ╟ mod_ssl ñ╬ѵí╝Ñ╢ñ╦┤≡┴├├╬╝▒ñ≥─≤╢íñ╣ñδ╗÷ñ≥╠▄┼¬ñ╚ñ╖ñ╞ñññ▐ñ╣íú</p> <p>ñ│ñ│ñ╦╝¿ñ╡ñ∞ñ┐╞Γ═╞ñ╧╝τñ╦íó╕╢├°╝╘ñ╬╡÷▓─ñ╬▓╝ The Open Group Research Institute ñ╬ <a href="http://home.earthlink.net/~fjhirsch/">Frederick J. Hirsch</a> ╗ßñ╬╡¡╗÷ <a href="http://home.earthlink.net/~fjhirsch/Papers/wwwj/article.html"> Introducing SSL and Certificates using SSLeay</a> ñ≥┤≡ñ╦ñ╖ñ╞ñññ▐ñ╣íú ╗ßñ╬╡¡╗÷ñ╧ <a href="http://www.ora.com/catalog/wjsum97/">Web Security: A Matter of Trust</a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997 ñ╦╖╟║▄ñ╡ñ∞ñ▐ñ╖ñ┐íú ╣╬─Ω┼¬ñ╩░╒╕½ñ╧ <a href="mailto:hirsch@fjhirsch.com">Frederick Hirsch</a> ╗ß (╕╡╡¡╗÷ñ╬├°╝╘) ñ╪┴┤ñ╞ñ╬╢∞╛≡ñ╧ <a href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> ( <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ñ╬║ε╝╘) ñ╪ñ¬┤Ωñññ╖ñ▐ñ╣íú [╠⌡├φ: ╠⌡ñ╦ñ─ñññ╞ñ╧ <a href="mailto:apache-docs@ml.apache.or.jp"> Apache Ñ╔Ñ¡ÑσÑßÑ≤Ñ╚╦▌╠⌡Ñ╫ÑφÑ╕ѺѻÑ╚</a> ñ╪ñ¬┤Ωñññ╖ñ▐ñ╣íú]</p> </div> <div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#cryptographictech">░┼╣µ▓╜╡╗╜╤</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#certificates">╛┌╠└╜±</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ssl">Secure Sockets Layer (SSL)</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#references">╗▓╣═╩╕╕Ñ</a></li> </ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="cryptographictech" id="cryptographictech">░┼╣µ▓╜╡╗╜╤</a></h2> <p>SSL ñ≥═²▓≥ñ╣ñδñ╦ñ╧íó░┼╣µÑóÑδÑ┤ÑΩÑ║Ñαíó ÑßÑ├Ñ╗í╝Ñ╕Ñ└ÑñÑ╕ѺÑ╣Ñ╚┤╪┐⌠(╩╠╠╛: ░∞╩²╕■┤╪┐⌠íóÑ╧Ñ├Ñ╖Ñσ┤╪┐⌠)íó ┼┼╗╥╜≡╠╛ñ╩ñ╔ñ╪ñ╬═²▓≥ñ¼╔¼═╫ñ╟ñ╣íú ñ│ñ∞ñΘñ╬╡╗╜╤ñ╧╦▄ñ¼┤▌ñ┤ñ╚╔¼═╫ñ╩┬Ω╠▄ñ╟ (╬πñ¿ñ╨ [<a href="#AC96">AC96</a>] ñ≥╗▓╛╚)íó Ñ╫ÑΘÑñÑ╨Ñ╖í╝íó┐«═╤íó╟º╛┌ñ╩ñ╔ñ╬╡╗╜╤ñ╬┤≡┴├ñ╚ñ╩ñ├ñ╞ñññ▐ñ╣íú</p> <h3><a name="cryptographicalgo" id="cryptographicalgo">░┼╣µÑóÑδÑ┤ÑΩÑ║Ñα</a></h3> <p>╬πñ¿ñ╨íóÑóÑΩÑ╣ñ¼┴≈╢Γñ╬ñ┐ñßñ╦╢Σ╣╘ñ╦ÑßÑ├Ñ╗í╝Ñ╕ñ≥┴≈ñΩñ┐ñññ╚ñ╖ñ▐ñ╣íú ╕²║┬╚╓╣µñΣ┴≈╢Γñ╬╢Γ│█ñ¼┤▐ñ▐ñ∞ñδñ┐ñßíó ÑóÑΩÑ╣ñ╧ñ╜ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ≥╚δ╠⌐ñ╦ñ╖ñ┐ñññ╚╗╫ñññ▐ñ╣íú ▓≥╖Φ╩²╦íñ╬░∞ñ─ñ╧░┼╣µÑóÑδÑ┤ÑΩÑ║Ñαñ≥╗╚ñ├ñ╞íóÑßÑ├Ñ╗í╝Ñ╕ñ≥ ╞╔ñ▐ñ╗ñ┐ññ┐═░╩│░ñ╧╞╔ñαñ│ñ╚ñ¼ñ╟ñ¡ñ╩ññ░┼╣µ▓╜ñ╡ñ∞ñ┐ ╖┴┬╓ñ╦╩╤ñ¿ñ╞ñ╖ñ▐ñªñ│ñ╚ñ╟ñ╣íú ñ╜ñ╬╖┴┬╓ñ╦ñ╩ñδñ╚íó ÑßÑ├Ñ╗í╝Ñ╕ñ╧╚δ╠⌐ñ╬╕░ñ╦ñΦñ├ñ╞ñ╬ñ▀▓≥╝ßñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú ╕░ñ╩ñ╖ñ╟ñ╧íóÑßÑ├Ñ╗í╝Ñ╕ñ╧╠≥ñ╦╬⌐ñ┴ñ▐ñ╗ñ≤íú ╬╔ññ░┼╣µÑóÑδÑ┤ÑΩÑ║Ñαñ╧íó┐»╞■╝╘ñ¼╕╡ñ╬Ñ╞Ñ¡Ñ╣Ñ╚ñ≥▓≥╞╔ñ╣ñδñ│ñ╚ñ≥ ╚≤╛∩ñ╦╞±ñ╖ñ»ñ╣ñδñ┐ñßíó┼╪╬╧ñ¼│Σñ╦╣τñ∩ñ╩ñ»ñ╡ñ╗ñ▐ñ╣íú</p> <p>░┼╣µÑóÑδÑ┤ÑΩÑ║Ñαñ╦ñ╧ ╜╛═Φ╖┐ñ╚╕°│½╕░ñ╬╞≤ñ─ñ╬╝∩╬αñ¼ñóñΩñ▐ñ╣íú</p> <dl> <dt>╜╛═Φ╖┐░┼╣µ</dt> <dd>┬╨╛╬░┼╣µñ╚ñ╖ñ╞ñΓ├╬ñΘñ∞íó ┴≈┐«╝╘ñ╚╝⌡┐«╝╘ñ¼╕░ñ≥╢ª═¡ñ╣ñδñ│ñ╚ñ¼╔¼═╫ñ╟ñ╣íú ╕░ñ╚ñ╧íóÑßÑ├Ñ╗í╝Ñ╕ñ≥░┼╣µ▓╜ñ╖ñ┐ñΩ╔ⁿ╣µñ╣ñδñ╬ñ╦╗╚ñ∩ñ∞ñδ╚δ╠⌐ ñ╬╛≡╩≤ñ╬ñ│ñ╚ñ╟ñ╣íú ñΓñ╖íóñ│ñ╬╕░ñ¼╚δ╠⌐ñ╩ñΘíó┴≈┐«╝╘ñ╚╝⌡┐«╝╘░╩│░ñ╧├»ñΓÑßÑ├Ñ╗í╝Ñ╕ñ≥╞╔ ñαñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╗ñ≤íú ñΓñ╖ñΓíóÑóÑΩÑ╣ñ╚╢Σ╣╘ñ¼╚δ╠⌐ñ╬╕░ñ≥├╬ñ├ñ╞ñññδñ╩ñΘíó ╚αñΘñ╧ñ¬╕▀ñññ╦╚δ╠⌐ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ≥┴≈ñδñ│ñ╚ñ¼ñ╟ñ¡ñδñ╟ñ╖ñτñªíú ñ┐ñ└ñ╖íó╗÷┴░ñ╦╞Γ╠⌐ñ╦╕░ñ≥┴¬ñ╓ñ╚ñññª╗┼╗÷ñ╧╠Σ┬Ωñ≥┤▐ñ≤ñ╟ñññ▐ñ╣íú</dd> <dt>╕°│½╕░░┼╣µ</dt> <dd>╚≤┬╨╛╬░┼╣µñ╚ñ╖ñ╞ñΓ├╬ñΘñ∞íó ÑßÑ├Ñ╗í╝Ñ╕ñ≥░┼╣µ▓╜ñ╣ñδñ│ñ╚ñ╬ñ╟ñ¡ñδ╞≤ñ─ñ╬╕░ ñ≥╗╚═╤ñ╣ñδÑóÑδÑ┤ÑΩÑ║Ñαñ≥─Ω╡┴ñ╣ñδñ│ñ╚ñ╟╕░ñ╬ñΣñΩ╝ΦñΩñ╬╠Σ┬Ωñ≥▓≥╖Φ ñ╖ñ▐ñ╣íú ñΓñ╖íóñóñδ╕░ñ¼░┼╣µ▓╜ñ╦╗╚ñ∩ñ∞ñ┐ñ╩ñΘíó ñΓñª╩╥╩²ñ╬╕░ñ╟╔ⁿ╣µñ╖ñ╩ñ▒ñ∞ñ╨ñññ▒ñ▐ñ╗ñ≤íú ñ│ñ╬╩²╝░ñ╦ñΦñ├ñ╞íó░∞ñ─ñ╬╕░ñ≥╕°╔╜ñ╖ñ╞(╕°│½╕░)íó ñΓñª╩╥╩²ñ≥╚δ╠⌐ñ╦ñ╖ñ╞ñ¬ñ»(╚δ╠⌐╕░)ñ└ñ▒ñ╟íó ░┬┴┤ñ╩ÑßÑ├Ñ╗í╝Ñ╕ñ≥╝⌡ñ▒╝Φñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú</dd> </dl> <p>├»ñΓñ¼░┼╣µ▓╜ñ╡ñ∞ñ┐ÑßÑ├Ñ╗í╝Ñ╕ñ≥╕°│½╕░ñ╦ñΦñ├ñ╞░┼╣µ▓╜ ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣ñ¼íó╚δ╠⌐╕░ñ╬╗²ñ┴╝τñ└ñ▒ñ¼ñ╜ñ∞ñ≥╞╔ñαñ│ñ╚ñ¼ ñ╟ñ¡ñ▐ñ╣íú ñ│ñ╬╩²╦íñ╟íó╢Σ╣╘ñ╬╕°│½╕░ñ≥╗╚ñ├ñ╞░┼╣µ▓╜ñ╣ñδñ│ñ╚ñ╟íó ÑóÑΩÑ╣ñ╧╚δ╠⌐ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ≥┴≈ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú ╢Σ╣╘ñ╬ñ▀ñ¼╔ⁿ╣µñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú</p> <h3><a name="messagedigests" id="messagedigests">ÑßÑ├Ñ╗í╝Ñ╕Ñ└ÑñÑ╕ѺÑ╣Ñ╚</a></h3> <p>ÑóÑΩÑ╣ñ╧ÑßÑ├Ñ╗í╝Ñ╕ñ≥╚δ╠⌐ñ╦ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣ñ¼íó ├»ñ½ñ¼╬πñ¿ñ╨╝½╩¼ñ╦┴≈╢Γñ╣ñδñΦñªñ╦ÑßÑ├Ñ╗í╝Ñ╕ñ≥╩╤╣╣ñ╖ñ┐ñΩíó ╩╠ñ╬ñΓñ╬ñ╦├╓ñ¡┤╣ñ¿ñ╞ñ╖ñ▐ñªñ½ñΓñ╖ñ∞ñ╩ñññ╚ñññª╠Σ┬Ωñ¼ñóñΩñ▐ñ╣íú ÑóÑΩÑ╣ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ╬┐«═╤ñ≥╩▌╛┌ñ╣ñδ╩²╦íñ╬░∞ñ─ñ╧íó ÑßÑ├Ñ╗í╝Ñ╕ñ╬┤╩╖Θñ╩Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ≥║εñ├ñ╞íóñ╜ñ∞ñΓ╢Σ╣╘ñ╦┴≈ñδñ╚ñññªñΓñ╬ñ╟ñ╣íú ÑßÑ├Ñ╗í╝Ñ╕ñ≥╝⌡ñ▒╝Φñδñ╚╢Σ╣╘ñΓÑ└ÑñÑ╕ѺÑ╣Ñ╚ñ≥║ε└«ñ╖íó ÑóÑΩÑ╣ñ¼┴≈ñ├ñ┐ñΓñ╬ñ╚╚µñ┘ñ▐ñ╣íúñΓñ╖░∞├╫ñ╖ñ┐ñ╩ñΘíó ╝⌡ñ▒╝Φñ├ñ┐ÑßÑ├Ñ╗í╝Ñ╕ñ╧╠╡╜²ñ└ñ╚ñññªñ│ñ╚ñ╦ñ╩ñΩñ▐ñ╣íú</p> <p>ñ│ñ╬ñΦñªñ╩═╫╠≤ñ╧<dfn>ÑßÑ├Ñ╗í╝Ñ╕Ñ└ÑñÑ╕ѺÑ╣Ñ╚</dfn>íó <em>░∞╩²╣╘┤╪┐⌠</em>íóñ▐ñ┐ñ╧<em>Ñ╧Ñ├Ñ╖Ñσ┤╪┐⌠</em>ñ╚╕╞ñ╨ñ∞ñ▐ñ╣íú ÑßÑ├Ñ╗í╝Ñ╕Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ╧─╣ññ▓─╩╤─╣ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ½ñΘ ├╗ññ╕╟─Ω─╣ñ╬╔╜╕╜ñ≥║εñδñ╬ñ╦╗╚ñ∩ñ∞ñ▐ñ╣íú Ñ└ÑñÑ╕ѺÑ╣Ñ╚ÑóÑδÑ┤ÑΩÑ║Ñαñ╧ÑßÑ├Ñ╗í╝Ñ╕ñ½ñΘ ░∞░╒ñ╩Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ≥└╕└«ñ╣ñδñΦñªñ╦║εñΘñ∞ñ╞ñññ▐ñ╣íú ÑßÑ├Ñ╗í╝Ñ╕Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ╧Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ½ñΘ╕╡ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ≥ ╚╜─Ωñ╣ñδñ╬ñ¼ñ╚ñ╞ñΓ╞±ñ╖ñññΦñªñ╦ñ╟ñ¡ñ╞ñññ▐ñ╣íú ñ▐ñ┐íó╞▒ñ╕═╫╠≤ñ≥║ε└«ñ╣ñδ╞≤ñ─ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ≥├╡ñ╣ñ╬ñ╧╔╘▓─╟╜ñ╟ñ╣íú ñΦñ├ñ╞íó╞▒ñ╕═╫╠≤ñ≥╗╚ñ├ñ╞ÑßÑ├Ñ╗í╝Ñ╕ñ≥├╓ñ¡┤╣ñ¿ñδñ╚ñññª ▓─╟╜└¡ñ≥╟╙╜ⁿñ╖ñ╞ñññ▐ñ╣íú</p> <p>ÑóÑΩÑ╣ñ╪ñ╬ñΓñª░∞ñ─ñ╬╠Σ┬Ωñ╧íóñ│ñ╬Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ≥░┬┴┤ñ╦┴≈ñδ╩²╦íñ≥├╡ñ╣ñ│ñ╚ñ╟ñ╣íú ñ│ñ∞ñ¼ñ╟ñ¡ñ∞ñ╨íóÑßÑ├Ñ╗í╝Ñ╕ñ╬┐«═╤ñ¼╩▌╛┌ñ╡ñ∞ñ▐ñ╣íú ░∞ñ─ñ╬╩²╦íñ╧ñ│ñ╬Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ╦┼┼╗╥╜≡╠╛ñ≥┤▐ñαñ│ñ╚ñ╟ñ╣íú</p> <h3><a name="digitalsignatures" id="digitalsignatures">┼┼╗╥╜≡╠╛</a></h3> <p>ÑóÑΩÑ╣ñ¼╢Σ╣╘ñ╦ÑßÑ├Ñ╗í╝Ñ╕ñ≥┴≈ñ├ñ┐ñ╚ñ¡íó╢Σ╣╘ñ╧íó ┐»╞■╝╘ñ¼╚α╜≈ñ╦ñ╩ñΩñ╣ñ▐ñ╖ñ╞╚α╜≈ñ╬╕²║┬ñ╪ñ╬╝Φ░·ñ≥┐╜└┴ñ╖ñ╞ñññ╩ñññ½íó ÑßÑ├Ñ╗í╝Ñ╕ñ¼╦▄┼÷ñ╦╚α╜≈ñ½ñΘñ╬ñΓñ╬ñ½│╬╝┬ñ╦╩¼ñ½ñΘñ╩ñ▒ñ∞ñ╨ñññ▒ñ▐ñ╗ñ≤íú ÑóÑΩÑ╣ñ╦ñΦñ├ñ╞║ε└«ñ╡ñ∞íóÑßÑ├Ñ╗í╝Ñ╕ñ╦┤▐ñ▐ñ∞ñ┐ <em>┼┼╗╥╜≡╠╛</em>ñ¼ñ│ñ│ñ╟╠≥ñ╦╬⌐ñ┴ñ▐ñ╣íú</p> <p>┼┼╗╥╜≡╠╛ñ╧ÑßÑ├Ñ╗í╝Ñ╕ñ╬Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñΣñ╜ñ╬┬╛ñ╬╛≡╩≤(╜Φ═²╚╓╣µñ╩ñ╔)ñ≥ ┴≈┐«╝╘ñ╬╚δ╠⌐╕░ñ╟░┼╣µ▓╜ñ╣ñδñ│ñ╚ñ╟║εñΘñ∞ñ▐ñ╣íú ├»ñΓñ¼╕°│½╕░ñ≥╗╚ñ├ñ╞╜≡╠╛ñ≥<em>╔ⁿ╣µ</em>ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣ñ¼íó ╜≡╠╛╝╘ñ╬ñ▀ñ¼╚δ╠⌐╕░ñ≥├╬ñ├ñ╞ñññ▐ñ╣íú ñ│ñ∞ñ╧íó╚αñΘñ╬ñ▀ñ¼╜≡╠╛ñ╖ñ¿ñ┐ñ│ñ╚ñ≥░╒╠úñ╖ñ▐ñ╣íú Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ≥┼┼╗╥╜≡╠╛ñ╦┤▐ñαñ│ñ╚ñ╧íó ñ╜ñ╬╜≡╠╛ñ¼ñ╜ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ╬ñ▀ñ╦═¡╕·ñ╟ñóñδñ│ñ╚ñ≥░╒╠úñ╖ñ▐ñ╣íú ñ│ñ∞ñ╧íó├»ñΓÑ└ÑñÑ╕ѺÑ╣Ñ╚ñ≥╩╤ñ¿ñ╞╜≡╠╛ñ≥ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ╩ñññ┐ñßíó ÑßÑ├Ñ╗í╝Ñ╕ñ╬┐«═╤ñΓ╩▌╛┌ñ╖ñ▐ñ╣íú</p> <p>┐»╞■╝╘ñ¼╜≡╠╛ñ≥╦╡╝⌡ñ╖ñ╞╕σ╞ⁿñ╦║╞═°═╤ñ╣ñδñ╬ñ≥╦╔ñ░ñ┐ñß ┼┼╗╥╜≡╠╛ñ╦ñ╧░∞░╒ñ╩╜Φ═²╚╓╣µñ¼┤▐ñ▐ñ∞ñ▐ñ╣íú ñ│ñ∞ñ╧íóÑóÑΩÑ╣ñ¼ñ╜ñ≤ñ╩ÑßÑ├Ñ╗í╝Ñ╕ñ╧┴≈ñ├ñ╞ñññ╩ñññ╚╕└ñª║╛╡╜ ñ½ñΘ╢Σ╣╘ñ≥╝ΘñΩñ▐ñ╣íú ╚α╜≈ñ└ñ▒ñ¼╜≡╠╛ñ╖ñ¿ñ┐ñ½ñΘñ╟ñ╣íú(╚▌╟º╦╔╗▀)</p> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="certificates" id="certificates">╛┌╠└╜±</a></h2> <p>ÑóÑΩÑ╣ñ╧╚δ╠⌐ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ≥╢Σ╣╘ñ╦┴≈ñΩíó ╜≡╠╛ñ≥ñ╖ñ╞íóÑßÑ├Ñ╗í╝Ñ╕ñ╬┐«═╤ñ≥╩▌╛┌ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñδñ¬ñªñ╦ñ╩ñΩñ▐ñ╖ñ┐ñ¼íó ─╠┐«ñ╖ñ╞ñññδ┴Ω╝Ωñ¼╦▄┼÷ñ╦╢Σ╣╘ñ╩ñ╬ñ½│╬ñ½ñßñ╩ñ»ñ╞ñ╧ñññ▒ñ▐ñ╗ñ≤íú ñ│ñ∞ñ╧íó╚α╜≈ñ¼╗╚ñª╕°│½╕░ñ¼╢Σ╣╘ñ╬╚δ╠⌐╕░ñ╚┬╨ñ╦ñ╩ñ├ñ╞ñññδñΓñ╬ñ½íó ╚α╜≈ñ╧│╬ñ½ñßñ╩ñ»ñ╞ñ╧ñññ▒ñ╩ñññ╚ñññªñ│ñ╚ñ≥░╒╠úñ╖ñ▐ñ╣íú ╞▒══ñ╦íó╢Σ╣╘ñ╧ÑßÑ├Ñ╗í╝Ñ╕ñ╬╜≡╠╛ñ¼╦▄┼÷ñ╦ÑóÑΩÑ╣ñ╬╜≡╠╛ñ½│╬╟ºñ╣ñδ╔¼═╫ñ¼ ñóñΩñ▐ñ╣íú</p> <p>ñΓñ╖╬╛╝╘ñ╦┐╚╕╡ñ≥╛┌╠└ñ╖íó╕°│½╕░ñ≥│╬╟ºñ╖íóñ▐ñ┐┐«═Ωñ╡ñ∞ñ┐╡í┤╪ñ¼╜≡╠╛ ñ╖ñ┐╛┌╠└╜±ñ¼ñóñ∞ñ╨íó╬╛╝╘ñ╚ñΓ─╠┐«┴Ω╝Ωñ╦ñ─ñññ╞└╡ñ╖ññ┴Ω╝Ωñ└ñ╚ │╬┐«ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú ñ╜ñ╬ñΦñªñ╩┐«═Ωñ╡ñ∞ñ┐╡í┤╪ñ╧<em>╟º╛┌╢╔</em> (Certificate Authority ñ▐ñ┐ñ╧ CA) ñ╚╕╞ñ╨ñ∞íó ╛┌╠└╜± (certificate) ñ¼╟º╛┌ (authentication) ñ╦╗╚ñ∩ñ∞ñ▐ñ╣íú</p> <h3><a name="certificatecontents" id="certificatecontents">╛┌╠└╜±ñ╬╞Γ═╞</a></h3> <p>╛┌╠└╜±ñ╧╕°│½╕░ñ╚╕─┐═íóÑ╡í╝Ñ╨íóñ╜ñ╬┬╛ñ╬╝τ┬╬ñ╬╝┬║▀ñ╬┐╚╕╡ñ≥ ┤╪╧ó╔╒ñ▒ñ▐ñ╣íú <a href="#table1">╔╜1</a>ñ╦╝¿ñ╡ñ∞ñδñΦñªñ╦╛┌╠└┬╨╛▌ñ╬╛≡╩≤ñ╧ ┐╚╕╡╛┌╠└ñ╬╛≡╩≤(╝▒╩╠╠╛)ñ╚╕°│½╕░ñ¼┤▐ñ▐ñ∞ñ▐ñ╣íú ╛┌╠└╜±ñ╧ñ▐ñ┐íó╟º╛┌╢╔ñ╬┐╚╕╡╛┌╠└ñ╚╜≡╠╛íóñ╜ñ╖ñ╞╛┌╠└╜±ñ╬═¡╕·┤ⁿ┤╓ñ≥ ┤▐ñ▀ñ▐ñ╣íú Ñ╖ÑΩÑóÑδÑ╩Ñ≤Ñ╨í╝ñ╩ñ╔ñ╬╟º╛┌╢╔ñ╬┤╔═²╛σñ╬╛≡╩≤ñΣ ñ╜ñ╬┬╛ñ╬─╔▓├ñ╬╛≡╩≤ñ¼┤▐ñ▐ñ∞ñ╞ñññδñ½ñΓñ╖ñ∞ñ▐ñ╗ñ≤íú</p> <h4><a name="table1" id="table1">╔╜1: ╛┌╠└╜±╛≡╩≤</a></h4> <table> <tr><th>╛┌╠└┬╨╛▌</th> <td>╝▒╩╠╠╛íó╕°│½╕░</td></tr> <tr><th>╚»╣╘╝╘</th> <td>╝▒╩╠╠╛íó╕°│½╕░</td></tr> <tr><th>═¡╕·┤ⁿ┤╓</th> <td>│½╗╧╞ⁿíó╝║╕·╞ⁿ</td></tr> <tr><th>┤╔═²╛≡╩≤</th> <td>Ñ╨í╝Ñ╕ÑτÑ≤íóÑ╖ÑΩÑóÑδÑ╩Ñ≤Ñ╨í╝</td></tr> <tr><th>│╚─Ñ╛≡╩≤</th> <td>┤≡╦▄┼¬ñ╩└⌐╠≤íóÑ═Ñ├Ñ╚Ñ╣Ñ▒í╝Ñ╫Ñ╒ÑΘÑ├Ñ░íóñ╜ñ╬┬╛</td></tr> </table> <p>╝▒╩╠╠╛(Ñ╟ÑúÑ╣Ñ╞ÑúÑ≤Ñ░ÑñÑ├Ñ╖ÑσíªÑ═í╝Ñα)ñ╧╞├─Ωñ╬╛⌡╢╖ñ╦ñ¬ñ▒ñδ ┐╚╩¼╛┌╠└ñ≥─≤╢íñ╣ñδñ╬ñ╦╗╚ñ∩ñ∞ñ╞ñññ▐ñ╣íú╬πñ¿ñ╨íóñóñδ┐═ñ╧ ╗Σ═╤ñ╚▓±╝╥ñ╚ñ╟╩╠í╣ñ╬┐╚╩¼╛┌╠└ñ≥╗²ñ─ñ½ñΓñ╖ñ∞ñ▐ñ╗ñ≤íú ╝▒╩╠╠╛ñ╧ X.509 ╔╕╜α╡¼│╩ [<a href="#X509">X509</a>] ñ╟─Ω╡┴ñ╡ñ∞ñ╞ñññ▐ñ╣íú X.509 ╔╕╜α╡¼│╩ñ╧íó╣α╠▄íó╣α╠▄╠╛íóñ╜ñ╖ñ╞╣α╠▄ñ╬╬¼╛╬ñ≥─Ω╡┴ñ╖ñ╞ñññ▐ñ╣íú(<a href="#table2">╔╜ 2</a> ╗▓╛╚)</p> <h4><a name="table2" id="table2">╔╜ 2: ╝▒╩╠╠╛╛≡╩≤</a></h4> <table class="bordered"> <tr><th>╝▒╩╠╠╛╣α╠▄</th> <th>╬¼╛╬</th> <th>└Γ╠└</th> <th>╬π</th></tr> <tr><td>Common Name (Ñ│ÑΓÑ≤Ñ═í╝Ñα)</td> <td>CN</td> <td>╟º╛┌ñ╡ñ∞ñδ╠╛┴░<br /> SSL└▄┬│ñ╣ñδURL</td> <td>CN=www.example.com</td></tr> <tr><td>Organization or Company (┴╚┐Ñ╠╛)</td> <td>O</td> <td>├─┬╬ñ╬└╡╝░▒╤╕∞┴╚┐Ñ╠╛</td> <td>O=Example Japan K.K.</td></tr> <tr><td>Organizational Unit (╔⌠╠τ╠╛)</td> <td>OU</td> <td>╔⌠╜≡╠╛ñ╩ñ╔</td> <td>OU=Customer Service</td></tr> <tr><td>City/Locality (╗╘╢Φ─«┬╝)</td> <td>L</td> <td>╜Ω║▀ñ╖ñ╞ñδ╗╘╢Φ─«┬╝</td> <td>L=Sapporo</td></tr> <tr><td>State/Province (┼╘╞╗╔▄╕⌐)</td> <td>ST</td> <td>╜Ω║▀ñ╖ñ╞ñδ┼╘╞╗╔▄╕⌐</td> <td>ST=Hokkaido</td></tr> <tr><td>Country(╣±)</td> <td>C</td> <td>╜Ω║▀ñ╖ñ╞ñññδ╣±╠╛ñ╬ ISO Ñ│í╝Ñ╔<br /> ╞ⁿ╦▄ñ╬╛∞╣τ JP </td> <td>C=JP</td></tr> </table> <p>╟º╛┌╢╔ñ╧ñ╔ñ╬╣α╠▄ñ¼╛╩╬¼▓─╟╜ñ╟ñ╔ñ∞ñ¼╔¼┐▄ñ½ñ╬╩²┐╦ñ≥─Ω╡┴ñ╣ñδ ñ½ñΓñ╖ñ∞ñ▐ñ╗ñ≤íú╣α╠▄ñ╬╞Γ═╞ñ╦ñ─ñññ╞ñΓ╟º╛┌╢╔ñΣ╛┌╠└╜±ñ╬ѵí╝Ñ╢ñ½ñΘñ╬ ═╫╖∩ñ¼ñóñδñ½ñΓñ╖ñ∞ñ▐ñ╗ñ≤íú ╬πñ¿ñ╨íóÑ═Ñ├Ñ╚Ñ╣Ñ▒í╝Ñ╫ñ╬Ñ╓ÑΘѪÑ╢ñ╧Ñ╡í╝Ñ╨ñ╬╛┌╠└╜±ñ╬ Common Name (Ñ│ÑΓÑ≤Ñ═í╝Ñα)ñ¼Ñ╡í╝Ñ╨ñ╬Ñ╔ÑßÑñÑ≤╠╛ñ╬ <code>*.example.com</code> ñ╚ñññªñΦñªñ╩Ñ∩ÑñÑδÑ╔ѽí╝Ñ╔ñ╬Ñ╤Ñ┐í╝Ñ≤ñ╦Ñ▐Ñ├Ñ┴ñ╣ñδñ│ñ╚ ñ≥═╫╡ßñ╖ñ▐ñ╣íú</p> <p>Ñ╨ÑñÑ╩ÑΩ╖┴╝░ñ╬╛┌╠└╜±ñ╧ ASN.1 ╔╜╡¡╦í [<a href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>] ñ╟ ─Ω╡┴ñ╡ñ∞ñ╞ñññ▐ñ╣íú ñ│ñ╬╔╜╡¡╦íñ╧╞Γ═╞ñ≥ñ╔ñ╬ñΦñªñ╦╡¡╜╥ñ╣ñδñ½ñ≥─Ω╡┴ñ╖íó ╔Σ╣µ▓╜ñ╬╡¼─Ωñ¼ñ│ñ╬╛≡╩≤ñ¼ñ╔ñ╬ñΦñªñ╦Ñ╨ÑñÑ╩ÑΩ╖┴╝░ñ╦╩╤┤╣ñ╡ñ∞ñδñ½ñ≥ ─Ω╡┴ñ╖ñ▐ñ╣íú ╛┌╠└╜±ñ╬Ñ╨ÑñÑ╩ÑΩ╔Σ╣µ▓╜ñ╧ Distinguished Encoding Rules (DER) ñ╟─Ω╡┴ñ╡ñ∞íóñ╜ñ∞ñ╧ñΦñΩ░∞╚╠┼¬ñ╩ Basic Encoding Rules (BER) ñ╦┤≡ñ┼ñññ╞ñññ▐ñ╣íú Ñ╨ÑñÑ╩ÑΩ╖┴╝░ñ≥░╖ñªñ│ñ╚ñ╬ñ╟ñ¡ñ╩ññ┴≈┐«ñ╟ñ╧íó Ñ╨ÑñÑ╩ÑΩ╖┴╝░ñ╧ Base64 ╔Σ╣µ▓╜ [<a href="#MIME">MIME</a>] ñ╟ ASCII ╖┴╝░ñ╦╩╤┤╣ñ╡ñ∞ñδñ│ñ╚ñ¼ñóñΩñ▐ñ╣íú ñ│ñ╬ñΦñªñ╦╔Σ╣µ▓╜ñ╡ñ∞íó░╩▓╝ñ╬╬πñ╦╝¿ñ╡ñ∞ñδñΦñªñ╦╢Φ└┌ñΩ╣╘ñ╦ ╢┤ñ▐ñ∞ñ┐ñΓñ╬ñ╧ PEM ╔Σ╣µ▓╜ñ╡ñ∞ñ┐ñ╚╕└ñññ▐ñ╣íú (PEM ñ╬╠╛┴░ñ╧ "Privacy Enhanced Mail" ñ╦═│═Φñ╖ñ▐ñ╣)</p> <div class="example"><h3>PEM ╔Σ╣µ▓╜ñ╡ñ∞ñ┐╛┌╠└╜±ñ╬╬π (example.crt)</h3><pre>-----BEGIN CERTIFICATE----- MIIC7jCCAlegAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz bmFrZW9pbC5kb20wHhcNOTgxMDIxMDg1ODM2WhcNOTkxMDIxMDg1ODM2WjCBpzEL MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQDH9Ge/s2zcH+da+rPTx/DPRp3xGjHZ4GG6pCmvADIEtBtKBFAcZ64n+Dy7Np8b vKR+yy5DGQiijsH1D/j8HlGE+q4TZ8OFk7BNBFazHxFbYI4OKMiCxdKzdif1yfaa lWoANFlAzlSdbxeGVHoT0K+gT5w3UxwZKv2DLbCTzLZyPwIDAQABoyYwJDAPBgNV HRMECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQQFAAOB gQAZUIHAL4D09oE6Lv2k56Gp38OBDuILvwLg1v1KL8mQR+KFjghCrtpqaztZqcDt 2q2QoyulCgSzHbEGmi0EsdkPfg6mp0penssIFePYNI+/8u9HT4LuKMJX15hxBam7 dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ== -----END CERTIFICATE-----</pre></div> <h3><a name="certificateauthorities" id="certificateauthorities">╟º╛┌╢╔</a></h3> <p>ñ▐ñ║╛┌╠└╜±ñ╬┐╜└┴ñ╬╛≡╩≤ñ≥│╬╟ºñ╣ñδñ│ñ╚ñ╟íó ╟º╛┌╢╔ñ╧╚δ╠⌐╕░ñ╬╗²ñ┴╝τñ╬┐╚╕╡ñ≥╩▌╛┌ñ╖ñ▐ñ╣íú ╬πñ¿ñ╨íóÑóÑΩÑ╣ñ¼╕─┐═╛┌╠└╜±ñ≥┐╜└┴ñ╖ñ┐ñ╚ñ╣ñδñ╚íó ╟º╛┌╢╔ñ╧ÑóÑΩÑ╣ñ¼╛┌╠└╜±ñ╬┐╜└┴ñ¼╝τ─Ññ╣ñδ─╠ñΩñ╬ ┐═╩¬ñ└ñ╚ñññªñ│ñ╚ñ≥│╬╟ºñ╖ñ╩ñ»ñ╞ñ╧ñññ▒ñ▐ñ╗ñ≤íú</p> <h4><a name="certificatechains" id="certificatechains">╛┌╠└╜±│¼┴╪╣╜┬ñ</a></h4> <p>╟º╛┌╢╔ñ╧┬╛ñ╬╟º╛┌╢╔ñ╪ñ╬╛┌╠└╜±ñ≥╚»╣╘ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú ╠ñ├╬ñ╬╛┌╠└╜±ñ≥─┤ñ┘ñδ╗■ñ╦íóÑóÑΩÑ╣ñ╧ñ╜ñ╬╛┌╠└╜±ñ╬╚»╣╘╝╘ ñ╦╝½┐«ñ¼╗²ñ╞ñδñ▐ñ╟íó╚»╣╘╝╘ñ╬╛┌╠└╜±ñ≥ ñ╜ñ╬╛σ░╠│¼┴╪ñ╬╟º╛┌╢╔ñ≥ñ┐ñ╔ñ├ñ╞─┤ñ┘ñδ╔¼═╫ñ¼ñóñΩñ▐ñ╣íú í╓░¡╝┴ñ╩í╫╛┌╠└╜±ñ╬┤φ╕▒└¡ñ≥╕║ñΘñ╣ñ┐ñßíó ╚α╜≈ñ╧╕┬ñΘñ∞ñ┐╧ó║┐ñ╬╚»╣╘╝╘ñ╬ñ▀┐«═Ωñ╣ñδñΦñªñ╦ ╖Φñßñδñ│ñ╚ñΓñ╟ñ¡ñ▐ñ╣íú</p> <h4><a name="rootlevelca" id="rootlevelca">║╟╛σ░╠╟º╛┌╢╔ñ╬║ε└«</a></h4> <p>┴░ñ╦╜╥ñ┘ñ┐ñΦñªñ╦íó┴┤ñ╞ñ╬╛┌╠└╜±ñ╦ñ─ñññ╞íó ║╟╛σ░╠ñ╬╟º╛┌╢╔(CA)ñ▐ñ╟ñ╜ñ∞ñ╛ñ∞ñ╬╚»╣╘╝╘ñ¼ ┬╨╛▌ñ╬┐╚╕╡╛┌╠└ñ╬═¡╕·└¡ñ≥╠└ñΘñ½ñ╦ñ╣ñδ╔¼═╫ñ¼ñóñΩñ▐ñ╣íú ╠Σ┬Ωñ╧íó├»ñ¼ñ╜ñ╬║╟╛σ░╠ñ╬╟º╛┌╡í┤╪ñ╬╛┌╠└╜±ñ≥╩▌╛┌ñ╣ñδñ╬ñ½íó ñ╚ñññªñ│ñ╚ñ╟ñ╣íú ñ│ñ╬ñΦñªñ╩╛∞╣τñ╦╕┬ñΩíó╛┌╠└╜±ñ╧í╓╝½╕╩╜≡╠╛í╫ñ╡ñ∞ñ▐ñ╣íú ñ─ñ▐ñΩíó╛┌╠└╜±ñ╬╚»╣╘╝╘ñ╚╛┌╠└┬╨╛▌ñ¼╞▒ñ╕ñ╚ñññªñ│ñ╚ñ╦ñ╩ñΩñ▐ñ╣íú ñ╜ñ╬╖δ▓╠íó╝½╕╩╜≡╠╛ñ╡ñ∞ñ┐╛┌╠└╜±ñ≥┐«═╤ñ╣ñδñ╦ñ╧ ║┘┐┤ñ╬├φ░╒ñ¼╔¼═╫ñ╟ñ╣íú ║╟╛σ░╠╟º╛┌╢╔ñ¼╕°│½╕░ñ≥╣¡ñ»╕°╔╜ñ╣ñδñ│ñ╚ñ╟íó ñ╜ñ╬╕░ñ≥┐«═Ωñ╣ñδÑΩÑ╣Ñ»ñ≥─πñ»ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú ñΓñ╖íó┬╛┐═ñ¼ñ╜ñ╬╟º╛┌╢╔ñ╦ñ╩ñΩñ╣ñ▐ñ╖ñ┐╗■ñ╦íóñ╜ñ∞ñ¼╧¬╕½ñ╖ñΣ ñ╣ñññ½ñΘñ╟ñ╣íú ┬┐ñ»ñ╬Ñ╓ÑΘѪÑ╢ñ╧═¡╠╛ñ╩╟º╛┌╢╔ñ≥┐«═Ωñ╣ñδñΦñªñ╦ └▀─Ωñ╡ñ∞ñ╞ñññ▐ñ╣íú</p> <p><a href="http://www.thawte.com/">Thawte</a> ñΣ <a href="http://www.verisign.com/">VeriSign</a> ñ╬ñΦñªñ╩┬┐ñ»ñ╬▓±╝╥ñ¼╟º╛┌╢╔ñ╚ñ╖ñ╞│½└▀ñ╖ñ▐ñ╖ñ┐íú ñ│ñ╬ñΦñªñ╩▓±╝╥ñ╧░╩▓╝ñ╬Ñ╡í╝Ñ╙Ñ╣ñ≥─≤╢íñ╖ñ▐ñ╣:</p> <ul> <li>╛┌╠└╜±┐╜└┴ñ╬│╬╟º</li> <li>╛┌╠└╜±┐╜└┴ñ╬╜Φ═²</li> <li>╛┌╠└╜±ñ╬╚»╣╘ñ╚┤╔═²</li> </ul> <p>╝½╩¼ñ╟╟º╛┌╢╔ñ≥║εñδñ│ñ╚ñΓ▓─╟╜ñ╟ñ╣íú ÑñÑ≤Ñ┐í╝Ñ═Ñ├Ñ╚┤─╢¡ñ╟ñ╧┤φ╕▒ñ╟ñ╣ñ¼íó ╕─┐═ñΣÑ╡í╝Ñ╨ñ╬┐╚╕╡╛┌╠└ñ¼┤╩├▒ñ╦╣╘ñ¿ñδ┴╚┐Ññ╬ ÑñÑ≤Ñ╚ÑΘÑ═Ñ├Ñ╚╞Γñ╟ñ╧╠≥ñ╦╬⌐ñ─ñ½ñΓñ╖ñ∞ñ▐ñ╗ñ≤íú</p> <h4><a name="certificatemanagement" id="certificatemanagement">╛┌╠└╜±┤╔═²</a></h4> <p>╟º╛┌╢╔ñ╬│½└▀ñ╧┼░─∞ñ╖ñ┐┤╔═²íó╡╗╜╤íó▒┐═╤ñ╬┬╬└⌐ñ≥╔¼═╫ñ╚ñ╣ñδ └╒╟ññ╬ñóñδ╗┼╗÷ñ╟ñ╣íú ╟º╛┌╢╔ñ╧╛┌╠└╜±ñ≥╚»╣╘ñ╣ñδñ└ñ▒ñ╟ñ╩ñ»íó ┤╔═²ñΓñ╖ñ╩ñ▒ñ∞ñ╨ñ╩ñΩñ▐ñ╗ñ≤íú ╢±┬╬┼¬ñ╦ñ╧íó╛┌╠└╜±ñ¼ñññ─ñ▐ñ╟═¡╕·ñ½ñ≥╖Φ─Ωñ╖íó╣╣┐╖ñ╖íó ñ▐ñ┐┤√ñ╦╚»╣╘ñ╡ñ∞ñ┐ñ¼╝║╕·ñ╖ñ┐╛┌╠└╜±ñ╬ÑΩÑ╣Ñ╚ (Certificate Revocation Lists ñ▐ñ┐ñ╧ CRL) ñ≥┤╔═²ñ╖ñ╩ñ▒ñ∞ñ╨ñññ▒ñ▐ñ╗ñ≤íú ╬πñ¿ñ╨íóÑóÑΩÑ╣ñ¼▓±╝╥ñ½ñΘ╝╥░≈ñ╚ñ╖ñ╞╛┌╠└╜±ñ≥═┐ñ¿ñΘñ∞ñ┐ñ╚ñ╖ñ▐ñ╣íú ñ╜ñ╖ñ╞íóÑóÑΩÑ╣ñ¼▓±╝╥ñ≥╝¡ñßñδñ╚ñ¡ñ╦ñ╧╛┌╠└╜±ñ≥╝ΦñΩ╛├ñ╡ñ╩ñ▒ñ∞ñ╨ ñññ▒ñ╩ñññ╚ñ╖ñ▐ñ╣íú ╛┌╠└╜±ñ╧╝íí╣ñ╚┐═ñ╦┼╧ñ╡ñ∞ñ╞ñññ»ñΓñ╬ñ╩ñ╬ñ╟íó ╛┌╠└╜±ñ╜ñ╬ñΓñ╬ñ½ñΘíóñ╜ñ∞ñ¼╝ΦñΩ╛├ñ╡ñ∞ñ┐ñ½╚╜├╟ñ╣ñδñ│ñ╚ñ╧ ╔╘▓─╟╜ñ╟ñ╣íú ñΦñ├ñ╞íó╛┌╠└╜±ñ╬═¡╕·└¡ñ≥─┤ñ┘ñδñ╚ñ¡ñ╦ñ╧íó ╟º╛┌╢╔ñ╦╧ó═φñ╖ñ╞ CRL ñ≥╛╚╣τñ╣ñδ╔¼═╫ñ¼ñóñΩñ▐ñ╣íú ╔ß─╠ñ│ñ╬▓ß─°ñ╧╝½╞░▓╜ñ╡ñ∞ñ╞ñññδñΓñ╬ñ╟ñ╧ñóñΩñ▐ñ╗ñ≤íú</p> <div class="note"><h3>├φ░╒</h3> <p>Ñ╟Ñ╒Ñ⌐ÑδÑ╚ñ╟Ñ╓ÑΘѪÑ╢ñ╦└▀─Ωñ╡ñ∞ñ╞ñññ╩ññ╟º╛┌╢╔ñ≥╗╚ñ├ñ┐╛∞╣τíó ╟º╛┌╢╔ñ╬╛┌╠└╜±ñ≥Ñ╓ÑΘѪÑ╢ñ╦╞╔ñ▀╣■ñ≤ñ╟íó Ñ╓ÑΘѪÑ╢ñ¼ñ╜ñ╬╟º╛┌╢╔ñ╦ñΦñ├ñ╞╜≡╠╛ñ╡ñ∞ñ┐Ñ╡í╝Ñ╨ñ╬╛┌╠└╜±ñ≥ ═¡╕·▓╜ñ╣ñδ╔¼═╫ñ¼ñóñΩñ▐ñ╣íú ░∞┼┘╞╔ñ▀╣■ñ▐ñ∞ñδñ╚íóñ╜ñ╬╟º╛┌╢╔ñ╦ñΦñ├ñ╞╜≡╠╛ñ╡ñ∞ñ┐┴┤ñ╞ñ╬ ╛┌╠└╜±ñ≥╝⌡ñ▒╞■ñ∞ñδñ┐ñßíó┤φ╕▒ñ≥╚╝ñññ▐ñ╣íú</p> </div> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="ssl" id="ssl">Secure Sockets Layer (SSL)</a></h2> <p>Secure Sockets Layer Ñ╫ÑφÑ╚Ñ│Ñδñ╧┐«═Ω└¡ñ╬ñóñδÑ│Ñ═Ñ»Ñ╖ÑτÑ≤╖┐ñ╬ Ñ═Ñ├Ñ╚Ñ∩í╝Ñ»┴╪ñ╬Ñ╫ÑφÑ╚Ñ│Ñδ(╬πñ¿ñ╨íóTCP/IP)ñ╚ ÑóÑ╫ÑΩÑ▒í╝Ñ╖ÑτÑ≤┴╪ñ╬Ñ╫ÑφÑ╚Ñ│Ñδ(╬πñ¿ñ╨íóHTTP) ñ╬┤╓ñ╦├╓ñ»ñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú SSL ñ╧íó┴Ω╕▀╟º╛┌ñ╦ñΦñ├ñ╞Ñ╡í╝Ñ╨ñ╚Ñ»ÑΘÑñÑóÑ≤Ñ╚┤╓ñ╬░┬┴┤ñ╩─╠┐«ñ≥íó ┼┼╗╥╜≡╠╛ñ╦ñΦñ├ñ╞Ñ╟í╝Ñ┐ñ╬┤░┴┤└¡ñ≥íó ñ╜ñ╖ñ╞░┼╣µ▓╜ñ╦ñΦñ├ñ╞Ñ╫ÑΘÑñÑ╨Ñ╖ñ≥─≤╢íñ╖ñ▐ñ╣íú</p> <p>SSL Ñ╫ÑφÑ╚Ñ│Ñδñ╧░┼╣µ▓╜íóÑ└ÑñÑ╕ѺÑ╣Ñ╚íó┼┼╗╥╜≡╠╛ñ╦ñ─ñññ╞íó ══í╣ñ╩ÑóÑδÑ┤ÑΩÑ║Ñαñ≥Ñ╡Ñ▌í╝Ñ╚ñ╣ñδñΦñªñ╦ñ╟ñ¡ñ╞ñññ▐ñ╣íú ñ│ñªñ╣ñδñ│ñ╚ñ╟íó╦íñΣ═ó╜╨ñ╬╡¼└⌐ñ≥╣═╬╕ñ╦╞■ñ∞ñ╞íóÑ╡í╝Ñ╨ñ╦╣τñ∩ñ╗ñ┐ ÑóÑδÑ┤ÑΩÑ║Ñαñ≥┴¬ñ╓ñ│ñ╚ñ¼ñ╟ñ¡íóñ▐ñ┐íó┐╖ñ╖ññÑóÑδÑ┤ÑΩÑ║Ñαñ≥ ═°═╤ñ╖ñ╞ñññ»ñ│ñ╚ñΓ▓─╟╜ñ╦ñ╖ñ╞ñññ▐ñ╣íú ÑóÑδÑ┤ÑΩÑ║Ñαñ╬┴¬┬≥ñ╧Ñ╫ÑφÑ╚Ñ│ÑδÑ╗Ñ├Ñ╖ÑτÑ≤│½╗╧╗■ñ╦ Ñ╡í╝Ñ╨ñ╚Ñ»ÑΘÑñÑóÑ≤Ñ╚┤╓ñ╟╝ΦñΩ╖ΦñßñΘñ∞ñ▐ñ╣íú</p> <h3><a name="table4" id="table4">╔╜4: SSL Ñ╫ÑφÑ╚Ñ│Ñδñ╬Ñ╨í╝Ñ╕ÑτÑ≤</a></h3> <table class="bordered"> <tr><th>Ñ╨í╝Ñ╕ÑτÑ≤</th> <th>╜╨┼╡</th> <th>└Γ╠└</th> <th>Ñ╓ÑΘѪÑ╢ñ╬Ñ╡Ñ▌í╝Ñ╚</th></tr> <tr><td>SSL v2.0</td> <td>Vendor Standard (Netscape Corp. ñΦñΩ) [<a href="#SSL2">SSL2</a>]</td> <td>╝┬┴⌡ñ¼╕╜┬╕ñ╣ñδ╜Θñßñ╞ñ╬ SSL Ñ╫ÑφÑ╚Ñ│Ñδ</td> <td>- NS Navigator 1.x/2.x<br /> - MS IE 3.x<br /> - Lynx/2.8+OpenSSL</td></tr> <tr><td>SSL v3.0</td> <td>Expired Internet Draft (Netscape Corp. ñΦñΩ) [<a href="#SSL3">SSL3</a>]</td> <td>╞├─Ωñ╬Ñ╗Ñ¡ÑσÑΩÑ╞Ñú╣╢╖Γñ≥╦╔ñ░ñ┐ñßñ╬▓■─√íó ╚≤RSA ░┼╣µñ╬─╔▓├íó╛┌╠└╜±│¼┴╪╣╜┬ññ╬Ñ╡Ñ▌í╝Ñ╚</td> <td>- NS Navigator 2.x/3.x/4.x<br /> - MS IE 3.x/4.x<br /> - Lynx/2.8+OpenSSL</td></tr> <tr><td>TLS v1.0</td> <td>Proposed Internet Standard (IETF ñΦñΩ) [<a href="#TLS1">TLS1</a>]</td> <td>MAC Ñ∞ÑñÑΣñ≥ HMAC ñ╪╣╣┐╖íóÑ╓ÑφÑ├Ñ»░┼╣µñ╬ block paddingíóÑßÑ├Ñ╗í╝Ñ╕╜τ╜°ñ╬╔╕╜α▓╜íó╖┘╣≡╩╕ñ╬╜╝╝┬ñ╩ñ╔ñ╬ñ┐ñß SSL 3.0 ñ≥▓■─√íú</td> <td>- Lynx/2.8+OpenSSL</td></tr> </table> <p><a href="#table4">╔╜4</a>ñ╦╝¿ñ╡ñ∞ñδñ╚ñ¬ñΩíóSSL Ñ╫ÑφÑ╚Ñ│Ñδñ╦ñ╧ ñññ»ñ─ñΓñ╬Ñ╨í╝Ñ╕ÑτÑ≤ñ¼ñóñΩñ▐ñ╣íú ╔╜ñ╦ñΓ╜±ñ½ñ∞ñ╞ñññδñΦñªñ╦íóSSL 3.0 ñ╬═°┼└ñ╬░∞ñ─ñ╧ ╛┌╠└╜±│¼┴╪╣╜┬ññ≥Ñ╡Ñ▌í╝Ñ╚ñ╣ñδñ│ñ╚ñ╟ñ╣íú ñ│ñ╬╡í╟╜ñ╦ñΦñ├ñ╞íóÑ╡í╝Ñ╨ñ╧╝½╩¼ñ╬╛┌╠└╜±ñ╦▓├ñ¿ñ╞íó ╚»╣╘╝╘ñ╬╛┌╠└╜±ñ≥Ñ╓ÑΘѪÑ╢ñ╦┼╧ñ╣ñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú ╛┌╠└╜±│¼┴╪╣╜┬ññ╦ñΦñ├ñ╞íó Ñ╓ÑΘѪÑ╢ñ╦╚»╣╘╝╘ñ╬╛┌╠└╜±ñ¼─╛└▄┼╨╧┐ñ╡ñ∞ñ╞ñññ╩ñ»ñ╞ñΓíó │¼┴╪ñ╬├µñ╦┤▐ñ▐ñ∞ñ╞ñññ∞ñ╨íó Ñ╓ÑΘѪÑ╢ñ╧Ñ╡í╝Ñ╨ñ╬╛┌╠└╜±ñ≥═¡╕·▓╜ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú SSL 3.0 ñ╧╕╜║▀ Internet Engineering Task Force (IETF) ñ╦ñΦñ├ñ╞│½╚»ñ╡ñ∞ñ╞ñññδ Transport Layer Security [<a href="#TLS1">TLS</a>] Ñ╫ÑφÑ╚Ñ│Ñδ╔╕╜α╡¼│╩ñ╬┤≡┴├ñ╚ñ╩ñ├ñ╞ñññ▐ñ╣íú</p> <h3><a name="session" id="session">Ñ╗Ñ├Ñ╖ÑτÑ≤ñ╬│╬╬⌐</a></h3> <p><a href="#figure1">┐▐1</a>ñ╟╝¿ñ╡ñ∞ñδñΦñªñ╦íó Ñ╗Ñ├Ñ╖ÑτÑ≤ñ╬│╬╬⌐ñ╧Ñ»ÑΘÑñÑóÑ≤Ñ╚ñ╚Ñ╡í╝Ñ╨┤╓ñ╬ Ñ╧Ñ≤Ñ╔Ñ╖Ѻí╝Ñ»Ñ╖í╝ѻѿÑ≤Ñ╣ñ╦ñΦñ├ñ╞╣╘ñ╩ñ∩ñ∞ñ▐ñ╣íú Ñ╡í╝Ñ╨ñ¼╛┌╠└╜±ñ≥─≤╢íñ╣ñδñ½íóÑ»ÑΘÑñÑóÑ≤Ñ╚ñ╬╛┌╠└╜±ñ≥ÑΩѻѿÑ╣Ñ╚ñ╣ñδñ½ ñ╚ñññªÑ╡í╝Ñ╨ñ╬└▀─Ωñ╦ñΦñΩíóñ│ñ╬Ñ╖í╝ѻѿÑ≤Ñ╣ñ╧░█ñ╩ñδñΓñ╬ñ╚ñ╩ñΩñ▐ñ╣íú ░┼╣µ╛≡╩≤ñ╬┤╔═²ñ╬ñ┐ñßñ╦íó─╔▓├ñ╬Ñ╧Ñ≤Ñ╔Ñ╖Ѻí╝Ñ»▓ß─°ñ¼╔¼═╫ñ╦ñ╩ñδ ╛∞╣τñΓñóñΩñ▐ñ╣ñ¼íóñ│ñ╬╡¡╗÷ñ╟ñ╧ ñΦñ»ñóñδÑ╖Ñ╩ÑΩѬñ≥╝Ω├╗ñ╦└Γ╠└ñ╖ñ▐ñ╣íú ┴┤ñ╞ñ╬▓─╟╜└¡ñ╦ñ─ñññ╧íóSSL ╗┼══╜±ñ≥╗▓╛╚ñ╖ñ╞ñ»ñ└ñ╡ññíú</p> <div class="note"><h3>├φ░╒</h3> <p>░∞┼┘ SSL Ñ╗Ñ├Ñ╖ÑτÑ≤ñ¼│╬╬⌐ñ╣ñδñ╚íóÑ╗Ñ├Ñ╖ÑτÑ≤ñ≥║╞═°═╤ñ╣ñδñ│ñ╚ñ╟íó Ñ╗Ñ├Ñ╖ÑτÑ≤ñ≥│½╗╧ñ╣ñδñ┐ñßñ╬┬┐ñ»ñ╬▓ß─°ñ≥╖½ñΩ╩╓ñ╣ñ╚ñññª Ñ╤Ñ╒Ñ⌐í╝Ñ▐Ñ≤Ñ╣ñ╬┬╗╝║ñ≥╦╔ñ«ñ▐ñ╣íú ñ╜ñ╬ñ┐ñßíóÑ╡í╝Ñ╨ñ╧┴┤ñ╞ñ╬Ñ╗Ñ├Ñ╖ÑτÑ≤ñ╦░∞░╒ñ╩Ñ╗Ñ├Ñ╖ÑτÑ≤╝▒╩╠╠╛ñ≥ │ΣñΩ┼÷ñ╞íóÑ╡í╝Ñ╨ñ╦Ñ¡ÑπÑ├Ñ╖Ñσñ╖íóÑ»ÑΘÑñÑóÑ≤Ñ╚ñ╧╝í▓≤ñ½ñΘ (╝▒╩╠╠╛ñ¼Ñ╡í╝Ñ╨ñ╬Ñ¡ÑπÑ├Ñ╖Ñσñ╟┤ⁿ╕┬└┌ñ∞ñ╦ñ╩ñδñ▐ñ╟ñ╧) Ñ╧Ñ≤Ñ╔Ñ╖Ѻí╝Ñ»ñ╩ñ╖ñ╟└▄┬│ñ╣ñδñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú</p> </div> <p class="figure"> <img src="../images/ssl_intro_fig1.gif" alt="" width="423" height="327" /><br /> <a id="figure1" name="figure1"><dfn>┐▐1</dfn></a>: SSL Ñ╧Ñ≤Ñ╔Ñ╖Ѻí╝Ñ»Ñ╖í╝ѻѿÑ≤Ñ╣│╡╬¼</p> <p>Ñ╡í╝Ñ╨ñ╚Ñ»ÑΘÑñÑóÑ≤Ñ╚ñ╟╗╚ñ∩ñ∞ñδ Ñ╧Ñ≤Ñ╔Ñ╖Ѻí╝Ñ»Ñ╖í╝ѻѿÑ≤Ñ╣ñ╬═╫┴╟ñ≥░╩▓╝ñ╦╝¿ñ╖ñ▐ñ╣:</p> <ol> <li>Ñ╟í╝Ñ┐─╠┐«ñ╦╗╚ñ∩ñ∞ñδ░┼╣µÑ╣Ññí╝Ñ╚ñ╬╝ΦñΩ╖Φñß</li> <li>Ñ»ÑΘÑñÑóÑ≤Ñ╚ñ╚Ñ╡í╝Ñ╨┤╓ñ╟ñ╬Ñ╗Ñ├Ñ╖ÑτÑ≤╕░ñ╬│╬╬⌐ñ╚╢ª═¡</li> <li>ѬÑ╫Ñ╖ÑτÑ≤ñ╚ñ╖ñ╞íóÑ»ÑΘÑñÑóÑ≤Ñ╚ñ╦┬╨ñ╣ñδÑ╡í╝Ñ╨ñ╬╟º╛┌</li> <li>ѬÑ╫Ñ╖ÑτÑ≤ñ╚ñ╖ñ╞íóÑ╡í╝Ñ╨ñ╦┬╨ñ╣ñδÑ»ÑΘÑñÑóÑ≤Ñ╚ñ╬╟º╛┌</li> </ol> <p>┬Φ░∞Ñ╣Ñ╞Ñ├Ñ╫ñ╬░┼╣µÑ╣Ññí╝Ñ╚╝ΦñΩ╖Φñßñ╦ñΦñ├ñ╞íó Ñ╡í╝Ñ╨ñ╚Ñ»ÑΘÑñÑóÑ≤Ñ╚ñ╧ñ╜ñ∞ñ╛ñ∞ñ╦ñóñ├ñ┐ ░┼╣µÑ╣Ññí╝Ñ╚ñ≥┴¬ñ╓ñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú SSL3.0 Ñ╫ÑφÑ╚Ñ│Ñδñ╬╗┼══╜±ñ╧ 31 ñ╬░┼╣µÑ╣Ññí╝Ñ╚ñ≥─Ω╡┴ñ╖ñ╞ñññ▐ñ╣íú ░┼╣µÑ╣Ññí╝Ñ╚ñ╧░╩▓╝ñ╬Ñ│Ñ≤Ñ▌í╝Ñ═Ñ≤Ñ╚ñ╦ñΦñΩ─Ω╡┴ñ╡ñ∞ñ╞ñññ▐ñ╣:</p> <ul> <li>╕░ñ╬╕≥┤╣╝Ω├╩</li> <li>Ñ╟í╝Ñ┐─╠┐«ñ╬░┼╣µ╜╤</li> <li>Message Authentication Code (MAC) ║ε└«ñ╬ñ┐ñßñ╬ ÑßÑ├Ñ╗í╝Ñ╕Ñ└ÑñÑ╕ѺÑ╣Ñ╚</li> </ul> <p>ñ│ñ∞ñΘñ╬╗░ñ─ñ╬═╫┴╟ñ╧░╩▓╝ñ╬Ñ╗Ñ»Ñ╖ÑτÑ≤ñ╟└Γ╠└ñ╡ñ∞ñ╞ñññ▐ñ╣íú</p> <h3><a name="keyexchange" id="keyexchange">╕░ñ╬╕≥┤╣╝Ω├╩</a></h3> <p>╕░ñ╬╕≥┤╣╝Ω├╩ñ╧ÑóÑ╫ÑΩÑ▒í╝Ñ╖ÑτÑ≤ñ╬Ñ╟í╝Ñ┐─╠┐«ñ╦╗╚ñ∩ñ∞íó ╢ª═¡ñ╡ñ∞ñδ┬╨╛╬░┼╣µ╕░ñ≥ñ╔ñ╬ñΦñªñ╦ñ¼Ñ»ÑΘÑñÑóÑ≤Ñ╚ñ╚Ñ╡í╝Ñ╨ñ╟ ╝ΦñΩ╖Φñßñδñ½ñ≥─Ω╡┴ñ╖ñ▐ñ╣íú SSL 2.0 ñ╧ RSA ╕░╕≥┤╣ñ╖ñ½╗╚ñññ▐ñ╗ñ≤ñ¼íó SSL 3.0 ñ╧╛┌╠└╜±ñ¼╗╚ñ∩ñ∞ñδñ╚ñ¡ñ╧ RSA ╕░╕≥┤╣ñ≥╗╚ññíó ╛┌╠└╜±ñ¼╠╡ñ»íóÑ»ÑΘÑñÑóÑ≤Ñ╚ñ╚Ñ╡í╝Ñ╨ñ╬╗÷┴░ñ╬─╠┐«ñ¼╠╡ññ╛∞╣τñ╧ Diffie-Hellman ╕░╕≥┤╣ñ≥╗╚ñª ñ╩ñ╔══í╣ñ╩╕░╕≥┤╣ÑóÑδÑ┤ÑΩÑ║Ñαñ≥Ñ╡Ñ▌í╝Ñ╚ñ╖ñ▐ñ╣íú</p> <p>╕░ñ╬╕≥┤╣╩²╦íñ╦ñ¬ñ▒ñδ░∞ñ─ñ╬┴¬┬≥╗Φñ╧┼┼╗╥╜≡╠╛ñ╟ñ╣íú ┼┼╗╥╜≡╠╛ñ≥╗╚ñªñ½ñ╔ñªñ½íóñ▐ñ┐íó ñ╔ñ╬╝∩╬αñ╬╜≡╠╛ñ≥╗╚ñªñ½ñ╚ñññª┴¬┬≥ñ¼ñóñΩñ▐ñ╣íú ╚δ╠⌐╕░ñ╟╜≡╠╛ñ╣ñδñ│ñ╚ñ╟╢ª═¡╕░ñ≥└╕└«ñ╣ñ╖íó╛≡╩≤╕≥┤╣ñ╣ñδ╗■ñ╬ Ñ▐Ñ≤íªÑñÑ≤íªÑ╢íªÑ▀Ñ╔Ñδ╣╢╖Γñ≥╦╔ñ░ñ│ñ╚ñ¼ñ╟ñ¡ñ▐ñ╣íú [<a href="#AC96">AC96</a>, p516]</p> <h3><a name="ciphertransfer" id="ciphertransfer">Ñ╟í╝Ñ┐─╠┐«ñ╬░┼╣µ╜╤</a></h3> <p>SSL ñ╧Ñ╗Ñ├Ñ╖ÑτÑ≤ñ╬ÑßÑ├Ñ╗í╝Ñ╕ñ╬░┼╣µ▓╜ñ╦┴░╜╥ñ╖ñ┐ ╜╛═Φ╖┐░┼╣µ(┬╨╛╬░┼╣µ)ñ≥═╤ñññ▐ñ╣íú ░┼╣µ▓╜ñ╖ñ╩ñññ╚ñññª┴¬┬≥╗ΦñΓ┤▐ñß╢σñ─ñ╬┴¬┬≥╗Φñ¼ñóñΩñ▐ñ╣:</p> <ul> <li>░┼╣µ▓╜ñ╩ñ╖</li> <li>Ñ╣Ñ╚ÑΩí╝Ñα░┼╣µ <ul> <li>40-bit ╕░ñ╟ñ╬ RC4</li> <li>128-bit ╕░ñ╟ñ╬ RC4</li> </ul></li> <li>CBC Ñ╓ÑφÑ├Ñ»░┼╣µ <ul><li>40 bit ╕░ñ╟ñ╬ RC2</li> <li>40 bit ╕░ñ╟ñ╬ DES</li> <li>56 bit ╕░ñ╟ñ╬ DES</li> <li>168 bit ╕░ñ╟ñ╬ Triple-DES</li> <li>Idea (128 bit ╕░)</li> <li>Fortezza (96 bit ╕░)</li> </ul></li> </ul> <p>ñ│ñ│ñ╟ñ╬ CBC ñ╚ñ╧░┼╣µÑ╓ÑφÑ├Ñ»╧ó║┐ (Cipher Block Chaining) ñ╬╬¼ñ╟íó░∞ñ─┴░ñ╬░┼╣µ▓╜ñ╡ñ∞ñ┐░┼╣µ╩╕ñ╬░∞╔⌠ñ¼ Ñ╓ÑφÑ├Ñ»ñ╬░┼╣µ▓╜ñ╦╗╚ñ∩ñ∞ñδñ│ñ╚ñ≥░╒╠úñ╖ñ▐ñ╣íú DES ñ╧Ñ╟í╝Ñ┐░┼╣µ▓╜╔╕╜α╡¼│╩ (Data Encryption Standard) [<a href="#AC96">AC96</a>, ch12] ñ╬╬¼ñ╟íó DES40 ñΣ 3DES_EDE ñ≥┤▐ñαñññ»ñ─ñΓñ╬╝∩╬αñ¼ñóñΩñ▐ñ╣íú Idea ñ╧║╟╣Γñ╩ñΓñ╬ñ╬░∞ñ─ñ╟íó░┼╣µ╜╤┼¬ñ╦ñ╧╕╜║▀ñóñδ├µñ╟ ║╟ñΓ╢»╬╧ñ╩ñΓñ╬ñ╟ñ╣íú RC2 ñ╧ RSA DSI ñ╦ñΦñδ╞╚└Ω┼¬ñ╩ÑóÑδÑ┤ÑΩÑ║Ñαñ╟ñ╣íú [<a href="#AC96">AC96</a>, ch13]</p> <h3><a name="digestfuntion" id="digestfuntion">Ñ└ÑñÑ╕ѺÑ╣Ñ╚┤╪┐⌠</a></h3> <p> Ñ└ÑñÑ╕ѺÑ╣Ñ╚┤╪┐⌠ñ╬┴¬┬≥ñ╧Ñ∞Ñ│í╝Ñ╔ѵÑ╦Ñ├Ñ╚ñ½ñΘñ╔ñ╬ñΦñªñ╦Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ¼└╕└«ñ╡ñ∞ñδñ½ñ≥╖Φ─Ωñ╖ñ▐ñ╣íú SSL ñ╧░╩▓╝ñ≥Ñ╡Ñ▌í╝Ñ╚ñ╖ñ▐ñ╣:</p> <ul> <li>Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ╩ñ╖</li> <li>MD5 (128-bit Ñ╧Ñ├Ñ╖Ñσ)</li> <li>Secure Hash Algorithm (SHA-1) (160-bit Ñ╧Ñ├Ñ╖Ñσ)</li> </ul> <p>ÑßÑ├Ñ╗í╝Ñ╕Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñ╧ Message Authentication Code (MAC) ñ╬└╕└«ñ╦╗╚ñ∩ñ∞íóÑßÑ├Ñ╗í╝Ñ╕ñ╚╢ªñ╦░┼╣µ▓╜ñ╡ñ∞íóÑßÑ├Ñ╗í╝Ñ╕ñ╬┐«═╤ñ≥ ─≤╢íñ╖íóÑΩÑ╫Ñ∞Ññ╣╢╖Γñ≥╦╔ñ«ñ▐ñ╣íú</p> <h3><a name="handshake" id="handshake">Ñ╧Ñ≤Ñ╔Ñ╖Ѻí╝Ñ»Ñ╖í╝ѻѿÑ≤Ñ╣Ñ╫ÑφÑ╚Ñ│Ñδ</a></h3> <p>Ñ╧Ñ≤Ñ╔Ñ╖Ѻí╝Ñ»Ñ╖í╝ѻѿÑ≤Ñ╣ñ╧╗░ñ─ñ╬Ñ╫ÑφÑ╚Ñ│Ñδñ≥╗╚ñññ▐ñ╣:</p> <ul> <li><dfn>SSL Ñ╧Ñ≤Ñ╔Ñ╖Ѻí╝Ñ»Ñ╫ÑφÑ╚Ñ│Ñδ</dfn>ñ╧ Ñ»ÑΘÑñÑóÑ≤Ñ╚ñ╚Ñ╡í╝Ñ╨┤╓ñ╟ñ╬ SSL Ñ╗Ñ├Ñ╖ÑτÑ≤ñ╬│╬╬⌐ñ╦╗╚ñ∩ñ∞ñ▐ñ╣íú</li> <li><dfn>SSL ░┼╣µ╗┼══╩╤╣╣Ñ╫ÑφÑ╚Ñ│Ñδ</dfn>ñ╧ Ñ╗Ñ├Ñ╖ÑτÑ≤ñ╟ñ╬░┼╣µÑ╣Ññí╝Ñ╚ñ╬╝ΦñΩ╖Φñßñ╦╗╚ñ∩ñ∞ñ▐ñ╣íú</li> <li><dfn>SSL ╖┘╣≡Ñ╫ÑφÑ╚Ñ│Ñδ</dfn>ñ╧ Ñ»ÑΘÑñÑóÑ≤Ñ╚Ñ╡í╝Ñ╨┤╓ñ╟ SSL Ñ¿ÑΘí╝ñ≥┼┴├úñ╣ñδñ╬ñ╦╗╚ñ∩ñ∞ñ▐ñ╣íú</li> </ul> <p>╗░ñ─ñ╬Ñ╫ÑφÑ╚Ñ│Ñδñ╧íóÑóÑ╫ÑΩÑ▒í╝Ñ╖ÑτÑ≤Ñ╫ÑφÑ╚Ñ│ÑδÑ╟í╝Ñ┐ñ╚ñ╚ñΓñ╦íó <a href="#figure2">┐▐2</a>ñ╦╝¿ñ╣ñ╚ñ¬ñΩ <dfn>SSL Ñ∞Ñ│í╝Ñ╔Ñ╫ÑφÑ╚Ñ│Ñδ</dfn> ñ╟ѽÑ╫Ñ╗Ñδ▓╜ñ╡ñ∞ñ▐ñ╣íú ѽÑ╫Ñ╗Ñδ▓╜ñ╡ñ∞ñ┐Ñ╫ÑφÑ╚Ñ│Ñδñ╧Ñ╟í╝Ñ┐ñ≥╕í║║ñ╖ñ╩ññ ▓╝┴╪ñ╬Ñ╫ÑφÑ╚Ñ│Ñδñ╦ñΦñ├ñ╞Ñ╟í╝Ñ┐ñ╚ñ╖ñ╞┼┴├úñ╡ñ∞ñ▐ñ╣íú ѽÑ╫Ñ╗Ñδ▓╜ñ╡ñ∞ñ┐Ñ╫ÑφÑ╚Ñ│Ñδñ╧▓╝┴╪ñ╬Ñ╫ÑφÑ╚Ñ│Ñδñ╦┤╪ñ╖ñ╞░∞└┌┤╪├╬ñ╖ñ▐ñ╗ñ≤íú</p> <p class="figure"> <img src="../images/ssl_intro_fig2.gif" alt="" width="428" height="217" /><br /> <a id="figure2" name="figure2"><dfn>┐▐2</dfn></a>: SSL Ñ╫ÑφÑ╚Ñ│ÑδÑ╣Ñ┐Ñ├Ñ» </p> <p> Ñ∞Ñ│í╝Ñ╔Ñ╫ÑφÑ╚Ñ│Ñδñ╦ñΦñδ SSL Ñ│Ñ≤Ñ╚Ñφí╝ÑδÑ╫ÑφÑ╚Ñ│Ñδñ╬ѽÑ╫Ñ╗Ñδ▓╜ñ╧íó ÑóÑ»Ñ╞ÑúÑ╓ñ╩Ñ╗Ñ├Ñ╖ÑτÑ≤ñ╬╞≤▓≤╠▄ñ╬─╠┐«ñ¼ñóñ├ñ┐╛∞╣τíó Ñ│Ñ≤Ñ╚Ñφí╝ÑδÑ╫ÑφÑ╚Ñ│Ñδñ¼░┬┴┤ñ╟ñóñδñ│ñ╚ñ≥░╒╠úñ╖ñ▐ñ╣íú ┤√ñ╦Ñ╗Ñ├Ñ╖ÑτÑ≤ñ¼╠╡ññ╛∞╣τñ╧íóNull ░┼╣µÑ╣Ññí╝Ñ╚ñ¼╗╚ñ∩ñ∞íó ░┼╣µ▓╜ñ╧╣╘ñ╩ñ∩ñ∞ñ║íóÑ╗Ñ├Ñ╖ÑτÑ≤ñ¼│╬╬⌐ñ╣ñδñ▐ñ╟ñ╧ Ñ└ÑñÑ╕ѺÑ╣Ñ╚ñΓ╠╡ññ╛⌡┬╓ñ╚ñ╩ñΩñ▐ñ╣íú</p> <h3><a name="datatransfer" id="datatransfer">Ñ╟í╝Ñ┐─╠┐«</a></h3> <p><a href="#figure3">┐▐3</a>ñ╦╝¿ñ╡ñ∞ñδ SSL Ñ∞Ñ│í╝Ñ╔Ñ╫ÑφÑ╚Ñ│Ñδ ñ╧Ñ»ÑΘÑñÑóÑ≤Ñ╚ñ╚Ñ╡í╝Ñ╨┤╓ñ╬ÑóÑ╫ÑΩÑ▒í╝Ñ╖ÑτÑ≤ñΣ SSL Ñ│Ñ≤Ñ╚Ñφí╝ÑδÑ╟í╝Ñ┐ñ╬─╠┐«ñ╦╗╚ñ∩ñ∞ñ▐ñ╣íú ñ│ñ╬Ñ╟í╝Ñ┐ñ╧ñΦñΩ╛«ñ╡ññѵÑ╦Ñ├Ñ╚ñ╦╩¼ñ▒ñΘñ∞ñ┐ñΩíó ñññ»ñ─ñ½ñ╬╣Γ╡ΘÑ╫ÑφÑ╚Ñ│Ñδñ≥ñ▐ñ╚ñßñ╞░∞ѵÑ╦Ñ├Ñ╚ñ╚ñ╖ñ╞─╠┐«ñ¼ ╣╘ñ╩ñ∩ñ∞ñδñ│ñ╚ñΓñóñΩñ▐ñ╣íú Ñ╟í╝Ñ┐ñ≥░╡╜╠ñ╖íóÑ└ÑñÑ╕ѺÑ╣Ñ╚╜≡╠╛ñ≥┼║╔╒ñ╖ñ╞íó ñ│ñ∞ñΘñ╬ѵÑ╦Ñ├Ñ╚ñ≥░┼╣µ▓╜ñ╖ñ┐ñ╬ñ┴íóÑ┘í╝Ñ╣ñ╚ñ╩ñ├ñ╞ñññδ ┐«═Ω└¡ñ╬ñóñδÑ╚ÑΘÑ≤Ñ╣Ñ▌í╝Ñ╚Ñ╫ÑφÑ╚Ñ│Ñδñ≥═╤ñññδñ½ñΓñ╖ñ∞ñ▐ñ╗ñ≤íú (├φ░╒: ╕╜║▀ÑßÑ╕Ñπí╝ñ╩ SLL ╝┬┴⌡ñ╟░╡╜╠ñ≥Ñ╡Ñ▌í╝Ñ╚ñ╖ñ╞ñññδñΓñ╬ñ╧ñóñΩñ▐ñ╗ñ≤)</p> <p class="figure"> <img src="../images/ssl_intro_fig3.gif" alt="" width="423" height="323" /><br /> <a id="figure3" name="figure3"><dfn>┐▐ 3</dfn></a>: SSL Ñ∞Ñ│í╝Ñ╔Ñ╫ÑφÑ╚Ñ│Ñδ </p> <h3><a name="securehttp" id="securehttp">HTTP ─╠┐«ñ╬░┬┴┤▓╜</a></h3> <p>ñΦñ»ñóñδ SSL ñ╬╗╚ññ╩²ñ╧Ñ╓ÑΘѪÑ╢ñ╚ѪѺÑ╓Ñ╡í╝Ñ╨┤╓ñ╬ HTTP ─╠┐« ñ╬░┬┴┤▓╜ñ╟ñ╣íú ñ│ñ∞ñ╧íó╜╛═Φñ╬░┬┴┤ñ╟ñ╧ñ╩ññ HTTP ñ╬╗╚═╤ñ≥╜ⁿ│░ñ╣ñδñΓñ╬ñ╟ñ╧ñóñΩñ▐ñ╗ñ≤íú ░┬┴┤▓╜ñ╡ñ∞ñ┐ñΓñ╬ñ╧╝τñ╦ SSH ╛σñ╬╔ß─╠ñ╬ HTTP ñ╟íóHTTPS ñ╚╕╞ñ╨ñ∞ñ▐ñ╣íú ┬τñ¡ñ╩░πñññ╧íóURL Ñ╣Ñ¡í╝Ñαñ╦ <code>http</code> ñ╬┬σñ∩ñΩñ╦ <code>https</code> ñ≥═╤ññíóÑ╡í╝Ñ╨ñ¼╩╠ñ╬Ñ▌í╝Ñ╚ñ≥╗╚ñªñ│ñ╚ñ╟ñ╣ (Ñ╟Ñ╒Ñ⌐ÑδÑ╚ñ╟ñ╧443)íú ñ│ñ∞ñ¼╝τñ╦ <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ñ¼ Apache ѪѺÑ╓Ñ╡í╝Ñ╨ñ╦─≤╢íñ╣ñδ╡í╟╜ñ╟ñ╣íú</p> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="references" id="references">╗▓╣═╩╕╕Ñ</a></h2> <dl> <dt><a id="AC96" name="AC96">[AC96]</a></dt> <dd>Bruce Schneier, <q>Applied Cryptography</q>, 2nd Edition, Wiley, 1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for various other materials by Bruce Schneier.</dd> <dt><a id="X208" name="X208">[X208]</a></dt> <dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation One (ASN.1)</q>, 1988. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I</a>. </dd> <dt><a id="X509" name="X509">[X509]</a></dt> <dd>ITU-T Recommendation X.509, <q>The Directory - Authentication Framework</q>. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509</a>. </dd> <dt><a id="PKCS" name="PKCS">[PKCS]</a></dt> <dd><q>Public Key Cryptography Standards (PKCS)</q>, RSA Laboratories Technical Notes, See <a href="http://www.rsasecurity.com/rsalabs/pkcs/">http://www.rsasecurity.com/rsalabs/pkcs/</a>.</dd> <dt><a id="MIME" name="MIME">[MIME]</a></dt> <dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</q>, RFC2045. See for instance <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd> <dt><a id="SSL2" name="SSL2">[SSL2]</a></dt> <dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd> <dt><a id="SSL3" name="SSL3">[SSL3]</a></dt> <dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol Version 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.txt">http://www.netscape.com/eng/ssl3/draft302.txt</a>.</dd> <dt><a id="TLS1" name="TLS1">[TLS1]</a></dt> <dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>, 1999. See <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd> </dl> </div></div> <div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../ja/ssl/ssl_intro.html" title="Japanese"> ja </a></p> </div><div id="footer"> <p class="apache">Copyright 1995-2006 The Apache Software Foundation or its licensors, as applicable.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> <p class="menu"><a href="../mod/">ÑΓÑ╕Ñσí╝Ñδ</a> | <a href="../mod/directives.html">Ñ╟ÑúÑ∞Ñ»Ñ╞ÑúÑ╓</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">═╤╕∞</a> | <a href="../sitemap.html">Ñ╡ÑñÑ╚Ñ▐Ñ├Ñ╫</a></p></div> </body></html>