netcert 产品 faq - sso.infosec.com.cn
TRANSCRIPT
5. NetCert6.1 ..................................................
4
6. IE 800… .......................................... 6
7. NetCert MySQL ................................................................................. 7
8. id .............................................................................................. 7
9. oracle V6.1CAKMC ............................................ 7
10. ................................................................................................. 7
13. NetCert-KMC6.1 CA ................................. 18
14. ............................................................................................... 18
16. 613902011 ............................................................... 19
18. OCSPclient ,internalError ...................................................................... 21
......................................................................................................................... 21
21. SM1 KMC CA6.2 CAAdmin
................................................................................................... 24
23. CA ................................................. 25
24. CA6.2 CA CA KMC RA ......... 25
25. ca5.5 dn ..................................................... 25
NetCertRA ................................................................................................................ 26
4. Demo6.1 linux tomcat .................... 28
5. RA ............................................................... 28
10. RA6.1 -10054 ................................................... 34
11. -10029 ............................................................................................... 37
14. sm2 61990104................................. 38
15. oracle , ............................................ 39
16. 61380212 ................................ 39
17. RA ................................................................ 39
18. KEY KEY ................................................................... 39
19. RA6.2 RSA ...................................... 40
....................................................................................................................... 40
2. CA ..................................................................................... 41
4. RA 130013kmc ......................... 41
5. HSM[ SJJ1507] NOT support ............................... 42
6. RA ...................................................................................... 42
pa
license
cassl.jks p10 p10
cassl.jks ca
2. CA
CA PA CA_SSL 10
(2)PA CA CAadmin PA
CA_SSL PA CAadmin PA
CA_SSL CA CAadmin PA
CA_SSL PA CAadmin
SECURE_communication Keytool
P10 PA CA_SSL P10
store.jis storejks cert ssl.jks caserver.xml
ssl.jkss jks caserrver.jks CA
3. OCSP
OCSP
CA6.1 keyLDAP
key LDAP
SJJ1115 B Oracle10g/11g ArgusKey300 Auto Novell
SJJ0929 Sybase V15.0.3 ArgusKey100 Auto OpenLDAP
SJJ1308 MariaDB 10.0
SJY42C key
SJJ1310 key
SHJ0901 A/B key
SHJ0901-C key
key 3
ArgusKey300 Auto
ArgusKey100 Auto CA
ArguSec
CERTTYPENAME='ee_sign'
standalone="yes" ?><certtemplate><base><certificateversion>3</certificateve
rsion>
ycanb
th>1024
nsions>< level1extensions><extension name="KEY USAGE" OID="2.5.29.15"
iscritical="false"><entry name="DIGITALSIGNATURE" value="true" /><entry
name="NONREPUDIATION" value="true" /></extension><extension
name="BASIC CONSTRAINTS" OID="2.5.29.19" iscritical="false"><entry
name="ISCA" value="false"
name="ID_KP_EMAILPROTECTION" value="true" /> </extension><extension
name="CRL DISTRIBUTION POINTS" OID="2.5.29.31"
iscritical="false"><point type="DIR" appendsysbasedn="true"
basecdp="cn=crl*,ou=crl"
/></extension><extension name="NETSCAPECERTTYPE"
/></extension></level1extensions><level3extensions><allowappend>false</al
lowap
<certpu
publi
ish><
update CA_CERTTEMPLATE set CERTTEMPLATE='
Xml
CERTTEMPLATE …->
xml ->->
plsql -> F10
CERTTYPENAME=''
CA_CERTTEMPLATE ISUSED
0 ca caAdmin PA
CA
MySQL
CA5.5 MySQL 6.1 cakmc mariaDB
mariaDB MySQL
8. id
id
9. oracle V6.1CAKMC
V6.1 CAKMC ojdbc14.jar Oracle10.2 Oracle11g
oracle12C ojdbc6.jar
V6.1 CA KMC Oracle10.1 Oracle
CSP Microsoft Base Cryptographic Provider v1.0
CA
2
64 IE 64 IE
IE 64
window iexplore.exe 32 IE
32 IE
SSL server requires client certificate
-
2 chrome
chrome google chrome-
4 chrome
chrome
CA
11. CA
/lib/ld-linux-x86-64.so.2: bad ELF interpreter: No such file or directory
yum
[local_server]
name=This is a local repo baseurl=file:///mnt enabled=1
gpgcheck=0
2
CA systemctl stop firewalld
swsds.ini etc
#SWXA
logfile=swsds.log maxsize=10 [HSM1]
ip=36.33.225.190
[ConnectionPool] PoolSize=5
3CA
db2 "create bufferpool BP_16K size 5000 pagesize 16 K"
CA
schemaUser Schema
Schema
Schema
BO:ee_sign
SECURE_COMM
license
hostname /etc/hosts
license
SHA256withRSA 12345678 ./ 1234567812345678
SM3withSM2 12345678 ./ 1234567812345678
7RA
RA
8RA
RA CA SubCA_BA BO CAAdmin
RA ee_sign advance
10 CA
CA
bank‘’’ ca
jsp
Ca ca
Ca ca
AUTCAINO
12RA
RA
MYSQL
decimal
KMCServer6.1.003.3_linux CA
KMC
select * from AUTHCA_INFO
'
16. 613902011
secure_comm secure_comm_enc
17. LDAP 0
openldap LDAP O CN CA
18. OCSPclient ,internalError
)
19. Table_SELFINFO doesn‘t existSELFINFO
MySQL
CA 22345 debug
CA tomcat
CA cert cassl.jks
cassl.jks
CA caadmin ca
21. SM1 KMC CA6.2 CAAdmin
CAAdmin
AlgorithmEnc=SM4 SM1
2020Q3
23. CA
oracle 2020Q4
24. CA6.2 CA CA KMC RA
KMC RA 2020Q4
25. ca5.5 dn
firstpa caadmin DN DN
2020Q4
NetCertRA
SM2 id SM2id.conf
RA
sm2id.conf
server lib /opt/IBM/WebSphere_32/profiles/AppSrv01/lib
Tomcat tomcat bin lib
NetCertRAServer5.5
Struts
CVE-2017-5638
-spring-plugin-2.3.28.1.jarxwork-core-2.3.28.1.jarognl-3.0.14.jar comm
ons-fileupload-1.2.1.jar jar lib
CBRCRA_6.1.001.6-CBRCRA_6.1.001.7
WEB-INF\lib struts2-core-2.3.28.1.jar
struts2-spring-plugin-2.3.28.1.jarxwork-core-2.3.28.1.jarognl-3.0.14.jar
struts2-spring-plugin-2.3.15.1.jarxwork-core-2.3.15.1.jarognl-3.0.6.jar
UTF8
tomcat
linux UTF8 zh_CN.GBK
PC
netsign.properties
RSA
netsign.properties nsSignMode = 3 1
1 rsa 2 3 rsa 4
CA 22345 debug
CA tomcat
CA cert cassl.jks
cassl.jks
CA caadmin ca
CA RA CA RA
config.xml CA CA
CommunicationsRA6.1.003.6
mysql
[mysqld] lower_case_table_names=1 0:
;1:
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[mysqld] #
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. #
innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging #
changes to the binary log between backups.
# log_bin #
# Remove leading # to set options mainly useful for reporting servers. # The
server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values. #
join_buffer_size = 128M
# sort_buffer_size = 2M
symbolic-links=0
log-error=/var/log/mysqld.log
11. -10029
KEY
genCSR.sh p10 rads.csrrads.jks p10
CAAdmin
15. oracle ,
linux
ssl_server
18. KEY KEY
19. RA6.2 RSA
6.1.003.3_(WST) KMC Server 6.1.003.3
meWork_6.1.003.3 kmc server
ServerFrameWork jar
3. CA RA
x1000039
4. RA 130013kmc
5. HSM[ SJJ1507] NOT support
tacipher.ini tomcat/bin
libSDF_SJJ1507.so /home/nativelib ,
/etc/profile
/genCSR.sh "cn=ra,c=cn" SJJ1507 10 2048 SHA256withRSA
11111111 ./ ()
7. CA6.2
NetCertFAQ
5. NetCert6.1
7. NetCert MySQL
8. id
10.
2
12RA
20. CA
21. SM1KMCCA6.2CAAdmin
10. RA6.1-10054
11. -10029
14. sm261990104
17. RA
18. KEYKEY
2. CA
5. HSM[SJJ1507] NOT support
6. RA
7. CA6.2
6. IE 800… .......................................... 6
7. NetCert MySQL ................................................................................. 7
8. id .............................................................................................. 7
9. oracle V6.1CAKMC ............................................ 7
10. ................................................................................................. 7
13. NetCert-KMC6.1 CA ................................. 18
14. ............................................................................................... 18
16. 613902011 ............................................................... 19
18. OCSPclient ,internalError ...................................................................... 21
......................................................................................................................... 21
21. SM1 KMC CA6.2 CAAdmin
................................................................................................... 24
23. CA ................................................. 25
24. CA6.2 CA CA KMC RA ......... 25
25. ca5.5 dn ..................................................... 25
NetCertRA ................................................................................................................ 26
4. Demo6.1 linux tomcat .................... 28
5. RA ............................................................... 28
10. RA6.1 -10054 ................................................... 34
11. -10029 ............................................................................................... 37
14. sm2 61990104................................. 38
15. oracle , ............................................ 39
16. 61380212 ................................ 39
17. RA ................................................................ 39
18. KEY KEY ................................................................... 39
19. RA6.2 RSA ...................................... 40
....................................................................................................................... 40
2. CA ..................................................................................... 41
4. RA 130013kmc ......................... 41
5. HSM[ SJJ1507] NOT support ............................... 42
6. RA ...................................................................................... 42
pa
license
cassl.jks p10 p10
cassl.jks ca
2. CA
CA PA CA_SSL 10
(2)PA CA CAadmin PA
CA_SSL PA CAadmin PA
CA_SSL CA CAadmin PA
CA_SSL PA CAadmin
SECURE_communication Keytool
P10 PA CA_SSL P10
store.jis storejks cert ssl.jks caserver.xml
ssl.jkss jks caserrver.jks CA
3. OCSP
OCSP
CA6.1 keyLDAP
key LDAP
SJJ1115 B Oracle10g/11g ArgusKey300 Auto Novell
SJJ0929 Sybase V15.0.3 ArgusKey100 Auto OpenLDAP
SJJ1308 MariaDB 10.0
SJY42C key
SJJ1310 key
SHJ0901 A/B key
SHJ0901-C key
key 3
ArgusKey300 Auto
ArgusKey100 Auto CA
ArguSec
CERTTYPENAME='ee_sign'
standalone="yes" ?><certtemplate><base><certificateversion>3</certificateve
rsion>
ycanb
th>1024
nsions>< level1extensions><extension name="KEY USAGE" OID="2.5.29.15"
iscritical="false"><entry name="DIGITALSIGNATURE" value="true" /><entry
name="NONREPUDIATION" value="true" /></extension><extension
name="BASIC CONSTRAINTS" OID="2.5.29.19" iscritical="false"><entry
name="ISCA" value="false"
name="ID_KP_EMAILPROTECTION" value="true" /> </extension><extension
name="CRL DISTRIBUTION POINTS" OID="2.5.29.31"
iscritical="false"><point type="DIR" appendsysbasedn="true"
basecdp="cn=crl*,ou=crl"
/></extension><extension name="NETSCAPECERTTYPE"
/></extension></level1extensions><level3extensions><allowappend>false</al
lowap
<certpu
publi
ish><
update CA_CERTTEMPLATE set CERTTEMPLATE='
Xml
CERTTEMPLATE …->
xml ->->
plsql -> F10
CERTTYPENAME=''
CA_CERTTEMPLATE ISUSED
0 ca caAdmin PA
CA
MySQL
CA5.5 MySQL 6.1 cakmc mariaDB
mariaDB MySQL
8. id
id
9. oracle V6.1CAKMC
V6.1 CAKMC ojdbc14.jar Oracle10.2 Oracle11g
oracle12C ojdbc6.jar
V6.1 CA KMC Oracle10.1 Oracle
CSP Microsoft Base Cryptographic Provider v1.0
CA
2
64 IE 64 IE
IE 64
window iexplore.exe 32 IE
32 IE
SSL server requires client certificate
-
2 chrome
chrome google chrome-
4 chrome
chrome
CA
11. CA
/lib/ld-linux-x86-64.so.2: bad ELF interpreter: No such file or directory
yum
[local_server]
name=This is a local repo baseurl=file:///mnt enabled=1
gpgcheck=0
2
CA systemctl stop firewalld
swsds.ini etc
#SWXA
logfile=swsds.log maxsize=10 [HSM1]
ip=36.33.225.190
[ConnectionPool] PoolSize=5
3CA
db2 "create bufferpool BP_16K size 5000 pagesize 16 K"
CA
schemaUser Schema
Schema
Schema
BO:ee_sign
SECURE_COMM
license
hostname /etc/hosts
license
SHA256withRSA 12345678 ./ 1234567812345678
SM3withSM2 12345678 ./ 1234567812345678
7RA
RA
8RA
RA CA SubCA_BA BO CAAdmin
RA ee_sign advance
10 CA
CA
bank‘’’ ca
jsp
Ca ca
Ca ca
AUTCAINO
12RA
RA
MYSQL
decimal
KMCServer6.1.003.3_linux CA
KMC
select * from AUTHCA_INFO
'
16. 613902011
secure_comm secure_comm_enc
17. LDAP 0
openldap LDAP O CN CA
18. OCSPclient ,internalError
)
19. Table_SELFINFO doesn‘t existSELFINFO
MySQL
CA 22345 debug
CA tomcat
CA cert cassl.jks
cassl.jks
CA caadmin ca
21. SM1 KMC CA6.2 CAAdmin
CAAdmin
AlgorithmEnc=SM4 SM1
2020Q3
23. CA
oracle 2020Q4
24. CA6.2 CA CA KMC RA
KMC RA 2020Q4
25. ca5.5 dn
firstpa caadmin DN DN
2020Q4
NetCertRA
SM2 id SM2id.conf
RA
sm2id.conf
server lib /opt/IBM/WebSphere_32/profiles/AppSrv01/lib
Tomcat tomcat bin lib
NetCertRAServer5.5
Struts
CVE-2017-5638
-spring-plugin-2.3.28.1.jarxwork-core-2.3.28.1.jarognl-3.0.14.jar comm
ons-fileupload-1.2.1.jar jar lib
CBRCRA_6.1.001.6-CBRCRA_6.1.001.7
WEB-INF\lib struts2-core-2.3.28.1.jar
struts2-spring-plugin-2.3.28.1.jarxwork-core-2.3.28.1.jarognl-3.0.14.jar
struts2-spring-plugin-2.3.15.1.jarxwork-core-2.3.15.1.jarognl-3.0.6.jar
UTF8
tomcat
linux UTF8 zh_CN.GBK
PC
netsign.properties
RSA
netsign.properties nsSignMode = 3 1
1 rsa 2 3 rsa 4
CA 22345 debug
CA tomcat
CA cert cassl.jks
cassl.jks
CA caadmin ca
CA RA CA RA
config.xml CA CA
CommunicationsRA6.1.003.6
mysql
[mysqld] lower_case_table_names=1 0:
;1:
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[mysqld] #
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. #
innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging #
changes to the binary log between backups.
# log_bin #
# Remove leading # to set options mainly useful for reporting servers. # The
server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values. #
join_buffer_size = 128M
# sort_buffer_size = 2M
symbolic-links=0
log-error=/var/log/mysqld.log
11. -10029
KEY
genCSR.sh p10 rads.csrrads.jks p10
CAAdmin
15. oracle ,
linux
ssl_server
18. KEY KEY
19. RA6.2 RSA
6.1.003.3_(WST) KMC Server 6.1.003.3
meWork_6.1.003.3 kmc server
ServerFrameWork jar
3. CA RA
x1000039
4. RA 130013kmc
5. HSM[ SJJ1507] NOT support
tacipher.ini tomcat/bin
libSDF_SJJ1507.so /home/nativelib ,
/etc/profile
/genCSR.sh "cn=ra,c=cn" SJJ1507 10 2048 SHA256withRSA
11111111 ./ ()
7. CA6.2
NetCertFAQ
5. NetCert6.1
7. NetCert MySQL
8. id
10.
2
12RA
20. CA
21. SM1KMCCA6.2CAAdmin
10. RA6.1-10054
11. -10029
14. sm261990104
17. RA
18. KEYKEY
2. CA
5. HSM[SJJ1507] NOT support
6. RA
7. CA6.2