1. Trang chủ >
  2. Công Nghệ Thông Tin >
  3. An ninh - Bảo mật >

Appendix B. Granting access to the *SYSTEM certificate store

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (9.81 MB, 506 trang )


Figure 300. Giving access to the *SYSTEM certificate store 1



4. Double-click All Users, or Groups, to expand.

5. Double-click the user profile or group profile you want to give access to so

that their properties are displayed, as shown in Figure 301.



Figure 301. Giving access to the *SYSTEM certificate store 2



6. Click Capabilities and then the Applications tab. You will see the display

in Figure 302.



412



iSeries Wired Network Security



Figure 302. Giving access to the *SYSTEM certificate store 3



7. Open the Access for: drop-down list and select Host applications.

8. A list of the existing host applications will be displayed. Expand Digital

Certificate Manager (DCM).

9. A list of DCM options will appear including *SYSTEM certificate store.

See Figure 303.



Figure 303. Giving access to the *SYSTEM certificate store



Appendix B. Granting access to the *SYSTEM certificate store



413



10.Check the box to the right of *SYSTEM Certificate Store.

11.Finally click OK to exit the Capabilities window and click OK again to exit

the user properties window.

12.Repeat for the all the user profiles that need authority to the *SYSTEM

certificate store.

Note



It is a bad idea to grant specific authorities to multiple user profiles for

anything, because this becomes too hard to manage. It is better to create a

group profile, grant the authority once to it, and give the group profile to the

users that require access to the object.

Keep your authority scheme as simple as possible. Otherwise,

management becomes difficult and confidence in the integrity of your

scheme is hard to maintain.

It is also a bad idea to try to directly grant users authority to the *SYSTEM

certificate store files. This requires giving authority to a number of

directories that users have no need to access.



414



iSeries Wired Network Security



Appendix C. Enabling SSL for the ADMIN server instance

Through the AS/400 Tasks page, you can configure, for example the HTTP

Server for AS/400, the Digital Certificate Manager, or the 4758 PCI

Cryptographic Coprocessor for iSeries. The configuration of these

applications requires that sensitive and confidential data is sent between the

administrator’s Web browser and the iSeries or AS/400 system. To securely

transmit this data, you have to enable SSL for the ADMIN server instance of

the HTTP Server.

The tasks to enable SSL for the ADMIN HTTP server instance are:

• Changing the ADMIN HTTP configuration.

• Assign a server certificate to the ADMIN server.

• Restarting the server to activate the configuration changes.

Note that the ADMIN server instance in V5R1 runs as an HTTP Server

(powered by Apache) instance.



C.1 Changing the ADMIN server configuration

The following steps show how to enable SSL for the ADMIN server:

1. Start a Web browser and go to the AS/400 Tasks page using the URL:

http://servername:2001



2. Select IBM HTTP Server for AS/400 from the AS/400 Tasks page. The

main page of the IBM HTTP Server for AS/400 is displayed (Figure 304 on

page 416).



© Copyright IBM Corp. 2001



415



Figure 304. IBM HTTP Server for AS/400 main page



3. Click Configuration and Administration in the left pane of the window to

open the HTTP Server configuration and administration tasks.

4. Click the Configurations tab and select ADMIN from the Configuration for

server list. You see the display shown in Figure 305.



416



iSeries Wired Network Security



Xem Thêm

Tài liệu liên quan

Tải bản đầy đủ (.pdf) (506 trang)

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×