Nws pib li cas
Thaum pib ntawm lub sijhawm cais tus kheej, kuv tau txais tsab ntawv hauv kev xa ntawv:
Thawj qhov kev tshwm sim yog ntuj: koj yuav tsum mus rau cov cim, lossis lawv yuav tsum tau coj, tab sis txij li hnub Monday peb txhua tus tau zaum hauv tsev, muaj kev txwv tsis pub txav mus los, thiab leej twg yog ntuj raug txim? Yog li ntawd, cov lus teb yog heev natural:
Thiab raws li peb txhua tus paub, txij hnub Monday, Plaub Hlis 1, lub sijhawm ntawm kev cais tus kheej nruj heev tau pib. Peb txhua tus tau hloov mus ua haujlwm nyob deb thiab peb kuj xav tau VPN. Peb VPN yog raws li OpenVPN, tab sis hloov kho los txhawb Lavxias teb sab crypto txiaj thiab muaj peev xwm ua haujlwm nrog PKCS # 11 tokens thiab PKCS # 12 ntim. Lawm, nws tau muab tawm tias peb tus kheej tsis tau npaj txhij ua haujlwm ntawm VPN: ntau yam tsis muaj daim ntawv pov thawj, thiab qee qhov tau tas sijhawm.
Cov txheej txheem mus li cas?
Thiab qhov no yog qhov chaw siv hluav taws xob los cawm thiab daim ntawv thov (Verification Center).
Lub chaw siv hluav taws xob cryptoarmpkcs tso cai rau cov neeg ua haujlwm uas nyob ib leeg nyob ib leeg thiab muaj cov tokens ntawm lawv lub computer hauv tsev los tsim cov ntawv thov:
Cov neeg ua haujlwm tau xa cov ntawv thov khaws tseg ntawm email rau kuv. Qee tus neeg yuav nug: - Yuav ua li cas txog cov ntaub ntawv tus kheej, tab sis yog tias koj saib ze, nws tsis nyob hauv qhov kev thov. Thiab qhov kev thov nws tus kheej yog tiv thaiv los ntawm nws kos npe.
Thaum tau txais, daim ntawv thov daim ntawv pov thawj raug xa mus rau hauv CAFL63 CA database:
Tom qab ntawd qhov kev thov yuav tsum raug tsis lees paub lossis pom zoo. Txhawm rau txiav txim siab qhov kev thov, koj yuav tsum xaiv nws, nyem nyem thiab xaiv "Tau txiav txim siab" los ntawm cov ntawv qhia zaub mov nco-down:
Txoj kev txiav txim siab nws tus kheej yog pob tshab kiag li:
Daim ntawv pov thawj raug muab tso rau tib txoj kev, tsuas yog cov ntawv qhia zaub mov hu ua "Daim ntawv pov thawj":
Txhawm rau saib daim ntawv pov thawj, koj tuaj yeem siv cov ntawv qhia zaub mov lossis tsuas yog nyem ob npaug rau ntawm kab sib txuas:
Tam sim no cov ntsiab lus tuaj yeem pom ob qho tib si los ntawm openssl (OpenSSL Text tab) thiab tus saib ua ke ntawm CAFL63 daim ntawv thov (Certificate Text tab). Hauv qhov kawg, koj tuaj yeem siv cov ntawv qhia zaub mov kom luam daim ntawv pov thawj hauv cov ntawv nyeem, ua ntej mus rau cov ntawv teev cia, thiab tom qab ntawd mus rau cov ntaub ntawv.
Ntawm no nws yuav tsum tau muab sau tseg tias tau hloov pauv hauv CAFL63 piv rau thawj version? Raws li kev saib daim ntawv pov thawj, peb twb tau sau tseg qhov no. Nws kuj tseem tuaj yeem xaiv ib pawg ntawm cov khoom (daim ntawv pov thawj, kev thov, CRLs) thiab saib lawv hauv hom paging (lub pob "Saib xaiv ... ").
Tej zaum qhov tseem ceeb tshaj plaws yog qhov project yog pub dawb rau ntawm . Ntxiv rau kev faib tawm rau Linux, kev faib rau Windows thiab OS X tau npaj lawm.Qhov kev faib rau Android yuav raug tso tawm me ntsis tom qab.
Piv nrog rau yav dhau los version ntawm CAFL63 daim ntawv thov, tsis tsuas yog lub interface nws tus kheej tau hloov, tab sis kuj, raws li twb tau sau tseg, tshiab nta tau ntxiv. Piv txwv li, nplooj ntawv nrog cov lus piav qhia ntawm daim ntawv thov tau raug kho dua tshiab thiab txuas ncaj qha mus rub tawm cov khoom faib tau ntxiv:
Ntau tus tau nug thiab tseem nug qhov twg kom tau txais GOST openssl. Kev lig kev cai kuv muab , ua siab zoo muab . Yuav siv li cas openssl no yog sau .
Tab sis tam sim no cov khoom siv faib khoom suav nrog kev sim version ntawm openssl nrog Lavxias cryptography.
Yog li ntawd, thaum teeb tsa CA, koj tuaj yeem hais meej yog /tmp/lirssl_static rau Linux lossis $::env(TEMP)/lirssl_static.exe rau Windows raws li openssl siv:
Hauv qhov no, koj yuav tsum tsim cov ntaub ntawv lirssl.cnf khoob thiab qhia txoj hauv kev rau cov ntaub ntawv no hauv ib puag ncig hloov pauv LIRSSL_CONF:
Cov "Extensions" tab nyob rau hauv daim ntawv pov thawj teeb tsa tau ntxiv nrog rau "Tswj Vaj Huam Sib Luag Cov Ntaub Ntawv Nkag", qhov uas koj tuaj yeem teeb tsa cov ntsiab lus nkag mus rau CA daim ntawv pov thawj hauv paus thiab rau OCSP server:
Peb feem ntau hnov ββββtias CAs tsis lees txais cov kev thov uas tsim los ntawm lawv (PKCS # 10) los ntawm cov neeg thov lossis, txawm tias phem dua, yuam kev tsim cov kev thov nrog cov tiam ntawm ib khub tseem ceeb ntawm tus nqa khoom los ntawm qee qhov CSP. Thiab lawv tsis kam tsim cov lus thov ntawm tokens nrog tus yuam sij uas tsis tuaj yeem rov qab tau (ntawm tib RuToken EDS-2.0) ntawm PKCS # 11 interface. Yog li ntawd, nws tau txiav txim siab ntxiv cov ntawv thov rau kev ua haujlwm ntawm CAFL63 daim ntawv thov siv cov txheej txheem cryptographic ntawm PKCS # 11 tokens. Txhawm rau pab kom token mechanisms, pob tau siv . Thaum tsim ib daim ntawv thov mus rau CA (nplooj "Thov rau daim ntawv pov thawj", ua haujlwm "Tsim kev thov / CSR") tam sim no koj tuaj yeem xaiv yuav ua li cas tus khub tseem ceeb yuav raug tsim tawm (siv openssl lossis ntawm lub token) thiab qhov kev thov nws tus kheej yuav raug kos npe:
Lub tsev qiv ntawv yuav tsum tau ua hauj lwm nrog lub token yog teev nyob rau hauv qhov chaw rau daim ntawv pov thawj:
Tab sis peb tau deviated los ntawm lub luag haujlwm tseem ceeb ntawm kev muab cov neeg ua haujlwm nrog daim ntawv pov thawj los ua haujlwm hauv lub tuam txhab VPN network hauv hom kev cais tus kheej. Nws tau pom tias qee tus neeg ua haujlwm tsis muaj cov tokens. Nws tau txiav txim siab muab lawv nrog PKCS # 12 cov thawv tiv thaiv, txij li daim ntawv thov CAFL63 tso cai rau qhov no. Ua ntej, rau cov neeg ua haujlwm no peb ua PKCS # 10 thov qhia CIPF hom "OpenSSL", tom qab ntawd peb muab daim ntawv pov thawj thiab ntim rau hauv PKCS12. Txhawm rau ua qhov no, ntawm nplooj ntawv "Certificates", xaiv daim ntawv pov thawj uas xav tau, nyem nyem thiab xaiv "Export rau PKCS # 12":
Txhawm rau kom paub tseeb tias txhua yam nyob rau hauv kev txiav txim nrog lub thawv, cia peb siv cov khoom siv cryptoarmpkcs:
Tam sim no koj tuaj yeem xa daim ntawv pov thawj rau cov neeg ua haujlwm. Qee tus neeg tsuas yog xa cov ntaub ntawv nrog daim ntawv pov thawj (cov no yog cov tswv token, cov neeg xa ntawv thov), lossis PKCS # 12 ntim. Hauv qhov thib ob, txhua tus neeg ua haujlwm tau muab tus password rau lub thawv hauv xov tooj. Cov neeg ua haujlwm no tsuas yog yuav tsum tau kho cov ntaub ntawv teeb tsa VPN los ntawm kev qhia txoj hauv kev mus rau lub thawv kom raug.
Raws li rau tus tswv token, lawv kuj yuav tsum tau xa daim ntawv pov thawj rau lawv cov token. Txhawm rau ua qhov no, lawv siv tib lub txiaj ntsig cryptoarmpkcs:
Tam sim no muaj kev hloov pauv me me rau VPN teeb tsa (cov ntawv pov thawj daim ntawv pov thawj ntawm lub cim yuav tau hloov pauv) thiab qhov ntawd yog nws, lub koom haum VPN network tau ua haujlwm.
Kev zoo siab xaus
Thiab tom qab ntawd nws kaj ntug rau kuv, yog vim li cas tib neeg yuav nqa tokens rau kuv los yog kuv yuav tsum xa ib tug tub txib rau lawv. Thiab kuv xa ib tsab ntawv nrog cov ntsiab lus hauv qab no:
Cov lus teb tuaj rau hnub tom qab:
Kuv tam sim ntawd xa ib qhov txuas mus rau qhov chaw siv hluav taws xob cryptoarmpkcs:
Ua ntej tsim daim ntawv thov, kuv pom zoo kom lawv tshem cov tokens:
Tom qab ntawv thov rau daim ntawv pov thawj hauv PKCS # 10 hom ntawv tau xa los ntawm email thiab kuv tau muab daim ntawv pov thawj, uas kuv xa mus rau:
Thiab tom qab ntawd tuaj lub sijhawm zoo siab:
Thiab kuj muaj tsab ntawv no:
Thiab tom qab ntawd tsab xov xwm no tau yug los.
Kev faib tawm ntawm CAFL63 daim ntawv thov rau Linux thiab MS Windows platforms tuaj yeem pom
no
Kev faib tawm ntawm cov khoom siv hluav taws xob cryptoarmpkcs, suav nrog Android platform, nyob
no
Tau qhov twg los: www.hab.com