03-安全配置指导-SSL配置.pdfVIP

目 录 1 SSL ·························································································································· ·· 1-1  1.1 SSL简介 ··················································································································· 1-1  1.1.1 SSL安全机制 ···································································································· 1-1  1.1.2 SSL协议结构 ···································································································· 1-2  1.2 SSL配置任务简介 ······································································································· 1-2  1.3 配置SSL服务器端策略 ································································································· 1-2  1.3.1 SSL服务器端策略配置步骤 ·················································································· 1-3  1.3.2 SSL服务器端策略典型配置举例 ············································································ 1-4  1.4 配置SSL客户端策略 ···································································································· 1-6  1.5 SSL显示和维护 ·········································································································· 1-7  i 1 SSL 1.1 SSL简介 SSL （Secure Sockets Layer，安全套接字层）是一个安全协议，为基于 TCP 的应用层协议（如 HTTP）提供安全连接。SSL 协议广泛应用于电子商务、网上银行等领域，为应用层数据的传输提 供安全性保证。 1.1.1 SSL安全机制 SSL 提供的安全连接可以实现如下功能： • 保证数据传输的机密性：利用对称密钥算法对传输的数据进行加密，并利用密钥交换算法， 如 RSA （Rivest Shamir and Adleman），加密传输对称密钥算法中使用的密钥。对称密钥算 法、非对称密钥算法 RSA 的详细介绍请参见“安全配置指导”中的“公钥管理”。 • 验证数据源的身份：基于数字证书利用数字签名方法对 SSL 服务器和 SSL 客户端进行身份验 证。SSL 服务器和 SSL 客户端通过 PKI （Public Key Infrastructure，公钥基础设施）提供的 机制获取数字证书。PKI 及数字证书的详细介绍请参见“安全配置