Вы находитесь на странице: 1из 49

"-"

E-mail: info@CryptoPro.ru

SSL/TLS

2002 .

SSL/TLS

TLS ..............................................................................4

1.1

TLS ................................................................................. 4

1.2

TLS Handshake Protocol .................................................................................................. 7

1.3

TLS ....................................................................................................... 7

Microsoft Internet Explorer ..........................................................9

2.1

.................................................................................................. 10

2.2

.............................................................................................. 10

2.3

Secure Sockets Layer/Transport Layer Security................................................. 11

2.4

IP ............................................................................................... 11

2.5

SSL/TLS............................................................................................. 11

2.6

SSL TLS........................................................................................... 12

2.7

SSL/TLS ............................................................................................... 12

2.8

SSL/TLS....................................................................................... 13

2.9

SSL/TLS . .................................................................................................. 14

2.10

SSL/TLS ..................................................................... 15

2.11

SSL/TLS Windows ................................................................... 15

2.12

SSL/TLS ............................................................................................. 17

Web. ......................................................................................... 19

3.1

............................................................................................. 19

3.2

............................................................................................. 19

3.3

IIS .509....................................................... 20

3.4

ClientCertificate ASP. .......................................................................................... 21

3.5

.................................................................. 23

3.6

SSL/TLS...................................................................................................... 27

3.7

SSL/TLS ............................................................... 28

3.8

:................................................. 32

3.9

SSL/TLS....................................................................... 32

3.10

SSL/TLS Web-. ............................................................................. 33

3.11

SSL/TLS host. .................................. 35

3.12

SSL/TLS Web- .......................................................................... 36

3.13

Web-.......................................................................................... 36

3.14

SSL/TLS ......................................................................... 38

" TLS" .................. 39

4.1

. ........................................................................................................ 39

4.2

TLS ........................................................................................ 39

4.3

, ISA.......... 40

4.4

-......................................................................... 43

4.5

- .46

SSL/TLS

- TLS,
(
, ), (, , ) Web,

.
,
SSL/TLS.

SSL/TLS

1 TLS
() -CSP
- TLS, TLS v.1
,
- TLS.
SSL/TLS TLS.
TLS ( ,

28147-89,
-, 34.11-94.
/

34.10-94 34.102001.

1.1 TLS

() (),
.
(
), ( ) .


,
.
.
, .
.


TLS
:


() TLS. 214 ;

();

( MAC);

( );

();


(, TCP).
.

( , 32 ,
);

SSL/TLS

();

();

( MAC,
);

master secret ( , MAC,


);

, / .

X509. v3.
.

client_random 32 , ;

server_random 32 , ;

client write MAC secret ( );

server write MAC secret ( );

client write key (,


);

server write key (,


);

client write IV, server write IV ( ,


);

(
).
.
;

.

. ,
0. : 0 264-1.
.


TLS :

);

Hello message (ClientHello, ServerHello);


Change cipher specs message (

Key exchange message (


, );

Alert message (, );

Application_data message ( );

Finished message ( ).

SSL/TLS

,
:

();

, ,
, , ;

);

, ( ),
TLS ( ), .

TLS
Applica
tion
Data

Fragme
nt

Compre
ss

Add
MAC

Encrypt

Appe
nd
TLS
Reco
rd
Head
er

SSL/TLS

1.2 TLS Handshake Protocol


TLS Handshake Protocol :
ClientHello

,
,
,

ServerHello

()

() ,

Certificate
Certificate Request
Server Key Exchange

serverrandom

ServerHelloDone

Certificate
Client Key Exchange
Certificate Verify

Change Cipher Spec


Finished
Change Cipher Spec


(
)
,
Certificate Verify

Handshake
()

Finished

Client
TLS
Handshake
:

Server
Protocol

()


, client_random, server_random,
, ;

(
);

pre_master secret,

pre_master secret, client_random server_random


master secret ( ) .

1.3

TLS

TLS .
TLS Handshake Protocol, TLS Change Cipher Spec, TLS Alert Protocol.
TLS Record Protocol.

SSL/TLS

TLS

TLS Handshake
Protocol

TLS Change
Cipher Spec

TLS
AlertProtocol

(HTTP
..)

TLS Record Protocol


(TCP/IP ..)

, .
TLS, : TLS Handshake Protocol
TLS. ,
Microsoft Internet Explorer.

SSL/TLS

2 Microsoft Internet Explorer


Microsoft
Internet Explorer, Internet Information Services (IIS), Microsoft SQL Server 2000 +.

COM+
Windows 2000 Server (COM+),
,
, Microsoft
Component Object Model (COM). COM+
, , .
, Visual Basic,
, ,
, COM+
Web-.

Internet Explorer 5
Web- Windows 2000. Web- FTP, Windows. , Internet Explorer
Iexplore.exe, , Web- Internet
Explorer Windows 2000
. , ,
Web- Microsoft Management Console (MMC).

Microsoft, (. 2-1).

Microsoft SQL Server 2000



, -
. ,
, .
SQL Server 2000 XML HTTP,
,
, ,
. , SQL Server 2000
Windows 2000, 32
64 .

SSL/TLS

2-1. , Web- Microsoft,


.

Internet Explorer:

SSL/TLS (, , );

2.1
. , ,
, :

,
( );


, .

2.2

.
,
. , . ,
, , .
,
.

10

SSL/TLS
, Web-,
.
, , Web-.
, , Web- ,
,
, , .
Secure Sockets
Layer/Transport Layer Security (SSL/TLS).
Web-, , , ,
.
Web-, , SSL/TLS
, , SSL/TLS
Web-, HTTP, a HTTPS.
, SSL/TLS, .

2.3 Secure Sockets Layer/Transport Layer Security


SSL, IETF
TLS ,
( ) (
). .509
. ,
- (Message Authenticity Code,
MAC). SSL/TLS , :

);

( );

( ).

2.4 IP
, -, . . IP- (
, ),
. ,
, .

2-2. SSL/TLS Internet Explorer.


- Internet Explorer
, SSL/TLS. ,
(. 2-2).
Web-, .
Internet Explorer ,
. ,
, .
HTML-
. HTTPS, HTTP.
SSL/TLS, .
Properties, ,
SSL/TLS.

2.5 SSL/TLS
SSL/TLS-
(. 2-3). , Web-
.
SSL/TLS , Web- .
,

11

SSL/TLS
. ,
. , ,
. ,
. ,
.

2-3. SSL/TLS-.

2.6 SSL TLS.


SSL, Netscape, -,
Web- Microsoft, Netscape. -
90-
.
SSL.
SSL 2 3- SSL 3,
.
.
1996 . IETF SSL
Transport Layer Security. TLS 1.
TLS 3.1, SSL. TLS
SSL 3.1. TLS IETF ( RFC 2246).

2.7 SSL/TLS
HTTP- SSL/TLS (HTTPS) 443.
SSL/TLS HTTP.
-.
(. 2-1).
https://www.exair.com http://www.exair.com, Web , 443, 80,
SSL/TLS. SSL/TLS,
.

12

SSL/TLS

2-1. , SSL/TLS.

HTTPS

443

HTTP no SSL/TLS

SMTPS

465

SMTP ( ) SSL/TLS

NNTPS

563

NNTP () SSL/TLS

LDAPS

636

LDAP ( ) SSL/TLS

POP3S

995

POP ( ) SSLLS

IRCS

994

IRC () SSL/TLS

IMAPS

993

( ) SSL/TLS

FTPS

990

FTP ( ) SSL/TLS


, . , ,
Web-. Microsoft Internet
Explorer
Properties. Netscape Navigator .

2.8 SSL/TLS
SSL/TLS Web.
(. 2-2). Pentium III Xeon 450 .
.
2-2. , SSL2, SSL3 TLS

13

SSL/TLS

40- RC4

MD5

RSA, 5 1 2

108

SSL2

40- RC4

MD5

RSA, 512

77

SSL3

56- RC4

SHA-1

RSA, 5 1 2

83

TLS

56- RC4

SHA-1

RSA, 512

90

, , SSL/TLS Windows 2000


, 128-, 40- 56- .
, SSL/TLS . 128-,
, , 56-, 56-
72- . , , 128 . 512 1024
.
RSA
. , SSL/TLS
, .
SSL/TLS Web-.

2.9 SSL/TLS .
SSL/TLS .

.
. Web, :
1.

SSL/TLS- Web- .

, , , SSL/TLS Web, ,
, . SSL/TLS
Web-
.
2.

SSL/TLS- .

: , SSL/TLS-,
.
, . ,
JPEG
1 , 256.
Web- ,
SSL/TLS, , SSL/TLS .

. , .

14

SSL/TLS
3.

SSL/TLS-.

SSL/TLS-
, , . -
Windows NT 4 2 5 .
, ServerCacheTime ,
. (, 300 000 5 ).

HKEY_LOCAL_MACHINE \System
\CurrentControlSet \Control
\SecurityProviders \SCHANNEL
ServerCacheTimeout: REG_DWORD : 300000

, :
.4.
.
Web- Internet Information Services (IIS)
SSL/TLS- . ,
Pentium III 500 IIS 5 60 SSL/TLS- .
, , Web-,

10
SSL/TLS-,

. IIS 1 000
, SSL/TLS. Web-
nCipher (www.ncipher.com)
Compaq (www.atalla.corn).
, .
Microsoft
,
, OffloadModExpo. DLL,
.
Microsoft Developer Network (MSDN),
OffloadModExpo.

2.10 SSL/TLS .
IIS 5 ,
SSL/TLS- (Client Access
License, CAL). Windows-. ,
Windows 2000 250 , Web-
, 250 SSL/TLS-
.
- .
4 .

-,

Web-
SSL/TLS-.
IIS 5 . Q253239 Microsoft
(http://support.microsoft.eom/support/kb/articles/Q253/2/ 39.asp},

Windows
2000
Client
Access
Licensing
Overview
(http://www.microsoft.com/windows2000/guide/server/pri-cing/model.asp).

2.11 SSL/TLS Windows



SSL/TLS . SSL/TLS
. ,

www.explorationair.com

www.explorationair.com.
, Web- (, Exploration
Air). , development.explorationair.com explorationair.com.
'.explorationair.com, -

15

SSL/TLS
www.explorationair.com, development.explorationair.com
explorationair.com.
Windows 2000 ; ,
. . Q257873
Error Message: The Name on the Security Certificate Does Not Match the Name of the Site
http://support.microsojt.com.
:

;
, '.explorationair.com , a development.'.explorationair.com ;

,
.com .net; , '.explorationair.com , '. ;

; ,
www.explorationair.com

development.explorationair.com

'.explorationair.com, www.development.explorationair.com .

16

SSL/TLS
2-4. IIS 5.

, Web-
https://webserver.explorationair.com (, 2-4). ,
, ,
.
'.explorationair.com.

2.12 SSL/TLS
Internet Explorer ,
: Secure Sockets Layer Transport
Layer Security. , SSL, Fortezza.
Fortezza ,

, . PCMCIA- Fortezza
Web-, . IIS 5
Fortezza, a TLS .
,
.

SSL/TLS-

1.

Internet Explorer.

2.

Tools Internet Options.

3.

Advanced.

4.

Security.

Internet

Explorer,

SSL/TLS.
SSL 3-0 TLS 1.0, SSL 2.0 1.0 (.
2-5).

17

SSL/TLS

2-5. SSL TLS Internet Explorer 5.

Internet Explorer .509,


.
, , -.

18

SSL/TLS

Web.

IIS - Internet Information Services.


-, Windows 2000 Server,
IIS 5.0, Windows 2000 Server
- . IIS 5.0
,
, Web-,
. IIS
,
, Web- .
IIS 4, IIS 5 .509
SSL/TLS.

3.1
, SSL/TLS
Web- .
, Web- www.exair.com SSL/TLS.
Web- ,
. , Web-
, , Exploration Air, , ,
. SSL https, http;
SSL/TLS TCP
443 TCP 80.
, , :

,
, ;

, ;

, ; Internet Explorer
IIS.
,
(, ,
).

3.2
SSL/TLS , .

(. 3-1).

19

SSL/TLS

3-1. Internet Explorer 5.

Web-
(Certification Authority, CA), . , Web-
VeriSign Thawte, Thawte Equifax,
Thawte,
.
Internet Explorer , Web-.
Windows 2000 Internet Explorer ,
Web-. , ,
Internet Explorer .
.

3.3 IIS .509.


IIS .509 :

( ) ;


Windows 2000.
. - ;
: ,
. ( )
ASP Request.ClientCertificate.
.

ASP - Microsoft Active Server Pages


, HTML, COM , web- .

20

SSL/TLS
,
:
%
Dim strValidDomain,

strEmail

strValidDomain = "@exair.com"
strEmail = Request.ClientCertificate("SubjectE")
If

InStr(strEmail,

strValidDomain,1) Then

'

'

@exair.com.

Response.Write(" !")
End If
%>

cheryl@microsoft.com .

cheryl@exair.com


. IIS.
, ,
(, -, Thawte VeriSign)
. Microsoft Certificate Services
cheryl@exair.com ,
Web- , .
Web- Exploration Air ,
(Exploration Air User Certification
Authority). IIS 5
(Certificate Trust List, CTL), Web-.
CryptoAPI 2.0.
Web- (
).

3.4 ClientCertificate ASP.


, ASP
ClientCertificate. :

Certificate("Certificate");

,
Request.ClientCertificate("IssuerX"), X (. );

(Request.ClientCertificate("SubjectX"));

Request.ClientCertificate(SerialNumber)


Request.ClientCertificate(ValidTo)

Request.Client-

Request.ClientCertificate(ValidFrom)

(Issuer) (Subject)
, : , ..
.500.
,
,
. Web-
, .

IIS .
, IIS,
( ,

21

SSL/TLS
).
Windows 2000.

IIS, ,
.

IIS ( ).
1.

My Computer .

2.

Manage.

3.

Services And Applications.

4.

Internet Information Services.

5.

Web-.

6.

Properties.

7.

Directory Security.

8. Edit Secure
, , .
9.

Communications.

Enable Certificate Trust List.

10. New, ; .
Edit.

(. 3-2).
IIS 5 , .
, 403-13: Client certificate revoked.
, (Certificate Revocation List,
CRL), , IIS , , .
, , , , IIS
403-13 (. 3-3). , IIS
.

22

SSL/TLS
3-2.
IIS.

:

CryptoAPI 2.0 CertAddCTLContextToStore, CertDelete-CTLContextFromStore
CertFmdCTLJnStore
, C++.
MakeCTL CertMgr Microsoft Platform SDK
, .
. http://msdn.micro-soft.com.

( ):

ADSI

Set oWeb = GetObject("IIS://localhost/W3SVC/1")


oWeb.CertCheckMode =1

' 0 == ;

1 == .

oWeb.Setlnfo
Set oWeb = Nothing

3.5
IIS 5
.
, Windows 2000,
.
IIS 4 ,
IIS 5.
,
. ,
. .
.
IIS 4 :
. IIS
. ,
cheryl@development.exair.com,
michael@development.exair.com. , ,
, devteam@development.exair.com. . IIS
,
2-3 .

23

SSL/TLS

3-3. IIS 5.

.
cheryl@development.exair.com,
dev-team@development.exair.com.
. ,
, Exploration Air User CA (
),
ExAir ( = ExAir), Development (OU=
Development), dev-team@development.exair.com.
IIS 4
:
, . ,
. .
IIS
.
IIS.
IIS :

Exploration Air User CA;

ExAir ( = ExAir);

Development (OU = Development).


Exploration Air User CA;

24

SSL/TLS
. 2 3 .
;
Web-, Web.
1. My Computer
Manage.
2.
Services.

Services And Applications, Internet Information

3. Web- ( ),
.
4.
Security.

Properties Directory

5. Edit Secure Communications.


, , Web- .
SSL/TLS IIS . SSL/TLS.

Next.

6.

Enable Certificate Trust List New.

7.

8. Add From Store Exploration Air


User CA. ,
. (
.)
9.

Next.

10. , ,

. Next.
11. Finish.
12. Web-
, .
Secure Communications (. 3-4),

Exploration Air (. 3-5).

25

SSL/TLS
3-4. .
,
Secure Communications.
1.

Require Secure Channel (SSL).

2.

Require Client Certificates.

3.

Enable Client Certificate Mapping.

.
3-5.
.

4.

Edit Enable Client Certificate Mapping.

5.

Many-to-1.

6.

Add.

7.

ExAir.

8.

Next.

9.

New.

10. Certificate Field Subject, Sub Field


; Criteria ExAir .
11. New, .
12. Certificate Field Subject, Sub Field
OU; Criteria Development .
13. Next.
14. , Accept This Certificate For Logon
Authentication.
15. Browse ,
, .
dev-team.
16. dev-team.
17. Finish.
18. .

26

SSL/TLS
19. .
IIS , ,
, dev-team.

3.6 SSL/TLS
, SSL/TLS ,
, .
:
. ,
SSL/TLS , .509,
.
IIS 5 .
KeyRing IIS 4 ( ). ,
Web- IIS 5
KeyRing.
SSL/TLS ,
.
1.

(, VeriSign
Microsoft Certificate Services, ).

2.

Web-.

3.

SSL/TLS ,
.

SSL/TLS.
: SSL/TLS
.
IIS SSL/TLS. Web-,
SSL/TLS (. 3-6. www.exair.com
SSL/TLS. , Web, ; IIS
Web-. Marketing
SSL/TLS. Secure HighSecure, , SSL/TLS,
128- .

27

SSL/TLS
3-6. Web- ,
SSL/TLS.
IIS
SSL/TLS, :
, https://www.exair.com/marketing
Marketing Exploration Air SSL/TLS,
.

3.7 SSL/TLS
, , SSL/TLS,
, . Web.
1.

My Computer .

2.

Manage.

3.
Services.

Services And Applications, Internet Information

4.

Properties.

5.

Directory Security.

6. Server Certificate. , ,
Web-, . .
7. .
, .
,
, .
8.

Next.

9.

Create A New Certificate.

10. (. 3-7): (Prepare


The Request Now, But Send It Later)
(Send The Request Immediately To An Online Certification Authority).
, Web-
Microsoft Certificate Services Windows 2000,
Web-. ,
, , , .
, VeriSign,
. , Next.
11. Web-;
.
12. .
, 1024 .

2048-

28

SSL/TLS

3-7. .

13. Server Gated Cryptography (SGC),


SGC. SGC SSL/TLS,
128- .

, SGC .
14. Next.
15. (, Exploration Air)
(, Development Department). ,
.
16. Next.
17. , .
, .
NetBIOS- DNS- .
, .
, . , NetBIOS
Web-Server, webserver.explorationair.com,
www.exair.com, Common Name .
; .
18. Next.
19. , .
. .
20. Next.
21.
C:\Certreq.txt. base64
PKCS *10. 15.
:

-------BEGIN NEW CERTIFICATE REQUEST-----MIID+DCCAuACAQAwXjEXMBUGA1UEAxMObWlrZWhvdy1sYXBOb3AxDDAKBgNVBAsT


AORldjEOMAwGAlUEChMFRXhBaXIxCzAJBgNVBAcTAUlMQswCQYDVQQIEwJXQTEL

29

SSL/TLS

LNihpipWqerGWnZAmSDtKitiqnsOZsptlrTzIRMsSQSWmlmacTYExEO+6SPky02XeC
pEzrI08CBxrheiZYf14K2gm12A62AItLznxIwgV4H+qP7jqkC9KmiW9WDwhdHneA
3Dq1dsTlscfyhsFU
------END NEW CERTIFICATE REQUEST-----
Certutil.exe Microsoft Certificate Services. certutil -v certreq.txt
.
22. Next. .
, Next, .
23. Click Here,
Microsoft.
24. Finish.
. .
http://backoffice.microsoft.com/securitypartners.
.
.
.
,
. PKCS #7.
1.

My Computer .

2.

Manage.

3.
Services.

Services And Applications, Internet Information

4.

Properties.

5.

Directory Security.

6. Server Certificate. , ,
Web-, . .
7. . ,
(. 3-8).

30

SSL/TLS

3-8.
.

8.

Next.

9. Process The Pending Request And Install The Certificate


Next.
10. . ,
Browse.
11. Next.
12. Next.
13. Finish.
Web- .
, SSL/TLS
.
.
, ,
https://__. Internet Explorer
SSL/TLS. Netscape Navigator

.
SSL/TLS,
ASP:

<H2>SSL/TLS Information</H2>
<PRE>
SSL/TLS Connection? <%= Request.ServerVariables("HTTPS") %>
Server Cert. Issuer <%= Request.ServerVariables("CERT_SERVER_ISSUER") %>
Server Cert. Subject <%= Request.SeryerVariables("CERT_SERVER_SUBJECT") %>
Symmetric Key Size

<%= Request.ServerVariables("HTTPS_KEYSIZE") %>

31

SSL/TLS
Public Key Size

<%= Request.ServerVariables("HTTPS_SECRETKEYSIZE") %>

</PRE>

3.8 :
: .
. ,
,
REQUEST.
:
1.

Start.

2.

Run, mmc /a Return.

3.

Console Choose Add/Remove Anap-In

4.

Add Certificates.

5.

Add, Next Finish.

6.

Close, .

7.

Certificates, REQUEST.

Certificates .
: ,
.

3.9 SSL/TLS
SSL/TLS, ,
Windows 2000.
; :

HKEY_LOCAL_MACHINE \System
\CurrentCont rolSet \Control
\SecurityProviders \SCHANNEL
\EventLogging:

REG_DWORD :

0, . . .
(. 3-1)
.
3-1. SSL/TLS.

EventLogging 7,
, SSL/TLS.
,
, (. 3-9).

SSL

SSL/TLS ,
. :
Web- Web-.

32

SSL/TLS

3-9.
Web- Web-.

TLS-

3.10 SSL/TLS Web-.


IIS Web- ,
SSL/TLS.
, .
IIS Web- :

Web- IP-,
;

Web- IP-, ;

Web- IP- ;
, Host HTTP 1.1.
Windows 2000
\\exair (. 3-10). Web- http://exair; ,

(http://Marketing),

(http://Development) (http://HumanResources).

33

SSL/TLS

3-10. Windows 2000/IIS, Web-


Web-.

(. 3-2, 3-3 3-4).

3-2. Web- IP-, .

IP-

(http://exair) 157.65.122.22

HTTP

SSUTLS

Host

80

443

http://Marketing

157.65.122.22

81

444

http://Development

157.65.122.22

82

445

http://HumanResources

157.65.122.22

83

446

34

SSL/TLS

3-3. Web- IP- .

IP-

(http://exair) 157.65.122.22

HTTP

SSUTLS

Host

80

443

http://Marketing

157.65.122.23

80

443

http://Development

157.65.122.24

80

443

http://HumanResources

157.65.122.25

80

443

3-4. Web- IP- ;


Host HTTP 1.1.

P-

(http://exair) 157.65.122.22

HTTP

SSL/TLS

Host

80

443

Exair

http://Marketing

157.65.122.22

80

443

Marketing

http://Development

157.65.122.22

80

443

Development

http://HumanResources

157.65.122.22

80

443

HumanResources

3.11 SSL/TLS host.


35

SSL/TLS
IP-
SSL/TLS, IIS
IP- . Host IP-
Web-
, Host HTTP.
HTTP-, SSL-, Web-
,
Web-, HTTP
Host.
, SSL/TLS Web-,
: IP-
.

3.12 SSL/TLS Web-


Web- ,

. , ,
SSL/TLS. (. 3-11):
, ,
.
Windows 2000 Advanced Server , a Windows 2000
Datacenter Server .
, Windows 2000
32 Web- Windows 2000.
SSL/TLS :
Web- SSL/TLS.

3.13 Web-
( )
, Web- .
(
) . ,
.
IIS 5
.
1.

Start.

2.

Run /.

3.

Console Add/Remove Snap-in.

4.

Add Certificates.

5.

Add.

6.

Computer Account Next.

7.

Finish.

8.

Close.

9.

36

SSL/TLS

3-11. Web-,
.

10. Certificates (Local Computer).


11. Personal Certificates.
12. .
13. All Tasks.
14. Export.
15. Next .
16. Yes, Export The Private Key. SSL/TLS
. ,
, , .
17. Personal Information Exchange - PKCS #12 (.PFX).
18. Include All Certificates In The Certification Path If Possible.
19. Next.

37

SSL/TLS
20. Enable Strong Protection (Requires Internet Explorer 5, Windows
NT 4 SP4 Or Above).
21. .
22. Next.
23. .
24. Next, Finish.

Web-. Web-
.

3.14 SSL/TLS
SSL/TLS . ,
Web-, ,
.
SSL/TLS,
.
,
. Windows 2000 Server/Advanced Server,
.

38

SSL/TLS

4
" TLS"
4.1 .

, :

, ;

""
"" .
,
.


,
SSL- Web-,

.

, .

,
CSP TLS.

Web - ;


HTML-, .

Web - .
, ,
, , .

.

4.2 TLS
TLS
,
CSP.
CSP -
, TLS (Transport Layer Security). TLS (RFC 2246)
SSL (Secure Socket Layer)
Internet - .
TLS TLS
CSP
.

39

SSL/TLS

TLS -
(.4-1) TLS

4-1. TLS.

,
.
.

4.3 ,
ISA
,
ISA (Internet Security and Acceleration Server) ,
, .
, CSP
TLS.
- ISA
,
TLS.
:

(Common name) . : pif.nikoil.ru

ISA
( ). ,
.

. .
Local Computer certificate store
ISA. mmc

.
:
1.

(. 4-2)

4-2. .

40

SSL/TLS

2.
(.4-3):

4-3. .

3.
( 4-4).

4-4. (1).

41

SSL/TLS

4.

(. 4-5)

4-5. (2).

(.4-6):

4-6. MMC.
5.

ISA (. 4-7):

42

SSL/TLS

4-7. MMC.

6.

Copy, Clipboard

7.
Paste
ISA,

.

4.4 -.
,
IP (IP ,
).
Incoming Web Requests
ISA (.4-8):
1. ISA Management
.

2.

Properties.

3.

Incoming Web Requests.

4. IP
Identification.

43

SSL/TLS

4-8. .

5.

ISA .

6.

7.

IP-, .

8. ,
().

44

SSL/TLS

4-9. / (1).

ISA :

TLS

1. ,
-.

4-10. / (2).
2.

, .

3.

Select.

45

SSL/TLS
4.
(.4-11).

4-11. .

5. ( Client certificate (secure


channel only)).

4-12. / (3).

4.5 -
.

46

SSL/TLS
-,
. ISA -
SSL.
- :
1. - ,
.
:

(Common name)
-,
( Action ). :
epif.big.nikoil.ru

2.
- ISA,
(Local Computer certificate stor),

3.

- SSL

-
-.
4.

5.

ISA.

ISA Management Web Publishing Rules,


Publishing


New Rule

, c
, .

( )

6. Destination Sets , (
) .

47

SSL/TLS

, ( )
-, ,
, . , .
7. Client Type , (
)

, -,
, .
8. Rule Action -
(Redirect the request to this )

48

SSL/TLS
9.

, ,
80 , 80 -.
, 443 ( TLS).
10. ,

.

c,

49