=リポジトリ仕様書 = naming context CACAnet福岡のリポジトリでは,ユーザ証明書は,証明書に書かれたDNと同じDNのディレクトリエントリに登録されるものとする. :S/MIMEユーザー証明書 cn=(ローマ字氏名)/ Email=メールアドレス ,ou=(RAシリアル番号) ,ou=person, ou=(部署名), o=(RAA名), o=CACAnet Fukuoka ,c=JP :サーバー証明書 cn=(サーバー名) ,ou=(RAシリアル番号) ,ou=server, ou=(部署名), o=(RAA名), o=CACAnet Fukuoka ,c=JP CRLについては,以下のDNのディレクトリエントリに登録されるものとする.他にも,HTTPでもアクセス出来るようにしておく. :CRL cn=CRLv1, o=(RAA名), o=CACAnet Fukuoka, c=JP cn=CRLv2, o=(RAA名), o=CACAnet Fukuoka, c=JP となる. = schema 証明書とCRLを登録するエントリについて ==オブジェクトクラス ===証明書を登録するオブジェクトクラス * S/MIME USR Certificate * inetOrgPerson * Server Certificate * ??? ===CRLを登録するオブジェクトクラス * CRL * cRLDistributionPoint ==属性 ===証明書を登録する属性 * S/MIME USR Certificate * userCertificate;binary * Server Certificate * ??? ===CRLを登録する属性 * CRL * certificateRevocationList;binary == アクセス制御 * RA Serverのみが登録可能 * RA Server <-> LDAP Server間の通信はTLS/SSLを使用 * クライアント認証は? (({ dn: o=CACAnet Fukuoka,c=JP objectClass: top objectClass: organization o: CACAnet Fukuoka dn: o=CACAnet Members RAA,o=CACAnet Fukuoka,c=JP objectClass: top objectClass: organization o: CACAnet Members RAA dn: ou=CACAnet Class A Members RA,o=CACAnet Members RAA,o=CACAnet Fukuoka,c=JP objectClass: top objectClass: organizationalUnit ou: CACAnet Class A Members RA dn: ou=0BC7D08ECC4CE340676D10071BE4C80B,ou=CACAnet Class A Members RA,o=CACAnet Members RAA,o=CACAnet Fukuoka,c=JP objectClass: top objectClass: organizationalUnit ou: 0BC7D08ECC4CE340676D10071BE4C80B dn: ou=person,ou=0BC7D08ECC4CE340676D10071BE4C80B,ou=CACAnet Class A Members RA,o=CACAnet Members RAA,o=CACAnet Fukuoka,c=JP objectClass: top objectClass: organizationalUnit ou: person dn: CN=Shoji endo,OU=person,OU=0BC7D08ECC4CE340676D10071BE4C80B,OU=CACAnet Class A Members RA,O=CACAnet Members RAA,O=CACAnet Fukuoka,C=JP objectClass: top objectClass: inetOrgPerson sn: Shoji cn: Shoji endo dn: Email=shoji@syslabo.co.jp,CN=Shoji endo,OU=person,OU=0BC7D08ECC4CE340676D10071BE4C80B,OU=CACAnet Class A Members RA,O=CACAnet Members RAA,O=CACAnet Fukuoka,C=JP objectClass: top objectClass: inetOrgPerson o: CACAnet Members RAA ou: CACAnet Class A Members RA ou: 0BC7D08ECC4CE340676D10071BE4C80B ou: person sn: Shoji cn: Shoji endo mail: shoji@syslabo.co.jp userCertificate:: MIIG3TCCBcWgAwIBAgIQD46bUYfyl9lWtywnCdpMHDANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQG EwJKUDEYMBYGA1UEChMPQ0FDQW5ldCBGdWt1b2thMQswCQYDVQQLEwJDQTEhMB8GA1UEAxMYQ0FD QW5ldCBEZXZlbG9wbWVudCBBIENBMB4XDTAyMDcwMTA3NTgzNFoXDTAzMDcwMTA3NTgzNFowgd8x CzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9DQUNBbmV0IEZ1a3Vva2ExHDAaBgNVBAoTE0NBQ0FuZXQg TWVtYmVycyBSQUExIzAhBgNVBAsTGkNBQ0FuZXQgQ2xhc3MgQSBNZW1iZXJzIFJBMSkwJwYDVQQL EyAwQkM3RDA4RUNDNENFMzQwNjc2RDEwMDcxQkU0QzgwQjEPMA0GA1UECxMGcGVyc29uMRMwEQYD VQQDEwpTaG9qaSBlbmRvMSIwIAYJKoZIhvcNAQkBFhNzaG9qaUBzeXNsYWJvLmNvLmpwMIGfMA0G CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzEyTZv4OhNb0+tLB5oKS1RsaZ5CYIa5kgFrZJHZGDNizh o24yARmAIzJuHhg5FM4OzS43AYXPziwgSmcbH8HUgRay0DzzkpxIMtfgs6Ri8ruma7xVQrX/tK8K sEwVVEtPNU1S/YJly/BV4loA3+19cMecxY3B/fatDj+qJYJlnQIDAQABo4IDnjCCA5owHQYDVR0O BBYEFIVgHdFjYpmcpZUbeqEEbVMmDzJqMH8GA1UdIwR4MHaAFAqBfNZia6OC14ZZvHtWv3LWQmOw oVukWTBXMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPQ0FDQW5ldCBGdWt1b2thMQswCQYDVQQLEwJD QTEhMB8GA1UEAxMYQ0FDQW5ldCBEZXZlbG9wbWVudCBBIENBggEAMA4GA1UdDwEB/wQEAwID+DAx BgNVHSUEKjAoBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDAeBgNVHREE FzAVgRNzaG9qaUBzeXNsYWJvLmNvLmpwMFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly93d3cuY2Fj YW5ldC5vcmcvQ0FDQW5ldERldmVsb3BtZW50Q0EvQ0FDQW5ldE1lbWJlcnNSQUEuY3JsMIICPwYD VR0gBIICNjCCAjIwggERBgoCgziMmxwAAgABMIIBATBUBggrBgEFBQcCARZIaHR0cDovL3d3dy5j YWNhbmV0Lm9yZy9DQUNBbmV0RGV2ZWxvcG1lbnRDQS9DQUNBbmV0RGV2ZWxvcG1lbnRDQUNQUy5o dG1sMIGoBggrBgEFBQcCAjCBmzBIFkFDaXRpemVuJ3MgQXNzb2NpYXRpb24gZm9yIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5IE5ldHdvcmsgRnVrdW9rYTADAgEBGk9UaGlzIGlzIGEgY2VydGlmaWNh dGUgZm9yIGFuIGV4cGVyaW1lbnQgYW5kIGlzIG5vdCBhcHBsaWNhYmxlIHRvIHByYWN0aWNhbCB1 c2UuMIIBGQYKAoM4jJscAAIBADCCAQkwXAYIKwYBBQUHAgEWUGh0dHA6Ly93d3cuY2FjYW5ldC5v cmcvQ0FDQW5ldERldmVsb3BtZW50Q0EvQ0FDQW5ldERldmVsb3BtZW50TWVtYmVyc1JBQUNQUy5o dG1sMIGoBggrBgEFBQcCAjCBmzBIFkFDaXRpemVuJ3MgQXNzb2NpYXRpb24gZm9yIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5IE5ldHdvcmsgRnVrdW9rYTADAgEBGk9UaGlzIGlzIGEgY2VydGlmaWNh dGUgZm9yIGFuIGV4cGVyaW1lbnQgYW5kIGlzIG5vdCBhcHBsaWNhYmxlIHRvIHByYWN0aWNhbCB1 c2UuMA0GCSqGSIb3DQEBBQUAA4IBAQAsAWso1NY4JLsDiHoGqbNADBPWvKSKJmxm5Cvy4zGKEAB2 1vP6XtPXhAglj5gtQ1a5+xlYJLb1trubjcGpkBk4wy8eUX/9Z2GhcC+7K/lOI1b8KRZyYnp0qW7z QtoPKSQS4wC5hn+OZRY31VjvjBMzLqWPLPak4l+2XI0rrLWiAx8rtfwhmQwBFMDfcPUJXleChDUa GHhH/Gvr5gyOF2qn2FJSx7KQLXsj83yjzSP7PNuZ3rX1cnLk1n/L4A5AurP8lnpvZbBlVJ+aKkN+ g6wLFOAMG/oMEGeEW/bMRez2YFC4KbkeHns8qGkxgIPRNpv78zJzcbuda4MM20FQlp34 }))