이전 항목: (선택 사항) OCSP를 사용하도록 SCARVES 구성다음 항목: SCARVES 시작 및 중지

CA APM에서 스마트 카드 인증 사용스마트 카드 인증에 대해 CA APM 설정SCARVES 구성샘플 SCARVES 구성 파일

샘플 SCARVES 구성 파일

다음 코드 샘플은 SCARVESconfig.xml 구성 파일의 일부를 나타냅니다. CRL 및 LDAP 서버를 사용하여 스마트 카드를 확인하는 두 데몬을 정의합니다.

두 옵션이 모두 XML에 구성될 수 있지만 구성 속성은 OCSP 또는 CRL 중 하나에만 사용하도록 설정되어야 합니다. 

<?xml version="1.0" encoding="UTF-8"?>

<SmartCardService>
<trust-keystore>../keystores/daemontrust</trust-keystore>
<trust-keystore-pass>YEDZLwyEVTnCfzS+rYTfC41UWooJuIbJiHE+ZqKPvUY=</trust-keystore-pass>
<debug>0</debug>

<jvm-arg>-mx1024m</jvm-arg>

<Daemon name="daemon-crl-1" port="9999">
   <keystore>../keystores/daemoncert</keystore>
   <keystore-pass>YEDZLwyEVTnCfzS+rYTfC41UWooJuIbJiHE+ZqKPvUY=</keystore-pass>

   <crl>
    <crl-enabled>true</crl-enabled>
    <crl-dp>false</crl-dp>
    <crl-url />
    <crl-dir>../crls/daemon-crl</crl-dir>
    <crl-poll-int>600</crl-poll-int>
   </crl>
  <ldap>
    <ldap-enabled>true</ldap-enabled>
    <ldap-hostname>host1</ldap-hostname>
    <ldap-port>24000</ldap-port>
    <ldap-ssl>false</ldap-ssl>
    <ldap-base-dn>ou=people,dc=abc,dc=com</ldap-base-dn>
    <ldap-user-dn>uid=JDoe,ou=people,dc=abc,dc=com</ldap-user-dn>
    <ldap-user-pass>05V2irWZg8O39L6ANGic241UWi0JuIbJiHE+ZqKPvUY=</ldap-user-pass>
    <cert-uniqueid-field>subject</cert-uniqueid-field>
    <cert-uniqueid-regex>CN=\w*\.\w*\.(\d+),</cert-uniqueid-regex>
    <ldap-uniqueid-search-field>facsimileTelephoneNumber</ldap-uniqueid-search-field>
  </ldap>
</Daemon>

<Daemon name="daemon-ocsp-1" port="9998">
  <keystore>../keystores/daemoncert</keystore>
  <keystore-pass>YEDZLwyEVTnCfzS+rYTfC41UWooJuIbJiHE+ZqKPvUY=</keystore-pass>

  <ocsp>
    <ocsp-enabled>true</ocsp-enabled>
    <ocsp-aia>false</ocsp-aia>

    <ocsp-cert-alias>ocsp_qacle3</ocsp-cert-alias>

    <ocsp-url>http://qacle3:3501/responder</ocsp-url>
  </ocsp>
  <ldap>
    <ldap-enabled>true</ldap-enabled>
    <ldap-hostname>host1</ldap-hostname>
    <ldap-port>24001</ldap-port>
    <ldap-ssl>false</ldap-ssl>
    <ldap-base-dn>ou=people,dc=abc,dc=com</ldap-base-dn>
    <ldap-user-dn>uid=JDoe,ou=people,dc=abc,dc=com</ldap-user-dn>
    <ldap-user-pass>05V2irWBg8O39H6ANGic377UWooJuIbJiHE+ZqKPvUY=</ldap-user-pass>
    <cert-uniqueid-field>subject</cert-uniqueid-field>
    <cert-uniqueid-regex>CN=\w*\.\w*\.(\d+),</cert-uniqueid-regex>
    <ldap-uniqueid-search-field>facsimileTelephoneNumber</ldap-uniqueid-search-field>
    <ldap-cache-lifetime>300</ldap-cache-lifetime>
  </ldap>
</Daemon>

</SmartCardService>