A ranar Asabar, Mayu 30, 2020, wata matsala da ba a bayyana ba ta taso tare da shahararrun takaddun shaida na SSL / TLS daga mai siyar da Sectigo (tsohon Comodo). Takaddun shaida da kansu sun ci gaba da kasancewa cikin tsari mai kyau, duk da haka, ɗayan matsakaicin takaddun shaida na CA a cikin sarƙoƙin da aka ba da waɗannan takaddun ya lalace. Halin da ake ciki ba shine a ce mai kisa ba, amma mara dadi: nau'ikan masu bincike na yanzu ba su lura da komai ba, duk da haka, yawancin sarrafa kansa da tsoffin masu bincike / OS ba su shirya don irin wannan bitar ba.
Habr bai banbanta ba, wanda shine dalilin da ya sa aka rubuta wannan shirin ilimi / bayan mutuwa.
TL, DR Magani a ƙarshe.
Bari mu tsallake ainihin ka'idar game da PKI, SSL/TLS, https da ƙari. Makanikan tantancewa tare da takaddun tsaro na yanki shine gina jerin takaddun takaddun shaida ga ɗaya daga cikin waɗanda aka amince da browser ko tsarin aiki, waɗanda aka adana a cikin abin da ake kira Trust Store. Ana rarraba wannan jeri tare da tsarin aiki, yanayin yanayin lokaci na lokaci, ko mai lilo. Duk wasu takaddun shaida suna da ranar karewa bayan haka ana ɗaukar su marasa amintacce, gami da takaddun shaida a cikin shagon amintaccen. Yaya sarkar amana ta kasance kafin ranar kaddara? Mai amfani da gidan yanar gizo zai taimake mu mu gano shi daga Qualys.
Don haka, ɗayan shahararrun takaddun shaida na "kasuwanci" shine Sectigo Positive SSL (tsohon Comodo Positive SSL, takaddun shaida da wannan sunan har yanzu ana amfani da su), shine abin da ake kira DV-certificate. DV shine mafi girman matakin takaddun shaida, ma'ana tabbatar da samun damar gudanar da yanki ta mai ba da irin wannan takardar shaidar. A haƙiƙa, DV tana nufin "tabbatar da yanki". Don tunani: akwai kuma OV (ingantattun ƙungiyoyi) da EV (tsawaita ingantaccen inganci), da takardar shedar kyauta daga Let's Encrypt shima DV ne. Ga waɗanda saboda wasu dalilai ba su gamsu da tsarin ACME ba, Samfurin SSL mai inganci shine mafi dacewa dangane da farashi / fasali (takardar yanki guda ɗaya tana kashe kusan dala 5-7 a kowace shekara tare da jimlar ingancin takaddun shaida sama da duka. shekaru 2 da watanni 3).
Takaddun shaida na Sectigo DV Generic (RSA) har zuwa kwanan nan ta zo tare da wannan sarkar CAs:
Certificate #1:
Data:
Version: 3 (0x2)
Serial Number:
7d:5b:51:26:b4:76:ba:11:db:74:16:0b:bc:53:0d:a7
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Validity
Not Before: Nov 2 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2030 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Certificate #2:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification AuthorityBabu “takardar shaida ta uku”, mai sanya hannu daga AddTrust AB, tunda a wani lokaci a wani lokaci ya zama la’akari da munanan ɗabi’a don haɗa takaddun takaddun tushen sa hannu a cikin sarƙoƙi. Lura cewa matsakaicin CA wanda AddTrust's UserTrust ya bayar yana da ranar karewa na Mayu 30, 2020. Wannan ba abu ne mai sauƙi ba, kamar yadda aka tsara tsarin ƙaddamarwa don wannan CA. An yi imanin cewa zuwa ranar 30 ga Mayu, 2020, takardar shaidar da aka sanya hannu daga UserTrust za ta bayyana a duk shagunan amana a wannan lokacin (a ƙarƙashin hular, wannan takaddun shaida ɗaya ne, ko kuma maɓalli na jama'a) da sarkar, har ma da riga an haɗa takardar shaidar da ba a amince da ita ba, za ta sami hanyar gina wasu hanyoyi kuma ba wanda zai lura. Duk da haka, tsare-tsaren sun rushe a gaskiya, wato dogon lokaci "tsarin gado". Lallai, masu nau'ikan burauza na yanzu ba su lura da komai ba, duk da haka, dutsen sarrafa kansa da aka gina akan curl da dakunan karatu na ssl/tls na harsunan shirye-shirye da dama da wuraren aiwatar da code sun lalace. Ya kamata a fahimci cewa samfurori da yawa ba sa jagorancin kayan aikin ginin sarkar da aka gina a cikin OS, amma suna "ɗauka" kantin sayar da su tare da su. Kuma ba koyaushe suna ɗauke da abin da suke son gani ba. . Kuma a cikin Linux, fakiti kamar ca-certificates ba koyaushe ake sabunta su ba. A ƙarshe, duk abin da ke da alama yana cikin tsari, amma wani abu ba ya aiki nan da can.
Daga Hoto na 1, a bayyane yake cewa ko da yake komai ya kasance kamar yadda aka saba ga yawancin mafi yawan, wani abu ya karye ga wani kuma zirga-zirgar zirga-zirgar ta ragu sosai (layin hagu na hagu), sannan ya girma lokacin da aka maye gurbin ɗaya daga cikin takaddun shaida (layin dama). An yi ta fashewa a tsakiya, lokacin da aka canza wasu takaddun shaida, wanda wani abu ma ya dogara. Tunda ga yawancin komai na gani yana ci gaba da yin aiki akai-akai ko žasa (ban da glitches masu ban mamaki kamar rashin yiwuwar loda hotuna akan Habrastorage), za mu iya yin yanke shawara kai tsaye game da adadin abokan ciniki na gado da bots akan Habré.
Hoto 1. Hotunan "hanyoyi" akan Habré.
Hoto na 2 yana nuna yadda aka gina sarkar "madadin" a cikin nau'ikan masu bincike na yanzu zuwa amintaccen takardar shaidar CA a cikin burauzar mai amfani, koda kuwa akwai takardar shedar "ruɓe" a cikin sarkar. Wannan, kamar yadda Sectigo kanta ta yi imani, shine ainihin dalilin rashin yin komai.
Hoto 2. Sarkar zuwa amintaccen takaddun shaida don sigar burauzar zamani.
Amma a cikin Hoto na 3, zaku iya ganin yadda komai ya kasance da gaske lokacin da wani abu ya ɓace kuma muna da tsarin gado. A wannan yanayin, haɗin HTTPS ba a kafa shi ba kuma muna ganin kuskure kamar "takardar shaidar ta kasa" ko makamancin haka.
Hoto 3. An lalata sarkar saboda tushen takardar shaidar da tsaka-tsakin da ta sanya hannu sun kasance "rubbace".
A cikin hoto na 4, mun riga mun ga "mafifi" don tsarin gado: akwai wata takardar shaidar matsakaici, ko kuma "sa hannu-giciye" daga wani CA, wanda yawanci ana shigar dashi a cikin tsarin gado. Wannan shine abin da kuke buƙatar yi: nemo wannan takaddun shaida (wanda aka yiwa alama azaman Extra zazzagewa) kuma maye gurbin "ruɓaɓɓen" da ita.
Hoto 4. Madadin sarkar don tsarin gado.
Af: matsalar ba ta da fa'ida mai yawa da kuma wani nau'i na tattaunawa a cikin jama'a, ciki har da saboda girman kai na Sectigo. Misali, ga ra'ayin daya daga cikin masu samar da satifiket a ciki ga wannan hali:
A baya sun [Sectigo] ya tabbatar wa kowa da kowa cewa babu matsala. Koyaya, gaskiyar ita ce an shafe wasu sabar/na'urori na gado.
Wannan lamari ne na ban dariya. Mun nuna hankalinsu ga ƙararwar AddTrust RSA/ECC sau da yawa a cikin shekara guda kuma duk lokacin da Sectigo ya ba mu tabbacin babu wata matsala da za ta kasance.
Ni da kaina na tambaya akan Stack Overflow game da wannan wata daya da ya wuce, amma a fili, masu sauraron aikin ba su dace da irin waɗannan tambayoyin ba, don haka sai na amsa da kaina bayan bincike.
sashen Akwai FAQ akan wannan batu, amma ba za a iya karantawa ba kuma yana da tsayi har ba zai yiwu a yi amfani da shi ba. Anan ga magana wacce ita ce jigon dukan littafin:
Abin da Kuna Bukatar Yi
Don yawancin shari'o'in amfani, gami da takaddun shaida bautar abokin ciniki na zamani ko tsarin uwar garken, babu wani aiki da ake buƙata, ko kun ba da takaddun shaida ga tushen AddTrust ko a'a.Tun daga 30 ga Afrilu, 2020: Domin kasuwanci tafiyar matakai da suka dogara da sosai tsohon tsarin, Sectigo ya sanya samuwa (ta tsohuwa a cikin takardar shaidar daure) wani sabon gado tushen giciye-sa hannu, da "AAA Certificate Services" tushen. Koyaya, da fatan za a yi taka tsantsan game da kowane tsari wanda ya dogara da tsoffin tsarin gado. Tsarukan da ba su sami sabuntawar da suka dace don tallafawa sabbin tushen tushen kamar Sectigo's COMODO tushen babu makawa ba za su rasa wasu mahimman abubuwan sabunta tsaro ba kuma yakamata a yi la'akari da rashin tsaro. Idan har yanzu kuna son ketare alamar zuwa tushen Sabis na Takaddun shaida na AAA, da fatan za a tuntuɓi Sectigo kai tsaye.
Ina matukar son labarin "tsohuwar sosai", ba shakka. Misali, curl a cikin na'ura wasan bidiyo na Ubuntu Linux 18.04 LTS (tushen OS ɗinmu a halin yanzu) tare da sabbin abubuwan sabuntawa waɗanda ba su girme wata ɗaya ba, yana da wahala a kira tsofaffi sosai, amma ba ya aiki.
Yawancin masu rarraba takaddun shaida sun fitar da bayanin shawarar su a yammacin ranar 30 ga Mayu. Alal misali, sosai dace da fasaha sharuddan daga (tare da takamaiman bayanin abin da za a yi kuma tare da shirye-shiryen CA-daure a cikin ɗakunan ajiya na zip, amma RSA kawai):
Hoto 5. Matakai bakwai don gyara abubuwa da sauri.
Akwai daga Redhat, amma akwai ƙarin Legacy kuma kuna buƙatar shigar da takardar shaidar gado har ma daga Comodo don komai ya yi aiki.
yanke shawara
Yana da kyau a kwafi maganin anan kuma. A ƙasa akwai jeri biyu na sarƙoƙi don takaddun shaida DV Sectigo (ba Comodo!), Daya don sanannun takaddun shaida na RSA, ɗayan don takaddun shaida na ECC (ECDSA) maras sani (mun daɗe muna amfani da sarƙoƙi biyu). Tare da ECC, ya kasance mafi wahala, tun da yawancin mafita ba sa la'akari da kasancewar irin waɗannan takaddun shaida saboda ƙarancin ƙarancin su. Sakamakon haka, an sami takaddun matsakaicin da ake buƙata akan .
Sarkar don takaddun shaida bisa mahimmin algorithm RSA. Kwatanta da sarkar ku kuma lura cewa ƙananan takaddun shaida ne kawai aka maye gurbinsu, yayin da na sama ya kasance iri ɗaya. Na bambanta su a gida da haruffa uku na ƙarshe na tubalan tushe64, ba tare da kirga halin "daidai" ba (a cikin wannan yanayin. En8= и 1+V):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
# Algo: RSA, key size: 2048
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB
# SHA-256 Fingerprint: 7F:A4:FF:68:EC:04:A9:9D:75:28:D5:08:5F:94:90:7F:4D:1D:D1:C5:38:1B:AC:DC:83:2E:D5:C9:60:21:46:76
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Algo: RSA, key size: 4096
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
# SHA-256 Fingerprint: 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----Sarkar don takaddun shaida bisa mahimmin algorithm ECC. Hakazalika tare da sarkar don RSA, kawai an maye gurbin ƙananan takardar shaidar, yayin da babba ya kasance iri ɗaya (a cikin wannan yanayin fmA== и v/c=):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Domain Validation Secure Server CA
# Algo: EC secp256r1, key size: 256
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: E8:49:90:CB:9B:F8:E3:AB:0B:CA:E8:A6:49:CB:30:FE:4D:C4:D7:67
# SHA-256 Fingerprint: 61:E9:73:75:E9:F6:DA:98:2F:F5:C1:9E:2F:94:E6:6C:4E:35:B6:83:7C:E3:B9:14:D2:24:5C:7F:5F:65:82:5F
-----BEGIN CERTIFICATE-----
MIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw
MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
D1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xk
IQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8Z
wpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYD
VR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYD
VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz
dEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/
BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVD
Q0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRs
cS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd9
4ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Algo: EC secp384r1, key size: 384
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: CA:77:88:C3:2D:A1:E4:B7:86:3A:4F:B5:7D:00:B5:5D:DA:CB:C7:F9
# SHA-256 Fingerprint: A6:CF:64:DB:B4:C8:D5:FD:19:CE:48:89:60:68:DB:03:B5:33:A8:D1:33:6C:62:56:A8:7D:00:CB:B3:DE:F3:EA
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----Wannan shi ne kyakkyawa da yawa. Na gode da kulawar ku.
source: www.habr.com