Bari mu Encrypt wata hukuma ce mai zaman kanta wacce ke ba da takaddun shaida kyauta ga kowa. game da sokewa mai zuwa na yawancin takaddun shaida na TLS/SSL da aka bayar. Daga cikin miliyan 116 da ke aiki a halin yanzu Bari mu Encrypt takaddun shaida, za a soke kadan fiye da miliyan 3 (2.6%), wanda kusan miliyan 1 kwafi ne da ke da alaƙa da yanki ɗaya (kuskuren ya shafi takaddun shaida waɗanda ake sabunta su akai-akai, wanda shine me yasa akwai kwafi da yawa). An shirya kiran a ranar 4 ga Maris (har yanzu ba a tantance ainihin lokacin ba, amma ba za a yi kiran ba har sai 3 na safe MSK).
Bukatar tunawa ta faru ne saboda ganowar ranar 29 ga Fabrairu . Matsalar tana bayyana tun Yuli 25, 2019 kuma tana shafar tsarin duba bayanan CAA a cikin DNS. CAA rikodin (, Izinin Izinin Takaddun shaida) yana bawa mai yankin damar bayyana ikon tabbatarwa a sarari ta inda za a iya samar da takaddun shaida don takamaiman yanki. Idan ba a jera CA a cikin bayanan CAA ba, dole ne ta toshe bayar da takaddun shaida don yankin da aka bayar kuma ya sanar da mai yankin game da ƙoƙarin daidaitawa. A mafi yawan lokuta, ana buƙatar takardar shaidar nan da nan bayan wucewar rajistan CAA, amma ana ɗaukar sakamakon cak ɗin yana aiki har tsawon kwanaki 30. Dokokin kuma suna buƙatar sake tabbatarwa da za a yi bayan sa'o'i 8 kafin a ba da sabuwar takardar shaida (watau, idan sa'o'i 8 sun shuɗe tun bayan binciken ƙarshe lokacin neman sabon takaddun shaida, ana buƙatar sake tabbatarwa).
Kuskuren yana faruwa idan buƙatar takardar shedar ta ƙunshi sunayen yanki da yawa a lokaci ɗaya, kowannensu yana buƙatar rajistan rikodin CAA. Ma'anar kuskuren shine cewa a lokacin sake dubawa, maimakon tabbatar da duk wuraren, yanki ɗaya kawai daga jerin an sake duba shi (idan buƙatar tana da N domains, maimakon N daban-daban cak, an duba ɗaya yanki N. sau). Ga sauran wuraren da suka rage, ba a yi rajista na biyu ba kuma an yi amfani da bayanan daga rajistan farko lokacin yanke shawara (watau bayanan da suka kai kwanaki 30 ana amfani da su). Sakamakon haka, a cikin kwanaki 30 bayan tabbatarwa na farko, Bari mu Encrypt na iya ba da takaddun shaida ko da an canza ƙimar rikodin CAA kuma an cire Mu Encrypt daga jerin CAs masu karɓa.
Ana sanar da masu amfani da abin ya shafa ta imel idan an cika bayanin lamba lokacin karɓar takaddun shaida. Kuna iya duba takaddun shaida ta zazzagewa serial lambobi na soke takaddun shaida ko amfani (yana cikin adireshin IP, a cikin Tarayyar Rasha ta Roskomnadzor). Kuna iya gano lambar serial na takaddun shaida don yankin sha'awa ta amfani da umarnin:
openssl s_client -connect example.com:443 -showcerts /dev/null\
| openssl x509 -rubutu -noout | grep -A 1 Serial \ Lamba | tr -d:
source: budenet.ru