Ma ka Pōʻaono Mei 30, 2020, ʻaʻole i ʻike koke ʻia kahi pilikia me nā palapala SSL/TLS kaulana mai ka mea kūʻai aku ʻo Sectigo (comodo ma mua). Ua hoʻomau ʻia nā palapala hōʻoia i ka hoʻonohonoho pono ʻana, akā ua lilo kekahi o nā palapala CA waena i nā kaulahao i hoʻolako ʻia ai kēia mau palapala. ʻAʻole make ke kūlana, akā maikaʻi ʻole: ʻaʻole i ʻike nā mana o kēia manawa o nā polokalamu kele pūnaewele, akā ʻaʻole i mākaukau ka hapa nui o ka automation a me nā polokalamu kahiko / OS no kēlā huli.
ʻAʻole ʻokoʻa ʻo Habr, ʻo ia ke kumu i kākau ʻia ai kēia papahana hoʻonaʻauao / postmortem.
Aku; DR Aia ka hopena ma ka hope loa.
E hoʻokuʻu i ka manaʻo kumu e pili ana iā PKI, SSL/TLS, https, etc. ʻO ka mechanics o ka hōʻoia me kahi palapala hoʻopalekana domain e kūkulu i kahi kaulahao o nā palapala hōʻoia a hiki i ka mea i hilinaʻi ʻia e ka polokalamu kele pūnaewele a i ʻole ka ʻōnaehana hana, i mālama ʻia i loko o ka hale kūʻai Trust. Hāʻawi ʻia kēia papa inoa me ka ʻōnaehana hana, ka kaiaola holo manawa, a i ʻole ka polokalamu kele pūnaewele. Loaʻa ka lā pau o nā palapala hōʻoia, a laila manaʻo ʻia ʻaʻole hilinaʻi ʻia, me nā palapala hōʻoia ma ka hale kūʻai hilinaʻi. He aha ke ʻano o ke kaulahao hilinaʻi ma mua o ka lā hopena? E kōkua ka mea hoʻohana pūnaewele iā mākou e hoʻomaopopo. mai Qualys.
No laila, ʻo kekahi o nā palapala hōʻoia "ʻoihana" kaulana loa ʻo Sectigo Positive SSL (i kapa mua ʻia ʻo Comodo Positive SSL, hoʻohana mau ʻia nā palapala me kēia inoa), ʻo ia ka mea i kapa ʻia ʻo DV palapala. ʻO DV ka pae mua loa o ka palapala hōʻoia, ʻo ia hoʻi ka nānā ʻana i ke komo ʻana i ka hoʻokele domain no ka mea hoʻopuka o ia palapala. ʻOiaʻiʻo, kū ʻo DV no ka "hōʻoia domain". No ka ʻike: aia pū kekahi OV (hōʻoia hui) a me EV (hōʻoia hoʻonui), a ʻo kahi palapala manuahi mai Let's Encrypt ʻo DV pū kekahi. No ka poʻe no kekahi kumu ʻaʻole ʻoluʻolu i ka mīkini ACME, ʻo ka huahana SSL Positive ka mea kūpono loa i nā ʻōlelo o ke kumukūʻai / hiʻohiʻona ratio (kahi palapala hōʻoia hoʻokahi-domain e pili ana i $ 5-7 i kēlā me kēia makahiki me ka hōʻoia o ka palapala hōʻoia a hiki i 2 makahiki a me 3 mahina).
A hiki i kēia manawa, ua hāʻawi ʻia ka palapala Sectigo DV (RSA) maʻamau me kēia kaulahao o nā CA waena:
Certificate #1:
Data:
Version: 3 (0x2)
Serial Number:
7d:5b:51:26:b4:76:ba:11:db:74:16:0b:bc:53:0d:a7
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Validity
Not Before: Nov 2 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2030 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Certificate #2:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification AuthorityʻAʻohe "palapala ʻekolu", kahi i hoʻopaʻa inoa iā ia iho mai AddTrust AB, no ka mea, i kekahi manawa i manaʻo ʻia he ʻano maikaʻi ʻole ke hoʻokomo ʻana i nā palapala kumu i hoʻopaʻa inoa ʻia i nā kaulahao. Hiki iā ʻoe ke hoʻomaopopo i ka CA intermediate i hoʻopuka ʻia e UserTrust mai AddTrust i ka lā pau o Mei 30, 2020. ʻAʻole maʻalahi kēia, ʻoiai ua hoʻolālā ʻia kahi kaʻina hana decommissioning no kēia CA. Ua manaʻo ʻia ma ka lā 30 o Mei, 2020, ua ʻike ʻia kahi palapala i kau inoa ʻia mai UserTrust i nā hale kūʻai hilinaʻi āpau i kēia manawa (ma lalo o ka puʻupuʻu ʻo ia ka palapala like, a i ʻole he kī lehulehu) a me ke kaulahao, ʻoiai me kahi Ua hoʻokomo ʻia ka palapala hōʻoia i hilinaʻi ʻole ʻia, e hana ʻia nā ala ʻē aʻe a ʻaʻohe mea e ʻike. Eia nō naʻe, ua hoʻopau ʻia nā hoʻolālā e ka ʻoiaʻiʻo, ʻo ia hoʻi ka huaʻōlelo maopopo ʻole "nā ʻōnaehana hoʻoilina". ʻOiaʻiʻo, ʻaʻole ʻike ka poʻe nona nā mana o kēia manawa o nā polokalamu kele pūnaewele, akā ua haki kekahi mauna o ka automation i kūkulu ʻia ma nā hale waihona puke curl a ssl/tls o kekahi mau ʻōlelo papahana a me nā kaiapuni hoʻokō code. Pono ʻoe e hoʻomaopopo he nui nā huahana ʻaʻole alakaʻi ʻia e nā mea hana hale kaulahao i kūkulu ʻia i loko o ka OS, akā "lawe" i kā lākou hale kūʻai hilinaʻi me lākou. ʻAʻole loaʻa iā lākou nā mea āu e makemake ai e ʻike . A ma Linux, ʻaʻole hoʻonui mau ʻia nā pūʻolo e like me ca-certificate. I ka hopena, ua like nā mea a pau, akā,ʻaʻohe mea e hana maʻaneʻi a ma laila.
Mai ka Kiʻi 1 ua maopopo ʻoiai no ka hapa nui o nā mea a pau e like me ka mea maʻamau, no ka mea, ua haki kekahi mea a hāʻule nui ke kaʻa (ka laina ʻulaʻula hema), a laila ua ulu ia i ka wā i hoʻololi ʻia ai kekahi o nā palapala kī (ka laina ʻākau). Aia kekahi mau spike ma waena, i ka wā i hoʻololi ʻia ai nā palapala hōʻoia ʻē aʻe, kahi i hilinaʻi ʻia ai kekahi mea. No ka mea no ka hapa nui o nā mea a pau i hoʻomau i ka hana maʻamau a ʻoi aku ka liʻiliʻi (koe naʻe nā glitches ʻē aʻe e like me ka hiki ʻole ke hoʻouka i nā kiʻi ma Habrastorage), hiki iā mākou ke huki i kahi hopena pili ʻole e pili ana i ka helu o nā mea kūʻai aku a me nā bots ma Habr.
Kiʻi 1. Kiʻi kaʻa ma Habré.
Mai ka Figure 2, hiki iā ʻoe ke loiloi pehea i loko o nā mana o kēia manawa i kūkulu ʻia kahi kaulahao "ʻokoʻa" i kahi palapala CA hilinaʻi ma ka polokalamu kele o ka mea hoʻohana, ʻoiai inā aia kahi palapala "popopo" i ke kaulahao. ʻO kēia, e like me kā Sectigo i manaʻoʻiʻo ai, ʻo ia ke kumu ʻaʻole e hana i kekahi mea.
Kiʻi 2. Ka kaulahao i ka palapala hilinaʻi o ka mana hou o ka polokalamu kele pūnaewele.
Akā ma ke Kiʻi 3 hiki iā ʻoe ke ʻike i ke ʻano o nā mea āpau ke hele hewa kekahi a loaʻa iā mākou kahi ʻōnaehana hoʻoilina. I kēia hihia, ʻaʻole i hoʻokumu ʻia ka pilina HTTPS a ʻike mākou i kahi hewa e like me ka "hōʻoia hōʻoia i hāʻule" a i ʻole like.
Kiʻi 3. Ua hōʻole ʻia ke kaulahao no ka mea ʻo ka palapala kumu a me ka palapala waena i pūlima ʻia e ia he "popopo."
Ma ka Kiʻi 4 ua ʻike mua mākou i kahi "hoʻonā" no nā ʻōnaehana hoʻoilina: aia kekahi palapala kikowaena waena, a i ʻole he "hōʻailona cross" mai kahi CA ʻē aʻe, i hoʻokomo pinepine ʻia i nā ʻōnaehana hoʻoilina. ʻO kēia ka mea e pono ai ʻoe e hana: e ʻimi i kēia palapala hōʻoia (i hōʻailona ʻia ʻo Extra download) a hoʻololi i ka "popopo" me ia.
Kiʻi 4. Nā kaulahao ʻē aʻe no nā ʻōnaehana hoʻoilina.
Ma ke ala: ʻaʻole i hoʻolaha nui ʻia ka pilikia a i ʻole kekahi kūkākūkā lehulehu, ʻo ia hoʻi ma muli o ka haʻaheo nui o Sectigo. Eia, no ka laʻana, ka manaʻo o kekahi o nā mea hoʻolako palapala i i kēia kūlana:
Ma mua lākou [Sectigo] ʻO nā mea a pau e hōʻoiaʻiʻo ʻaʻole e pilikia. Eia nō naʻe, ʻo ka ʻoiaʻiʻo, ua pili kekahi mau kikowaena hoʻoilina / mea hana.
He kūlana ʻakaʻaka kēlā. Ua kuhikuhi mākou i ko lākou nānā ʻana i ka AddTrust RSA/ECC e pau ana i nā manawa he nui i loko o hoʻokahi makahiki a i kēlā me kēia manawa e hōʻoiaʻiʻo mai ʻo Sectigo iā mākou ʻaʻohe pilikia.
Ua ninau aku au ma Stack Overflow e pili ana i kēia i hoʻokahi mahina i hala aku nei, akā, ʻike ʻia, ʻaʻole kūpono loa ka lehulehu o ka papahana no ia mau nīnau, no laila pono wau e pane iaʻu iho ma hope o ka nānā ʻana.
Sectigo Aia kahi FAQ e pili ana i kēia, akā ʻaʻole hiki ke heluhelu ʻia a lōʻihi ʻaʻole hiki ke hoʻohana. Eia kahi ʻōlelo ʻo ia ka quintessence o ka hoʻolaha holoʻokoʻa.
He aha kāu e pono ai e hana
No ka hapa nui o nā hihia, me nā palapala hōʻoia e lawelawe ana i nā mea kūʻai aku a i ʻole nā pūnaewele kikowaena, ʻaʻohe hana e koi ʻia, inā ʻoe i hoʻopuka i nā palapala hōʻoia i hoʻopaʻa ʻia i ke kumu AddTrust.I ka la 30 o Aperila, 2020: No nā kaʻina hana ʻoihana e hilinaʻi ana i nā ʻōnaehana kahiko loa, ua hoʻolako ʻo Sectigo (ma ke ʻano maʻamau i nā pūʻulu palapala hōʻoia) kahi kumu hoʻoilina hou no ke kau inoa ʻana, ʻo ke kumu "AAA Certificate Services". Eia naʻe, e ʻoluʻolu e hoʻohana i ka akahele loa e pili ana i kekahi kaʻina hana e pili ana i nā ʻōnaehana hoʻoilina kahiko loa. ʻO nā ʻōnaehana i loaʻa ʻole i nā mea hou e pono ai ke kākoʻo i nā aʻa hou e like me ke kumu COMODO o Sectigo e ʻike ʻole ʻia e nalo ana i nā mea hou palekana koʻikoʻi a pono e noʻonoʻo ʻia ʻaʻole palekana. Inā makemake ʻoe e hoʻopaʻa inoa i ke kumu AAA Certificate Services, e kelepona pololei iā Sectigo.
Makemake au i ka thesis "kahiko loa", ʻoiaʻiʻo. No ka laʻana, curl i ka console o Ubuntu Linux 18.04 LTS (ʻo kā mākou kumu OS i kēia manawa) me nā mea hou loa ʻaʻole i ʻoi aku ma mua o hoʻokahi mahina ʻaʻole hiki ke kapa ʻia he kahiko loa, akā ʻaʻole hana.
Ua hoʻokuʻu ka hapa nui o nā mea hoʻolaha palapala i kā lākou mau manaʻo hoʻoholo i ke ahiahi o Mei 30th. No ka laʻana, kūpono loa ʻenehana mai (me kahi wehewehe kikoʻī o ka mea e hana ai a me nā pūʻulu CA i mākaukau i loko o nā waihona zip, akā ʻo RSA wale nō):
Kiʻi 5. ʻEhiku mau ʻanuʻu e hoʻoponopono koke i nā mea āpau.
he nui na mai Redhat, akā ʻoi aku ka nui o nā mea āpau a pono ʻoe e hoʻokomo i kahi palapala hoʻoilina aʻa hou aʻe mai Comodo no nā mea āpau e hana.
olelo hooholo
He mea pono ke kope kope i ka hopena maanei. Aia ma lalo nā pūʻulu ʻelua o nā kaulahao palapala DV ʻO Sectigo (ʻaʻole Comodo!), Hoʻokahi no nā palapala hōʻoia RSA maʻamau, ʻo kekahi no nā palapala hōʻoia ECC (ECDSA) ʻike ʻole ʻia (ua hoʻohana mākou i ʻelua mau kaulahao no ka manawa lōʻihi). ʻOi aku ka paʻakikī me ka ECC, no ka mea, ʻaʻole i noʻonoʻo ka hapa nui o nā hoʻonā i ka loaʻa ʻana o ia mau palapala ma muli o ko lākou haʻahaʻa haʻahaʻa. ʻO ka hopena, ua loaʻa ka palapala hōʻoia waena ma .
Chain no nā palapala hōʻoia e pili ana i kahi algorithm kī RSA. E hoʻohālikelike me kāu kaulahao a e hoʻomaopopo ua hoʻololi wale ʻia ka palapala hōʻoia lalo, aʻo ka mea ma luna e mau ana. Hoʻokaʻawale wau iā lākou i nā kūlana o kēlā me kēia lā e nā hua hope ʻekolu o nā poloka base64, ʻaʻole helu i ka hōʻailona "like" (i kēia hihia. En8= и 1+V):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
# Algo: RSA, key size: 2048
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB
# SHA-256 Fingerprint: 7F:A4:FF:68:EC:04:A9:9D:75:28:D5:08:5F:94:90:7F:4D:1D:D1:C5:38:1B:AC:DC:83:2E:D5:C9:60:21:46:76
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Algo: RSA, key size: 4096
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
# SHA-256 Fingerprint: 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----Chain no nā palapala hōʻoia e pili ana i kahi algorithm kī ECC. E like me ke kaulahao no RSA, ua hoʻololi wale ʻia ka palapala haʻahaʻa, a ʻo ka mea i luna e mau nō ia (i kēia hihia. fmA== и v/c=):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Domain Validation Secure Server CA
# Algo: EC secp256r1, key size: 256
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: E8:49:90:CB:9B:F8:E3:AB:0B:CA:E8:A6:49:CB:30:FE:4D:C4:D7:67
# SHA-256 Fingerprint: 61:E9:73:75:E9:F6:DA:98:2F:F5:C1:9E:2F:94:E6:6C:4E:35:B6:83:7C:E3:B9:14:D2:24:5C:7F:5F:65:82:5F
-----BEGIN CERTIFICATE-----
MIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw
MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
D1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xk
IQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8Z
wpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYD
VR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYD
VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz
dEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/
BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVD
Q0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRs
cS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd9
4ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Algo: EC secp384r1, key size: 384
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: CA:77:88:C3:2D:A1:E4:B7:86:3A:4F:B5:7D:00:B5:5D:DA:CB:C7:F9
# SHA-256 Fingerprint: A6:CF:64:DB:B4:C8:D5:FD:19:CE:48:89:60:68:DB:03:B5:33:A8:D1:33:6C:62:56:A8:7D:00:CB:B3:DE:F3:EA
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----ʻOi loa kēlā. Mahalo no kou noonoo.
Source: www.habr.com