Hnub Saturday Lub Tsib Hlis 30, 2020, qhov teeb meem tsis meej tam sim ntawd tshwm sim nrog cov ntawv pov thawj SSL / TLS nrov los ntawm tus neeg muag khoom Sectigo (yav tas los Comodo). Cov ntawv pov thawj lawv tus kheej txuas ntxiv mus rau hauv kev txiav txim zoo, txawm li cas los xij, ib qho ntawm cov ntawv pov thawj CA nruab nrab hauv cov saw hlau uas cov ntawv pov thawj tau muab nkag mus rau lwj. Qhov xwm txheej tsis yog hais tias tuag taus, tab sis tsis kaj siab: tam sim no versions ntawm browsers tsis pom dab tsi, txawm li cas los xij, feem ntau ntawm cov automations thiab qub browsers / OS tsis tau npaj rau qhov kev tig.
Habr tsis muaj kev zam, uas yog vim li cas qhov kev kawm no / postmortem tau sau.
TL; DR Kev daws qhov kawg.
Cia peb hla txoj kev xav ntawm PKI, SSL / TLS, https thiab ntau dua. Cov kws kho tsheb ntawm kev lees paub nrog daim ntawv pov thawj kev ruaj ntseg yog los tsim cov saw hlau ntawm ntau daim ntawv pov thawj rau ib qho ntawm cov neeg ntseeg siab los ntawm browser lossis kev ua haujlwm, uas tau muab khaws cia rau hauv lub npe Trust Store. Daim ntawv teev npe no tau muab faib nrog lub operating system, code runtime ecosystem, lossis browser. Txhua daim ntawv pov thawj muaj hnub tas sij hawm tom qab uas lawv suav tias tsis ntseeg, suav nrog cov ntawv pov thawj hauv lub khw muag khoom. Txoj saw kev ntseeg zoo li cas ua ntej hnub muaj hmoo? Kev siv lub vev xaib yuav pab peb txheeb xyuas nws los ntawm Qualys.
Yog li, ib daim ntawv pov thawj "kev lag luam" nrov tshaj plaws yog Sectigo Positive SSL (yav tas los Comodo Positive SSL, daim ntawv pov thawj nrog lub npe no tseem siv), nws yog lub npe hu ua DV-certificate. DV yog qhov tseem ceeb tshaj plaws ntawm daim ntawv pov thawj, lub ntsiab lus pov thawj ntawm kev nkag mus rau kev tswj hwm los ntawm tus neeg muab daim ntawv pov thawj zoo li no. Qhov tseeb, DV stands rau "domain validation". Rau kev siv: kuj tseem muaj OV (lub koom haum validation) thiab EV (extended validation), thiab daim ntawv pov thawj pub dawb los ntawm Let's Encrypt kuj yog DV. Rau cov neeg uas vim qee yam tsis txaus siab rau ACME mechanism, Cov khoom lag luam zoo SSL yog qhov tsim nyog tshaj plaws ntawm cov nqi / cov yam ntxwv (ib daim ntawv pov thawj tus nqi kwv yees li 5-7 las ib xyoos nrog rau tag nrho daim ntawv pov thawj validity lub sij hawm nce. mus txog 2 xyoos thiab 3 lub hlis).
Sectigo DV Generic Certificate (RSA) kom txog rau thaum nyuam qhuav tuaj nrog cov saw ntawm nruab nrab CAs:
Certificate #1:
Data:
Version: 3 (0x2)
Serial Number:
7d:5b:51:26:b4:76:ba:11:db:74:16:0b:bc:53:0d:a7
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Validity
Not Before: Nov 2 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2030 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Certificate #2:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification AuthorityTsis muaj "daim ntawv pov thawj thib peb", tus kheej kos npe los ntawm AddTrust AB, txij li thaum qee lub sijhawm nws tau dhau los ua tus coj tsis zoo los suav nrog tus kheej kos npe hauv paus hauv cov saw hlau. Nco ntsoov tias qhov nruab nrab CA muab los ntawm AddTrust's UserTrust muaj hnub tas sij hawm ntawm Tsib Hlis 30, 2020. Qhov no tsis yog ib qho yooj yim, vim tias txoj kev txiav tawm tau npaj rau CA no. Nws tau ntseeg tias los ntawm Lub Tsib Hlis 30, 2020, daim ntawv pov thawj kos npe los ntawm UserTrust yuav tshwm sim hauv txhua lub khw muag khoom ntseeg siab los ntawm lub sijhawm no (hauv qab lub hood, qhov no yog daim ntawv pov thawj tib yam, lossis ib qho tseem ceeb rau pej xeem) thiab cov saw, txawm tias muaj twb tsis ntseeg daim ntawv pov thawj suav nrog, yuav muaj lwm txoj hauv kev hauv tsev thiab tsis muaj leej twg yuav pom. Txawm li cas los xij, cov phiaj xwm poob rau hauv kev muaj tiag, uas yog lub sij hawm ntev "legacy systems". Tseeb tiag, cov tswv ntawm tam sim no versions ntawm browsers tsis pom dab tsi, txawm li cas los xij, lub roob ntawm automation ua rau curl thiab ssl / tls cov tsev qiv ntawv ntawm ntau hom lus programming thiab code execution ib puag ncig tsoo. Nws yuav tsum to taub tias ntau yam khoom tsis yog coj los ntawm cov cuab yeej tsim cov cuab yeej tsim rau hauv OS, tab sis "nqa" lawv lub khw muag khoom nrog lawv. Thiab lawv tsis tas yuav muaj qhov lawv xav pom. . Thiab hauv Linux, pob ntawv zoo li ca-certificates tsis yog ib txwm hloov kho. Thaum kawg, txhua yam zoo li nyob rau hauv kev txiav txim, tab sis ib yam dab tsi tsis ua hauj lwm ntawm no thiab muaj.
Los ntawm daim duab 1, nws yog qhov tseeb tias txawm tias txhua yam zoo li niaj zaus rau feem coob, ib yam dab tsi tawg rau ib tus neeg thiab cov tsheb khiav tsis zoo (sab laug kab liab), ces nws loj hlob thaum ib daim ntawv pov thawj tseem ceeb tau hloov (txoj kab). Muaj tawg nyob rau hauv nruab nrab, thaum lwm daim ntawv pov thawj tau hloov, uas ib yam dab tsi kuj depended. Txij li thaum feem ntau txhua yam pom kev txuas ntxiv mus ua haujlwm ntau dua lossis tsawg dua tsis tu ncua (nrog rau qhov tsis zoo ntawm kev coj txawv txawv xws li kev tsis tuaj yeem thauj cov duab ntawm Habrastorage), peb tuaj yeem ua qhov tsis ncaj ncees ntawm cov neeg siv khoom qub qub thiab cov bots ntawm HabrΓ©.
Daim duab 1. Daim duab ntawm "kev tsheb" ntawm HabrΓ©.
Daim duab 2 qhia tau hais tias yuav ua li cas cov saw hlau "lwm" yog tsim nyob rau hauv tam sim no versions ntawm browsers mus rau ib tug ntseeg CA daim ntawv pov thawj nyob rau hauv tus neeg siv lub browser, txawm yog hais tias muaj ib tug "rotten" daim ntawv pov thawj nyob rau hauv cov saw. Qhov no, raws li Sectigo nws tus kheej ntseeg, yog vim li cas tsis ua dab tsi.
Daim duab 2. Chain rau ib daim ntawv pov thawj ntseeg tau rau lub browser niaj hnub version.
Tab sis hauv daim duab 3, koj tuaj yeem pom tias txhua yam zoo li cas thaum muaj qee yam tsis raug thiab peb muaj cov txheej txheem qub txeeg qub teg. Hauv qhov no, kev sib txuas HTTPS tsis tau tsim thiab peb pom qhov yuam kev xws li "certificate validation failed" lossis zoo sib xws.
Daim duab 3. Cov saw hlau tsis raug cai vim tias daim ntawv pov thawj hauv paus thiab qhov nruab nrab kos npe los ntawm nws yog "rotten".
Hauv daim duab 4, peb twb pom "kev daws teeb meem" rau cov txheej txheem qub txeeg qub teg: muaj lwm daim ntawv pov thawj nruab nrab, lossis qhov "hloov kos npe" los ntawm lwm lub CA, uas feem ntau yog preinstalled hauv cov txheej txheem qub qub. Qhov no yog qhov koj yuav tsum tau ua: nrhiav daim ntawv pov thawj no (uas tau cim tias yog Extra download) thiab hloov qhov "rotten" nrog nws.
Daim duab 4. Alternative chain for legacy systems.
Los ntawm txoj kev: qhov teeb meem tsis muaj kev tshaj tawm dav dav thiab qee yam kev sib tham rau pej xeem, suav nrog vim kev khav theeb ntau dhau ntawm Sectigo. Piv txwv li, ntawm no yog qhov kev xav ntawm ib qho ntawm cov chaw muab ntawv pov thawj hauv rau qhov xwm txheej no:
Yav tas los lawv [Sectigo] paub tseeb tias txhua tus yuav tsis muaj teeb meem. Txawm li cas los xij, qhov tseeb yog qee qhov qub servers / khoom siv tau cuam tshuam.
Qhov ntawd yog qhov xwm txheej tsis zoo. Peb tau taw qhia lawv cov kev xav rau AddTrust RSA / ECC ntau zaus hauv ib xyoos thiab txhua zaus Sectigo tau lees tias peb tsis muaj teeb meem.
Kuv tus kheej nug ntawm Stack Overflow txog qhov no ib hlis dhau los, tab sis pom tau tias, cov neeg tuaj saib ntawm qhov project tsis haum rau cov lus nug, yog li kuv yuav tsum tau teb nws tus kheej tom qab kev tshuaj xyuas.
Sectigo Muaj cov FAQ ntawm cov ncauj lus no, tab sis nws yog qhov nyeem tsis tau thiab ntev uas nws siv tsis tau. Ntawm no yog ib daim ntawv qhia uas yog quintessence ntawm tag nrho cov ntawv tshaj tawm:
Yam Koj Yuav Tsum Tau Ua
Rau feem ntau siv cov ntaub ntawv, suav nrog cov ntawv pov thawj pabcuam cov neeg siv khoom niaj hnub lossis cov tshuab server, tsis muaj qhov yuav tsum tau ua, txawm tias koj tau muab daim ntawv pov thawj hla-chained rau hauv paus AddTrust.Raws li lub Plaub Hlis 30, 2020: Rau cov txheej txheem kev lag luam uas nyob ntawm cov txheej txheem qub, Sectigo tau tsim muaj (los ntawm lub neej ntawd hauv daim ntawv pov thawj pob khoom) lub hauv paus qub qub rau kev kos npe hla, "AAA Certificate Services" hauv paus. Txawm li cas los xij, thov siv ceev faj heev txog cov txheej txheem uas nyob ntawm cov txheej txheem qub qub. Cov kab ke uas tsis tau txais qhov hloov tshiab tsim nyog los txhawb cov hauv paus tshiab xws li Sectigo's COMODO cov hauv paus yuav inevitably ploj mus rau lwm yam kev ruaj ntseg tseem ceeb hloov tshiab thiab yuav tsum raug xam tias tsis muaj kev nyab xeeb. Yog tias koj tseem xav hla-kos npe rau AAA Certificate Services hauv paus, thov hu rau Sectigo ncaj qha.
Kuv yeej nyiam qhov "laus heev" thesis, tau kawg. Piv txwv li, curl nyob rau hauv lub console ntawm Ubuntu Linux 18.04 LTS (peb lub hauv paus OS tam sim no) nrog qhov kev hloov tshiab tshiab tsis muaj hnub nyoog tshaj ib hlis, nws nyuaj rau hu qub heev, tab sis nws tsis ua haujlwm.
Feem ntau cov neeg muab ntawv pov thawj tau tshaj tawm lawv cov ntawv txiav txim siab thaum yav tav su ntawm lub Tsib Hlis 30th. Piv txwv li, heev haum nyob rau hauv cov nqe lus technical los ntawm (nrog cov lus piav qhia tshwj xeeb ntawm yuav ua li cas thiab nrog kev npaj ua CA-bundles hauv zip archives, tab sis tsuas yog RSA):
Daim duab 5. Xya kauj ruam los kho tej yam sai sai.
muaj los ntawm Redhat, tab sis muaj ntau thiab ntau Txoj Cai thiab koj yuav tsum tau nruab ib daim ntawv pov thawj tseem ceeb tshaj ntawm Comodo rau txhua yam ua haujlwm.
kev txiav txim siab
Nws yog tsim nyog duplicating qhov kev daws ntawm no thiab. Hauv qab no yog ob txheej ntawm chains rau daim ntawv pov thawj DV Sectigo (tsis yog Comodo!), ib qho rau cov ntawv pov thawj RSA paub, lwm qhov rau cov ntawv pov thawj ECC (ECDSA) tsis tshua paub (peb tau siv ob lub saw ntev ntev). Nrog ECC, nws nyuaj dua, vim tias feem ntau cov kev daws teeb meem tsis suav nrog cov ntawv pov thawj zoo li no vim lawv qhov tsawg dua. Yog li ntawd, daim ntawv pov thawj nruab nrab yuav tsum tau pom nyob rau .
Chain rau daim ntawv pov thawj raws li qhov tseem ceeb algorithm RSA. Sib piv nrog koj cov saw thiab nco ntsoov tias tsuas yog daim ntawv pov thawj qis dua tau hloov, thaum lub sab saud tseem nyob li qub. Kuv paub qhov txawv ntawm lawv hauv tsev los ntawm peb lub cim kawg ntawm base64 blocks, tsis suav cov cim "sib npaug" (hauv qhov no En8= ΠΈ 1+V):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
# Algo: RSA, key size: 2048
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB
# SHA-256 Fingerprint: 7F:A4:FF:68:EC:04:A9:9D:75:28:D5:08:5F:94:90:7F:4D:1D:D1:C5:38:1B:AC:DC:83:2E:D5:C9:60:21:46:76
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Algo: RSA, key size: 4096
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
# SHA-256 Fingerprint: 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----Chain rau daim ntawv pov thawj raws li qhov tseem ceeb algorithm ECC. Ib yam li cov saw hlau rau RSA, tsuas yog daim ntawv pov thawj qis dua tau hloov, thaum lub sab saud tseem zoo li qub (hauv qhov no fmA== ΠΈ v/c=):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Domain Validation Secure Server CA
# Algo: EC secp256r1, key size: 256
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: E8:49:90:CB:9B:F8:E3:AB:0B:CA:E8:A6:49:CB:30:FE:4D:C4:D7:67
# SHA-256 Fingerprint: 61:E9:73:75:E9:F6:DA:98:2F:F5:C1:9E:2F:94:E6:6C:4E:35:B6:83:7C:E3:B9:14:D2:24:5C:7F:5F:65:82:5F
-----BEGIN CERTIFICATE-----
MIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw
MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
D1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xk
IQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8Z
wpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYD
VR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYD
VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz
dEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/
BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVD
Q0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRs
cS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd9
4ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Algo: EC secp384r1, key size: 384
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: CA:77:88:C3:2D:A1:E4:B7:86:3A:4F:B5:7D:00:B5:5D:DA:CB:C7:F9
# SHA-256 Fingerprint: A6:CF:64:DB:B4:C8:D5:FD:19:CE:48:89:60:68:DB:03:B5:33:A8:D1:33:6C:62:56:A8:7D:00:CB:B3:DE:F3:EA
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----Zoo nkauj heev nws. Ua tsaug rau koj mloog.
Tau qhov twg los: www.hab.com