Cia's Encrypt yog lub zej zog tswj tsis tau nyiaj txiag daim ntawv pov thawj txoj cai uas muab daim ntawv pov thawj pub dawb rau txhua tus. hais txog kev tshem tawm ntawm ntau daim ntawv pov thawj TLS/SSL yav dhau los. Ntawm 116 lab tam sim no siv tau Let's Encrypt daim ntawv pov thawj, me ntsis ntau dua 3 lab (2.6%) yuav raug tshem tawm, ntawm uas kwv yees li 1 lab yog duplicates khi rau tib lub npe (qhov yuam kev feem ntau cuam tshuam cov ntawv pov thawj uas tau hloov kho ntau zaus, uas yog vim li cas thiaj muaj ntau qhov sib npaug). Kev xa rov qab tau teem rau lub Peb Hlis 4 (lub sijhawm tiag tiag tseem tsis tau txiav txim siab, tab sis kev rov qab yuav tsis tshwm sim txog 3 teev sawv ntxov MSK).
Qhov kev xav tau rov qab los yog vim qhov kev tshawb pom thaum Lub Ob Hlis 29 . Qhov teeb meem tau tshwm sim txij thaum Lub Xya Hli 25, 2019 thiab cuam tshuam rau lub kaw lus rau kev tshuaj xyuas CAA cov ntaub ntawv hauv DNS. CAA Record (, Certificate Authority Authorization) tso cai rau tus tswv sau npe qhia meej meej txog txoj cai pov thawj los ntawm cov ntawv pov thawj tuaj yeem tsim tawm rau lub npe sau. Yog tias CA tsis tau teev nyob rau hauv CAA cov ntaub ntawv, nws yuav tsum thaiv qhov kev tshaj tawm daim ntawv pov thawj rau ib tus neeg sau npe thiab qhia rau tus tswv sau npe txog kev sim cuam tshuam. Feem ntau, daim ntawv pov thawj raug thov tam sim tom qab dhau CAA daim tshev, tab sis qhov txiaj ntsig ntawm daim tshev raug suav tias siv tau rau lwm 30 hnub. Cov kev cai tseem xav kom rov xyuas dua kom tsis pub dhau 8 teev ua ntej tshaj tawm daim ntawv pov thawj tshiab (piv txwv li, yog tias 8 teev dhau los txij li qhov kev tshuaj xyuas zaum kawg thaum thov daim ntawv pov thawj tshiab, yuav tsum tau rov kuaj xyuas dua).
Qhov yuam kev tshwm sim yog tias daim ntawv thov daim ntawv pov thawj npog ntau lub npe sau npe ib zaug, txhua qhov yuav tsum tau kuaj xyuas CAA. Lub ntsiab lus ntawm qhov yuam kev yog tias thaum lub sijhawm rov kuaj xyuas, es tsis txhob siv tau tag nrho cov npe, tsuas yog ib qho ntawm cov npe tau rov kuaj xyuas dua (yog tias qhov kev thov muaj N domains, es tsis yog N txawv cov tshev, ib lub npe tau kuaj xyuas N. lub sijhawm). Rau qhov tseem tshuav, daim tshev thib ob tsis tau ua thiab cov ntaub ntawv los ntawm thawj daim tshev raug siv thaum txiav txim siab (piv txwv li, cov ntaub ntawv uas muaj hnub nyoog txog 30 hnub tau siv). Yog li ntawd, tsis pub dhau 30 hnub tom qab thawj qhov kev pov thawj, Cia's Encrypt tuaj yeem muab daim ntawv pov thawj txawm tias tus nqi ntawm CAA cov ntaub ntawv tau hloov pauv thiab Cia's Encrypt raug tshem tawm ntawm daim ntawv teev npe CAs.
Cov neeg siv cuam tshuam raug ceeb toom los ntawm email yog tias cov ntaub ntawv tiv tauj tau sau rau thaum tau txais daim ntawv pov thawj. Koj tuaj yeem tshawb xyuas koj daim ntawv pov thawj los ntawm kev rub tawm serial tooj ntawm tshem tawm daim ntawv pov thawj los yog siv (nyob ntawm tus IP chaw nyob, nyob rau hauv Russia los ntawm Roskomnadzor). Koj tuaj yeem nrhiav tau tus lej xov tooj ntawm daim ntawv pov thawj rau qhov kev txaus siab uas siv cov lus txib:
openssl s_client -connect example.com: 443 -showcerts /dev/null\
| openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d:
Tau qhov twg los: opennet.ru