Na Satọde Mee 30, 2020, nsogbu edoghị anya ozugbo bilitere na asambodo SSL/TLS ama ama sitere na onye na-ere ahịa Sectigo (nke bụbu Comodo). Asambodo ndị ahụ n'onwe ha gara n'ihu na-adị n'usoro zuru oke, mana otu n'ime asambodo CA etiti dị n'agbụ e ji enye asambodo ndị a aghọọla rere ure. Ọnọdụ ahụ adịghị egbu egbu, ma ọ dịghị mma: nsụgharị nke ihe nchọgharị ugbu a achọpụtaghị ihe ọ bụla, ma ọtụtụ n'ime akpaaka na ihe nchọgharị ochie / OS adịghị njikere maka ntụgharị dị otú ahụ.
Habr abụghị ihe ọzọ, nke mere e ji dee mmemme mmụta / postmortem a.
TL; DR Ihe ngwọta dị na njedebe.
Ka anyị tufuo echiche bụ isi gbasara PKI, SSL/TLS, https, wdg. Usoro nyocha nke nwere asambodo nchekwa ngalaba nwere iwulite agbụ nke ọtụtụ asambodo ruo nke ihe nchọgharị ma ọ bụ sistemụ arụmọrụ tụkwasịrị obi, nke echekwara na ebe a na-akpọ Ụlọ Ahịa ntụkwasị obi. A na-ekesa ndepụta a na sistemụ arụmọrụ, gburugburu ebe obibi oge, ma ọ bụ ihe nchọgharị. Asambodo ọ bụla nwere ụbọchị ngafe, mgbe nke a gachara, a na-ewere ha enweghị ntụkwasị obi, gụnyere asambodo na ụlọ ahịa ntụkwasị obi. Kedu ka usoro ntụkwasị obi dị ka tupu ụbọchị akara aka? Otu ngwa weebụ ga-enyere anyị aka ịchọpụta ya. sitere na Qualys.
Yabụ, otu n'ime asambodo “azụmahịa” kacha ewu ewu bụ Sectigo Positive SSL (nke a na-akpọbu Comodo Positive SSL, asambodo nwere aha a ka na-eji), ọ bụ asambodo DV. DV bụ ọkwa asambodo kachasị ochie, nke pụtara ịlele ịnweta njikwa ngalaba maka onye na-enye asambodo dị otú ahụ. N'ezie, DV na-anọchi anya "nkwado ngalaba". Maka ntụnye aka: enwekwara OV (nkwado nzukọ) na EV (ntinye agbatịkwuru), yana asambodo efu sitere na Let's Encrypt bụkwa DV. Maka ndị n'ihi ihe ụfọdụ na-enweghị afọ ojuju na usoro ACME, ngwaahịa SSL dị mma bụ nke kachasị mma n'ihe gbasara ọnụahịa / njirimara (akwụkwọ otu ngalaba na-efu ihe dịka $ 5-7 kwa afọ yana ngụkọta akwụkwọ nkwado ruru ihe ruru. Afọ 2 na ọnwa 3).
Ruo n'oge na-adịbeghị anya, e wetara akwụkwọ ikike Sectigo DV (RSA) yana usoro CA nke etiti ndị a:
Certificate #1:
Data:
Version: 3 (0x2)
Serial Number:
7d:5b:51:26:b4:76:ba:11:db:74:16:0b:bc:53:0d:a7
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Validity
Not Before: Nov 2 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2030 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Certificate #2:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification AuthorityEnweghị "akwụkwọ ikike nke atọ", nke ejiri aka ya bịanyere aka na AddTrust AB, ebe ọ bụ na n'oge ụfọdụ, a bịara na-ewere ya dị ka àgwà ọjọọ iji tinye akwụkwọ ntinye aka nke onwe ya na agbụ. Ị nwere ike mara na etiti CA nke UserTrust sitere na AddTrust nyere nwere ụbọchị njedebe nke Mee 30, 2020. Nke a adịghị mfe, ebe ọ bụ na e mere atụmatụ nkwụsịtụ maka CA a. Ekwenyere na ka ọ na-erule Mee 30, 2020, asambodo mbinye aka n'aka UserTrust ga-apụta n'ụlọ ahịa ntụkwasị obi niile n'oge a (n'okpuru mkpuchi ọ bụ otu asambodo, ma ọ bụ kama igodo ọha) na yinye, ọbụlagodi na enwere Agụnyere asambodo atụkwasịghị ntụkwasị obi, ga-enwe ihe owuwu ụzọ ọzọ na ọ nweghị onye ga-ahụ ya. Otú ọ dị, e mebiri atụmatụ ndị ahụ site n'eziokwu, ya bụ okwu na-edoghị anya "usoro ihe nketa". N'ezie, ndị nwe ụdị ihe nchọgharị dị ugbu a ahụghị ihe ọ bụla, mana ugwu nke akpaaka wuru na curl na ụlọ akwụkwọ ssl/tls nke ọtụtụ asụsụ mmemme na mpaghara mkpochapụ koodu mebiri. Ịkwesịrị ịghọta na ọtụtụ ngwaahịa anaghị eduzi ya na ngwa ụlọ arụnyere n'ime OS, mana "buru" ụlọ ahịa ntụkwasị obi ha na ha. Na ha anaghị enwekarị ihe ị ga-achọ ịhụ . Na na Linux, a naghị emelite ngwugwu dịka ca-certificates mgbe niile. N'ikpeazụ, ihe niile yiri ka ọ dị n'usoro, ma ihe anaghị arụ ọrụ ebe a na ebe ahụ.
Site na eserese 1, o doro anya na ọ bụ ezie na ihe ka ọtụtụ n'ime ihe niile dị ka ọ dị na mbụ, n'ihi na ụfọdụ ihe mebiri na okporo ụzọ na-adaba nke ọma (akara uhie ekpe), mgbe ahụ, ọ na-eto mgbe otu n'ime akwụkwọ ntinye akwụkwọ gbanwere (akara aka nri). Enwekwara spikes n'etiti, mgbe a gbanwere asambodo ndị ọzọ, nke ihe dabere na ya. Ebe ọ bụ na ihe ka ọtụtụ n'ime anya na-aga n'ihu na-arụ ọrụ ma ọ bụ na-erughị ala (ewezuga glitches dị iche iche dị ka enweghị ike ibunye foto na Habrastorage), anyị nwere ike nweta nkwubi okwu na-apụtaghị ìhè banyere ọnụọgụ ndị ahịa na bots na Habr.
Ọgụgụ 1. Eserese okporo ụzọ na Habré.
Site na eserese 2, ị nwere ike nyochaa ka esi wuo yinye “ọzọ” n'ụdị ihe nchọgharị ugbu a na asambodo CA ntụkwasị obi na ihe nchọgharị onye ọrụ, ọbụlagodi na enwere asambodo “ere ure” na yinye. Nke a, dị ka Sectigo n'onwe ya kwenyere, bụ kpọmkwem ihe mere na ọ gaghị eme ihe ọ bụla.
Ọgụgụ 2. Chain na akwụkwọ ntụkwasị obi nke ụdị ihe nchọgharị ọgbara ọhụrụ.
Mana na eserese 3 ị nwere ike ịhụ ka ihe niile si dị n'ezie mgbe ihe na-aga nke ọma na anyị nwere usoro ihe nketa. N'okwu a, anaghị eguzobe njikọ HTTPS ma anyị na-ahụ mperi dị ka "ntinye asambodo dara" ma ọ bụ yiri ya.
Ọgụgụ 3. The yinye e invalidated n'ihi na mgbọrọgwụ akwụkwọ na intermediate akwụkwọ bịanyere aka na ya bụ "ire ure."
Na eserese 4, anyị ahụlarị “ihe ngwọta” maka sistemụ nketa: enwere asambodo etiti ọzọ, ma ọ bụ kama “mbinye aka n'ofe” sitere na CA ọzọ, nke a na-ebunye ya ụzọ na sistemụ nketa. Nke a bụ ihe ị ga - eme: chọta asambodo a (nke akara dị ka nbudata Extra) wee jiri ya dochie “ere ure” nke ahụ.
Ọgụgụ 4. Agbụ ọzọ maka sistemu nketa.
Site n'ụzọ: nsogbu ahụ enweghị mgbasa ozi zuru oke ma ọ bụ mkparịta ụka ọhaneze ọ bụla, gụnyere n'ihi oke mpako nke Sectigo. Ebe a, dịka ọmụmaatụ, bụ echiche nke otu n'ime ndị na-eweta asambodo n'ọnọdụ a:
Na mbụ ha [Sectigo] onye ọ bụla na-emesi obi ike na ọ gaghị enwe nsogbu. Agbanyeghị, nke bụ eziokwu bụ na a na-emetụta ụfọdụ sava/ngwaọrụ.
Nke ahụ bụ ọnọdụ mkparị. Anyị rụtụrụ aka ha na AddTrust RSA/ECC na-ekubi ume ọtụtụ oge n'ime otu afọ na oge ọ bụla Sectigo mesiri anyị obi ike na ọ nweghị nsogbu ga-abụ.
Ajụrụ m n'onwe m na Stack Overflow ihe dị ka otu ọnwa gara aga, mana o doro anya, ndị na-ege ntị nke ọrụ ahụ adabaghị maka ajụjụ ndị dị otú ahụ, n'ihi ya, aghaghị m ịza ya n'onwe m mgbe nyochachara.
Ngalaba Enwere ajụjụ gbasara nke a, mana enweghị ike ịgụ ya na ogologo nke na ọ gaghị ekwe omume iji. Nke a bụ nhota okwu bụ isi n'akwụkwọ ahụ dum:
Ihe I Kwesịrị Ime
N'ihi na ọtụtụ ojiji, gụnyere asambodo na-ejere ndị ahịa ọgbara ọhụrụ ma ọ bụ sistemụ ihe nkesa ozi, ọ dịghị ihe a chọrọ, ma ị nyela asambodo cross-chained na mgbọrọgwụ AddTrust.Ka ọnwa Eprel 30, 2020 gachara: N'ihi na azụmahịa Filiks na-adabere nnọọ ochie usoro, Sectigo ka dị (site ndabara na akwụkwọ bundles) ọhụrụ ketara mgbọrọgwụ maka cross-ịbanye, na "AAA Asambodo Services" mgbọrọgwụ. Agbanyeghị, biko kpachapụ anya nke ukwuu maka usoro ọ bụla dabere na sistemụ ihe nketa ochie. Sistemu na-anatabeghị mmelite ndị dị mkpa iji kwado mgbọrọgwụ ọhụrụ dịka mgbọrọgwụ Sectigo's COMODO ga-efunahụ mmelite nchekwa ndị ọzọ dị mkpa na ekwesịrị iwere ya enweghị nchekwa. Ọ bụrụ na ị ka ga-achọ ịgafe banye na mgbọrọgwụ Ọrụ Asambodo AAA, biko kpọtụrụ Sectigo ozugbo.
Enwere m mmasị na tesis "kachiela ochie", n'ezie. Dịka ọmụmaatụ, curl na console nke Ubuntu Linux 18.04 LTS (Os isi anyị ugbu a) yana mmelite kachasị ọhụrụ na-erughị otu ọnwa enweghị ike ịkpọ ya ochie, mana ọ naghị arụ ọrụ.
Ọtụtụ ndị na-ekesa asambodo wepụtara ndetu mkpebi ha n'ime ehihie Mee 30th. Ka ihe atụ, nnọọ technically adabara si (ya na nkọwa akọwapụtara nke ihe ị ga-eme yana iji CA-bundles emebere na ebe nchekwa zip, mana naanị RSA):
Ọgụgụ 5. Nzọụkwụ asaa iji dozie ihe niile ngwa ngwa.
E nwere site na Redhat, mana ihe niile bụ ihe nketa na ịkwesịrị ịwụnye akwụkwọ ikike mgbọrọgwụ sitere na Comodo ka ihe niile rụọ ọrụ.
mkpebi
Ọ bara uru ịmegharị ihe ngwọta ebe a. N'okpuru bụ ụdọ asambodo abụọ DV Sectigo (ọ bụghị Comodo!), Otu maka asambodo RSA na-emebu, nke ọzọ maka asambodo ECC (ECDSA) amachaghị nke ọma (anyị na-eji agbụ abụọ eme ogologo oge). Na ECC ọ bụ ihe siri ike karị, ebe ọ bụ na ọtụtụ ngwọta adịghị echebara ọnụnọ nke asambodo dị otú ahụ n'ihi na ha dị ala. N'ihi ya, ahụrụ asambodo etiti achọrọ na .
Chain maka asambodo dabere na algọridim isi RSA. Tulee ya na agbụ gị wee mara na ọ bụ naanị asambodo ala ka edochiri, ebe nke elu ka dị otu. M na-ekewa ha na ọnọdụ kwa ụbọchị site na mkpụrụedemede atọ ikpeazụ nke base64 blocks, na-agụghị akara "nha" (na nke a). En8= и 1+V):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
# Algo: RSA, key size: 2048
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB
# SHA-256 Fingerprint: 7F:A4:FF:68:EC:04:A9:9D:75:28:D5:08:5F:94:90:7F:4D:1D:D1:C5:38:1B:AC:DC:83:2E:D5:C9:60:21:46:76
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Algo: RSA, key size: 4096
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
# SHA-256 Fingerprint: 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----Chain maka asambodo dabere na algọridim isi ECC. N'otu aka ahụ na yinye maka RSA, ọ bụ naanị akwụkwọ dị ala ka edochiri, na nke elu ka dị otu (na nke a fmA== и v/c=):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Domain Validation Secure Server CA
# Algo: EC secp256r1, key size: 256
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: E8:49:90:CB:9B:F8:E3:AB:0B:CA:E8:A6:49:CB:30:FE:4D:C4:D7:67
# SHA-256 Fingerprint: 61:E9:73:75:E9:F6:DA:98:2F:F5:C1:9E:2F:94:E6:6C:4E:35:B6:83:7C:E3:B9:14:D2:24:5C:7F:5F:65:82:5F
-----BEGIN CERTIFICATE-----
MIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw
MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
D1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xk
IQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8Z
wpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYD
VR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYD
VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz
dEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/
BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVD
Q0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRs
cS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd9
4ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Algo: EC secp384r1, key size: 384
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: CA:77:88:C3:2D:A1:E4:B7:86:3A:4F:B5:7D:00:B5:5D:DA:CB:C7:F9
# SHA-256 Fingerprint: A6:CF:64:DB:B4:C8:D5:FD:19:CE:48:89:60:68:DB:03:B5:33:A8:D1:33:6C:62:56:A8:7D:00:CB:B3:DE:F3:EA
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----Nke ahụ mara mma nke ukwuu. Daalụ maka itinye uche gị.
isi: www.habr.com
