ä¿¡é Œã®é£éã CC BY-SA 4.0
SSL ãã©ãã£ãã¯æ€æ» (SSL/TLS 埩å·åãSSL ãŸã㯠DPI åæ) ã¯ãäŒæ¥éšéã§ãŸããŸãããããªè©±é¡ã«ãªã£ãŠããŸãã ãã©ãã£ãã¯ã埩å·åãããšããèãã¯ãæå·åã®æŠå¿µãã®ãã®ãšççŸããŠããããã«æããŸãã ããããäºå®ã¯äºå®ã§ããDPI ãã¯ãããžã䜿çšããäŒæ¥ãå¢ããŠããŸããããã¯ããã«ãŠã§ã¢ãããŒã¿æŒæŽ©ãªã©ã®ã³ã³ãã³ãããã§ãã¯ããå¿ èŠæ§ã«ãã£ãŠèª¬æãããŠããŸãã
ããã§ããããã®ãããªãã¯ãããžãŒãå®è£ ããå¿ èŠããããšããäºå®ãåãå ¥ããã®ã§ããã°ãå°ãªããšãå¯èœãªéãæãå®å šã§æãé©åã«ç®¡çãããæ¹æ³ã§å®è£ ããæ¹æ³ãæ€èšããå¿ èŠããããŸãã å°ãªããšããããšãã° DPI ã·ã¹ãã ãµãã©ã€ã€ãŒãæäŸãã蚌ææžãªã©ã«ã¯äŸåããªãã§ãã ããã
å®è£
ã«ã¯èª°ããç¥ããªãåŽé¢ã XNUMX ã€ãããŸãã å®éããã®è©±ãèããŠé©ã人ãå€ãã§ãããã ããã¯æ°éã®èªèšŒå± (CA) ã§ãã ãã©ãã£ãã¯ã埩å·åããã³åæå·åããããã®èšŒææžãçæããŸãã
èªå·±çœ²å蚌ææžã DPI ããã€ã¹ããã®èšŒææžã«äŸåãã代ããã«ãGlobalSign ãªã©ã®ãµãŒãããŒãã£èªèšŒå±ã®å°çš CA ã䜿çšã§ããŸãã ããããã®åã«ãåé¡èªäœã®æŠèŠãå°ã説æããŸãããã
SSL ã€ã³ã¹ãã¯ã·ã§ã³ãšã¯äœã§ãã?ãªã䜿çšãããã®ã§ãã?
HTTPS ã«ç§»è¡ããå
¬é Web ãµã€ãããŸããŸãå¢ããŠããŸãã ããšãã°ã次ã®ããã«
æ®å¿µãªããšã«ãç¹ã« Let's Encrypt ãèªååãããæ¹æ³ã§æ°åã®ç¡æ SSL 蚌ææžãé åžããŠããããããã©ãã£ãã¯æå·åã¯æ»æè ã«ãã£ãŠäœ¿çšãããããšãå¢ããŠããŸãã ãããã£ãŠãHTTPS ã¯ããããå Žæã§äœ¿çšããããã©ãŠã¶ã®ã¢ãã¬ã¹ ããŒã®å京é ã¯ã»ãã¥ãªãã£ã®ä¿¡é Œã§ããææšãšããŠæ©èœããªããªããŸããã
DPI ãœãªã¥ãŒã·ã§ã³ã®ã¡ãŒã«ãŒã¯ã次ã®ãããªç«å Žããèªç€Ÿè£œåã宣äŒããŠããŸãã ãããã¯ãšã³ã ãŠãŒã¶ãŒ (Web ãé²èŠ§ããŠããåŸæ¥å¡ãªã©) ãšã€ã³ã¿ãŒãããã®éã«åã蟌ãŸããæªæã®ãããã©ãã£ãã¯ããã£ã«ã¿ãŒã§æé€ããŸãã çŸåšããã®ãããªè£œåãå€æ°åžå Žã«åºåã£ãŠããŸãããããã»ã¹ã¯åºæ¬çã«åãã§ãã HTTPS ãã©ãã£ãã¯ã¯æ€æ»ããã€ã¹ãééããããã§åŸ©å·åããããã«ãŠã§ã¢ããªãããã§ãã¯ãããŸãã
æ€èšŒãå®äºãããšãããã€ã¹ã¯ãšã³ãã¯ã©ã€ã¢ã³ããšã®æ°ãã SSL ã»ãã·ã§ã³ãäœæããã³ã³ãã³ãã埩å·åããŠåæå·åããŸãã
埩å·å/åæå·åããã»ã¹ã®ä»çµã¿
SSL æ€æ»ã¢ãã©ã€ã¢ã³ã¹ããã±ããããšã³ã ãŠãŒã¶ã«éä¿¡ããåã«åŸ©å·åããŠåæå·åããã«ã¯ããªã³ã¶ãã©ã€ã§ SSL 蚌ææžãçºè¡ã§ããå¿ èŠããããŸãã ããã¯ãCA 蚌ææžãã€ã³ã¹ããŒã«ãããŠããå¿ èŠãããããšãæå³ããŸãã
äŒæ¥ (ãŸãã¯äžéè ) ã«ãšã£ãŠããããã® SSL 蚌ææžããã©ãŠã¶ãŒã«ãã£ãŠä¿¡é Œããã (ã€ãŸãã以äžã®ãããªæãããèŠåã¡ãã»ãŒãžã衚瀺ãããªã) ããšãéèŠã§ãã ãããã£ãŠãCA ãã§ãŒã³ (ãŸãã¯éå±€) ã¯ãã©ãŠã¶ãŒã®ãã©ã¹ã ã¹ãã¢å ã«ååšããå¿ èŠããããŸãã ãããã®èšŒææžã¯å ¬çã«ä¿¡é ŒãããèªèšŒå±ããçºè¡ããããã®ã§ã¯ãªããããCA éå±€ããã¹ãŠã®ãšã³ã ã¯ã©ã€ã¢ã³ãã«æåã§é åžããå¿ èŠããããŸãã
Chrome ã®èªå·±çœ²å蚌ææžã«é¢ããèŠåã¡ãã»ãŒãžã ãœãŒã¹ïŒ
Windows ã³ã³ãã¥ãŒã¿ã§ã¯ãActive Directory ãšã°ã«ãŒã ããªã·ãŒã䜿çšã§ããŸãããã¢ãã€ã« ããã€ã¹ã®å Žåãæé ã¯ããè€éã§ãã
äŒæ¥ç°å¢ã§ãMicrosoft ã®èšŒææžã OpenSSL ããŒã¹ã®èšŒææžãªã©ãä»ã®ã«ãŒã蚌ææžããµããŒãããå¿ èŠãããå Žåãç¶æ³ã¯ããã«è€éã«ãªããŸãã ããã«ãç§å¯ããŒã®ä¿è·ãšç®¡çã«ãããããŒãäºæããæéåãã«ãªãããšããªããªããŸãã
æè¯ã®ãªãã·ã§ã³: ãµãŒãããŒã㣠CA ããã®ãã©ã€ããŒãã®å°çšã«ãŒã蚌ææž
è€æ°ã®ã«ãŒã蚌ææžãŸãã¯èªå·±çœ²å蚌ææžã®ç®¡çã«é åããªãå Žåã¯ããµãŒãããŒã㣠CA ã«äŸåãããšããå¥ã®ãªãã·ã§ã³ããããŸãã ãã®å Žåã蚌ææžã¯æ¬¡ããçºè¡ãããŸãã ãã©ã€ããŒã äŒæ¥å°çšã«äœæãããå°çšã®ãã©ã€ããŒã ã«ãŒã CA ã«ä¿¡é Œã®ãã§ãŒã³ã§ãªã³ã¯ãããŠãã CAã
å°çšã¯ã©ã€ã¢ã³ãã«ãŒã蚌ææžã®ç°¡çŽ åãããã¢ãŒããã¯ãã£
ãã®èšå®ã«ãããåè¿°ã®åé¡ã®äžéšã解æ¶ãããŸããå°ãªããšãã管çããå¿ èŠãããã«ãŒãã®æ°ãæžããŸãã ããã§ã¯ãä»»æã®æ°ã®äžé CA ã䜿çšããŠããã¹ãŠã®å éš PKI ããŒãºã«å¯Ÿã㊠XNUMX ã€ã®ãã©ã€ããŒã ã«ãŒãèªèšŒå±ã ãã䜿çšã§ããŸãã ããšãã°ãäžã®å³ã¯ãäžé CA ã® XNUMX ã€ã SSL æ€èšŒ/埩å·åã«äœ¿çšããããã XNUMX ã€ãå éšã³ã³ãã¥ãŒã¿ (ã©ãããããããµãŒããŒããã¹ã¯ããããªã©) ã«äœ¿çšããããã«ãã¬ãã«éå±€ã瀺ããŠããŸãã
ãã®èšèšã§ã¯ããããã¬ãã«ã® CA ã GlobalSign ã«ãã£ãŠãã¹ããããããããã¹ãŠã®ã¯ã©ã€ã¢ã³ã㧠CA ããã¹ãããå¿ èŠã¯ãããŸãããããã«ãããç§å¯ããŒã®ä¿è·ãšæå¹æéã®åé¡ã解決ãããŸãã
ãã®ã¢ãããŒãã®ãã XNUMX ã€ã®å©ç¹ã¯ãçç±ãåãã SSL æ€æ»æš©éãåãæ¶ãããšãã§ããããšã§ãã 代ããã«ãå ã®ãã©ã€ããŒã ã«ãŒãã«é¢é£ä»ããããæ°ããã«ãŒããäœæãããã ãã§ãããã«äœ¿çšã§ããŸãã
ããããè«äºã«ãããããããäŒæ¥ã¯ç€Ÿå ãŸãã¯ãã©ã€ããŒã PKI ã€ã³ãã©ã¹ãã©ã¯ãã£ã®äžéšãšã㊠SSL ãã©ãã£ãã¯æ€æ»ãå°å ¥ããããšãå¢ããŠããŸãã ãã©ã€ããŒã PKI ã®ãã®ä»ã®çšéã«ã¯ãããã€ã¹ãŸãã¯ãŠãŒã¶ãŒèªèšŒçšã®èšŒææžã®çºè¡ãå éšãµãŒããŒçšã® SSLãããã³ CA/ãã©ãŠã¶ ãã©ãŒã©ã ã§èŠæ±ãããŠããä¿¡é Œã§ãããããªãã¯èšŒææžã§ã¯èš±å¯ãããŠããªãããŸããŸãªæ§æãå«ãŸããŸãã
ãã©ãŠã¶ãåæäž
ãã©ãŠã¶éçºè
ã¯ãã®åŸåã«å¯Ÿæãããšã³ããŠãŒã¶ãŒã MiTM ããä¿è·ããããšããŠããããšã«æ³šæããŠãã ããã ããšãã°ãæ°æ¥åãMozilla
é¡äŒŒäŒç»ã«ã€ã㊠10幎2019æXNUMXæ¥
ç»é²ãŠãŒã¶ãŒã®ã¿ãã¢ã³ã±ãŒãã«åå ã§ããŸãã
äŒæ¥ã«ã¯åŸæ¥å¡ã® SSL ãã©ãã£ãã¯ãæ€æ»ããæš©å©ããããšæããŸãã?
-
ã¯ããåæãåŸãäžã§
-
ãããããã®ãããªåæãæ±ããããšã¯éæ³ããã³/ãŸãã¯éå«ççã§ã
122 人ã®ãŠãŒã¶ãŒãæ祚ããŸããã 15åã®ãŠãŒã¶ãŒãæ£æš©ããã
åºæïŒ habr.com