30 áá¯ááŸá Ạáá±á 2020 ááẠá áá±áá±á·ááœááºá áá±á¬ááºážáá»áá° Sectigo (áááẠComodo) á០áá¬áááºááŒá®áž SSL/TLS áááºááŸááºáá»á¬ážááŸáá·áº áá»ááºáá»ááºážáááŸááºážááááºážáá±á¬ ááŒá¿áá¬áá áºáᯠáá±á«áºáá±á«ááºáá²á·áááºá áááºááŸááºáá»á¬ážááẠááŒá®ážááŒáá·áºá á¯á¶áá±á¬ á¡á á®á¡á á¥áºá¡ááá¯ááºáž áááºáááºáááºááŸááá±áá±á¬áºáááºážá á€áááºááŸááºáá»á¬ážááᯠáá±ážáá±á¬ááºááá·áº ááœááºážáááºáá»á¬ážááŸá á¡áááºá¡ááẠCA áááºááŸááºáá»á¬ážáá²á០áá áºáá¯ááẠáá¯ááºááœá¬ážáá«áááºá á¡ááŒá±á¡áá±á ááá¯ážáá«ážáááºááá¯á· áááá¯ááá¯áá±ááá·áº áááŸá áºááŒáá¯á·ááœááºáá«áá²á áááºááŸá ááá±á¬ááºáá¬ááœá±áá²á· áá¬ážááŸááºážááœá±á áá¬ááá¯á០áááááá¬ážáááá±ááá·áºá á¡ááá¯á¡áá»á±á¬ááºá áá áºáá²á· ááá±á¬ááºáá¬/OS á¡áá±á¬ááºážá¡áá»á¬ážá á¯áᬠáá®ááá¯á¡ááŸáá·áºá¡ááŒá±á¬ááºážá¡ááœáẠá¡áááºááá·áºáááŒá áºáá±ážáá«áá°ážá
Habr ááẠááŒáœááºážáá»ááºááá¯ááºáá±á¬ááŒá±á¬áá·áº á€ááá¬áá±ážáááá¯áááẠ/ á¡áá±á¬ááºážááœá²á áááºáá¯áááŸá¯ááᯠáá±ážáá¬ážáááŒááºážááŒá áºáá«áááºá
TL; DR á¡áá¯á¶ážááŸá¬ ááŒá±ááŸááºážáá»ááºá
PKIá SSL/TLSá https ááŸáá·áº á¡ááŒá¬ážá¡áá¬áá»á¬ážá¡ááŒá±á¬ááºáž á¡ááŒá±áá¶áá®á¡áá¯áá®ááᯠáá»á±á¬áºááœá¬ážááŒáá«á
áá¯á·á ááá¯ááááºážáá¯á¶ááŒá¯á¶áá±ážáááºááŸááºááŒáá·áº á
á
áºááŸááºááŒá±á¬ááºážá¡áá±á¬ááºá¡áá¬ážááŒááŒááºážá á
ááºááŒááºááẠTrust Store áá¯áá±á«áºááœááºáá±á¬ ááá±á¬ááºáᬠááá¯á·ááá¯áẠáááºáááºááŸá¯á
áá
áºá០áá¯á¶ááŒááºá
áááºáá»ááá°áá»á¬ážáá²á០áá
áºáŠážáá¶ááá¯á· áááºááŸááºá¡áá»á¬ážá¡ááŒá¬ážáááœááºážáááºáá
áºáá¯ááᯠáááºáá±á¬ááºáááºááŒá
áºáááºá á€á
á¬áááºážááᯠáááºáááºááŸá¯á
áá
áºá áá¯ááºááœáá·áºáá»ááẠáá±áá
áá
Ạááá¯á·ááá¯áẠááá±á¬ááºáá¬ááŒáá·áº ááŒáá·áºáá±áá¬ážáááºá áá¯á¶ááŒááºá
áááºáá»ááá±á¬á
ááá¯ážááá¯ááºááŸá áááºááŸááºáá»á¬ážá¡áá«á¡ááẠáááºážááá¯á·ááᯠááá¯á¶ááŒááºáá¯áá°áááá·áº áááºááŸááºáá»á¬áž ááœáẠáááºáááºážáá¯ááºáá¯á¶ážáááºáá
áºáá¯ááŸááááºá áá¶ááŒáá¹áá¬áá±á·áááá¯ááºáááºááŸá¬ áá¯á¶ááŒááºááŸá¯ááœááºážáááºá áááºááá¯ááŸáááá²á áááºá¡áá¯á¶ážá¡áá±á¬ááºáá
áºáá¯á áááºážááᯠá¡ááŒá±ááŸá¬áá¬ááœáẠáá°áá®áá±ážáá«áááºá
ááá¯á·ááŒá±á¬áá·áºá áá°ááŒáá¯ááºá¡áá»á¬ážáá¯á¶áž "áá°ážáááºážáá±á¬ááºážáááºáá±áž" áááºááŸááºáá»á¬ážáá²á០áá áºáá¯ááẠSectigo Positive SSL (áááẠComodo Positive SSLá á€á¡áááºááŒáá·áº á¡áá¯á¶ážááŒá¯áá²) áááºááŸááºáá»á¬ážááẠáááºážááᯠDV-certificate áá¯áá±á«áºáááºá DV ááẠáááºááŸááºáá¯ááºáá±ážáá°á០ááá¯ááááºážá á®áá¶ááá·áºááœá²ááŸá¯ááá¯á· áááºáá±á¬ááºááœáá·áºááᯠá¡áááºááŒá¯ááŒááºážááŒá áºáááºáᯠááá¯ááá¯áááºááŸá¬ á¡ááá¡ááŸááºááŒá¯áááºááŸááºá á¡ááŒá±áá¶á¡áá»áá¯á¶ážá¡ááá·áºááŒá áºáááºá ááááºáá±á¬á· DV ááẠ"domain validation" ááᯠááá¯ááºá á¬ážááŒá¯áááºá á¡ááá¯ážá¡áá¬ážá¡ááœááº- OV (á¡ááœá²á·á¡á ááºážááá¬ážáááºá¡áááºááŒá¯áá»ááº) ááŸáá·áº EV (ááá¯ážáá»á²á·á¡áááºááŒá¯áá»ááº) ááá¯á·áááºážááŸáááŒá®áž Let's Encrypt á០á¡ááá²á·á¡ááá¡ááŸááºááŒá¯áááºááŸááºááŸá¬áááºáž DV ááŒá áºáááºá á¡ááŒá±á¬ááºážáá áºáá¯áá¯ááŒá±á¬áá·áº ACME ááá¹ááá¬ážááᯠááá»á±áááºáá°áá»á¬ážá¡ááœááºá Positive SSL áá¯ááºáá¯ááºááẠá á»á±ážááŸá¯ááºáž/á¡ááºá¹áá«áááºáá»á¬ážááŸáá·áº áááºáááºá á¡ááá·áºáá»á±á¬áºáá¯á¶ážááŒá áºááẠ(ááá¯ááááºážáá áºáá¯áááºážá០áááºááŸááºáá áºáá¯ááẠá á¯á á¯áá±á«ááºážáááºááŸááºááá¬ážáááºáá¬áá¡áá áá áºááŸá áºáá»áŸáẠ5-7 áá±á«áºáá¬ááá·áº áá¯ááºáá»áááºá á ááŸá Ạá áá¡áá)á
Sectigo DV Generic Certificate (RSA) ááẠá€á¡áááºá¡ááẠCA ááœááºážáááºáá»á¬ážááŸáá·áºá¡áá° áááŒá¬áá±ážáá®á áá±á¬ááºááŸááá¬áá²á·áááº-
Certificate #1:
Data:
Version: 3 (0x2)
Serial Number:
7d:5b:51:26:b4:76:ba:11:db:74:16:0b:bc:53:0d:a7
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Validity
Not Before: Nov 2 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2030 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Certificate #2:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
AddTrust AB á០ááá¯ááºááá¯ááºáááºááŸááºááá¯ážáá¬ážááá·áº "áááááááºááŸááº" áááŸááá«á áá
áºáá»áááºáá»áááºááœáẠáááºážááẠááœááºážáááºáá»á¬ážááœáẠááá¯ááºááá¯ááºáá±ážááá¯ážáá¬ážáá±á¬ root áááºááŸááºáá»á¬ážááᯠááá·áºááœááºážááẠááá±á¬ááºážáá²á·á¡áá°á¡áá»áá·áºáá»á¬ážá¡ááŒá
Ạáá°ááá¬áá±á¬ááŒá±á¬áá·áºááŒá
áºáááºá AddTrust á UserTrust ááŸáá¯ááºáá±ážáá±á¬ á¡áááºá¡ááẠCA ááẠ30 áá¯ááŸá
áºá áá±á 2020 áááºáá±á·á áááºáááºážáá¯ááºáá¯á¶ážáááºááŒá
áºááŒá±á¬ááºáž áááááŒá¯áá«á ဠCA á¡ááœáẠáá»ááºááááºážáá±áž áá¯ááºáááºážá
ááºááᯠá
á®á
ááºáá¬ážáá±á¬ááŒá±á¬áá·áº áááºážááẠáááœááºáá°áá«á 30 áá¯ááŸá
Ạáá±á 2020 áááºáá±á·ááœáẠUserTrust á០á¡ááŒááºá¡ááŸááºáááºááŸááºááá¯ážáá¬ážáá±á¬ áááºááŸááºááẠááá¯á¡áá»áááºááœáẠáá¯á¶ááŒááºá
áááºáá»ááá±á¬á
ááá¯ážááá¯ááºáá»á¬ážá¡á¬ážáá¯á¶ážááœáẠ(á¡áá¯á¶ážá¡á±á¬ááºááœááºá á€áááºááŸá¬ áá°áá®áá±á¬áááºááŸááºááŒá
áºáááºá ááá¯á·ááá¯áẠá¡áá»á¬ážáá°ááŸá¬áá±á¬á·áá
áºáá¯) ááŸáá·áº ááœááºážáááºááŸáá·áºáááºá ááá¯á¶ááŒááºááá±á¬ áááºááŸááºáá«ááŸáááŒá®ážá á¡ááŒá¬ážááœá±ážáá»ááºá
áᬠáááºážááŒá±á¬ááºážáá»á¬áž áááºáá±á¬ááºááŒááºáž ááŸááááºááᯠáááºáá°áá»áŸ áááááŒá¯áááááºááá¯ááºáá«á ááá¯á·áá±á¬áºá á
á®áá¶áá»ááºáá»á¬ážááẠááŸááºáá»á¬ážáá±á¬á¡áá¯á¶ážá¡ááŸá¯ááºážááŒá
áºáá±á¬ "á¡ááœá±á
áá
áºáá»á¬áž" ááẠáááºááœá±á·ááœáẠáá»ááºááœá¬ážáá²á·áááºá á¡ááŸááºááááºáááºá áááºááŸáááá±á¬ááºáá¬áá»á¬ážá áááºááŸááá¬ážááŸááºážááá¯ááºááŸááºáá»á¬ážááẠáááºááá·áºá¡áá¬ááá¯áá»áŸ ááááááŒá¯áááá²á ááá¯á·áá±á¬áºá áááá¯ááááºážáááºážáá¬áá¬á
áá¬ážáá»á¬ážááŸáá·áº áá¯ááºáá¯ááºáá±á¬ááºááŸá¯áááºáááºážáá»ááºáá»á¬ážá
áœá¬á curl ááŸáá·áº ssl/tls á
á¬ááŒáá·áºááá¯ááºáá»á¬ážáá±á«áºááœáẠáááºáá±á¬ááºáá¬ážáá±á¬ á¡ááá¯á¡áá»á±á¬ááºá
áá
áºááá±á¬ááºááẠáá»ááºááœá¬ážáá²á·áááºá OS ááœáẠáááºáá±á¬ááºáá¬ážáá±á¬ ááœááºážáááºáááºáá±á¬ááºáá±ážáááááá¬áá»á¬ážá áá¯ááºáá¯ááºáá»á¬ážá
áœá¬ááᯠáááºážááœáŸááºááŒááºážáááŸááá±á¬áºáááºáž áááºážááá¯á·ááá¯á¶ááŒááºááŸá¯á
ááá¯ážááᯠáááºážááá¯á·ááŸáá·áºá¡áá° âáááºáá±á¬ááºâ áá¬ážááŒá±á¬ááºáž áá¬ážáááºáá¬ážááá·áºáááºá ááŒá®ážáá±á¬á· áá°ááá¯á·ááŒááºáá»ááºáá²á·á¡áá¬ááᯠá¡ááŒá²ááá«áááºáá«áá°ážá
áá¯á¶ 1 ááŸá á¡áá»á¬ážá á¯á¡ááœáẠá¡áá¬á¡á¬ážáá¯á¶ážááẠáá¯á¶ááŸááºááŒá áºáá±áá±á¬áºáááºážá áá áºá á¯á¶áá áºáŠážá¡ááœáẠáá áºá á¯á¶áá áºáᬠááŒááºáá±á¬ááºááœá¬ážááŒá®áž á¡ááœá¬ážá¡áᬠáááááá¬áᬠáá»áááºážááœá¬ážááẠ(áááºá¡áá®ááá¯ááºáž)á ááá¯á·áá±á¬áẠáá±á¬á·áááºááŸááºáá»á¬ážáá²á០áá áºáá¯ááᯠá¡á á¬ážááá¯ážááá¯ááºáá±á¬á¡áá«ááœáẠááá¯ážáá¬ááŒá±á¬ááºáž ááŸááºážááŸááºážáááºážáááºáž áááá¬áá«áááºá á¡ááŒá¬áž áááºááŸááºáá»á¬áž ááŒá±á¬ááºážáá²ááœá¬ážáá±á¬á¡áá« á¡áááºááœáẠááœá²ááœááºááŒá®áž áá áºá á¯á¶áá áºáá¯áááºáž ááŸá®ááá¯áá±ááá«áááºá á¡áá»á¬ážá á¯á¡ááœáẠá¡áá¬á¡á¬ážáá¯á¶ážááᯠá¡ááŒááºá¡á¬áá¯á¶ á¡áááºážááŸáá·áºá¡áá»á¬áž áá¯á¶ááŸááºáááºáááºáá¯ááºáá±á¬ááºáá±áá±á¬ááŒá±á¬áá·áº (Habrastorage ááœáẠáá¯á¶áá»á¬ážáááºááẠáááŒá áºááá¯ááºááŒááºážáá²á·ááá¯á·áá±á¬ áá°ážáááºážáá±á¬áá»áá¯á·ááœááºážáá»ááºáá»á¬ážááŸááœá²á) Habré ááŸá á¡ááœá±á¡ááŸá áºáá±á¬ááºáááºáá»á¬ážááŸáá·áº áá±á¬á·ááºáá»á¬ážá¡áá±á¡ááœááºááŸáá·áºáááºáááºá ááœááºááá¯ááºáá±á¬ááºáá»ááºáá»ááá¯ááºáá«áááºá
áá¯á¶ 1. Habre áá±á«áºááŸá "á¡ááœá¬ážá¡áá¬" áááááºá
áá¯á¶ 2 ááẠááœááºážáááºááœáẠ"áá¯ááºáá±áá±á¬" áááºááŸááºáá áºáá¯ááŸááá±á¬áºáááºáž áá¯á¶ážá áœá²áá°áááá±á¬ááºáá¬ááŸá áá¯á¶ááŒááºá áááºáá»ááá±á¬ CA áááºááŸááºáá áºáá¯ááá¯á· áááºááŸáááá±á¬ááºáá¬áá»á¬ážá áááºááŸááá¬ážááŸááºážáá»á¬ážááœáẠ"á¡á á¬ážááá¯áž" ááœááºážáááºáá áºáá¯ááᯠáááºááá¯á·áááºáá±á¬ááºáá¬ážáááºááᯠááŒááá¬ážáááºá Sectigo ááá¯ááºááá¯ááºáá¯á¶ááŒááºááá²á·ááá¯á·á á€á¡áá¬ááẠáááºááá·áºá¡áá¬ááá¯áá»áŸ ááá¯ááºááẠá¡ááŒá±á¬ááºážá¡áááºážááŒá áºáááºá
áá¯á¶ 2á áá±ááºáá®ááá±á¬ááºáá¬áá¬ážááŸááºážá¡ááœáẠáá¯á¶ááŒááºá áááºáá»ááá±á¬áááºááŸááºáá áºáá¯ááá¯á· ááœááºážáááºá
ááá¯á·áá±á¬áº áá¯á¶ 3 ááœááºá áá áºá á¯á¶áá áºáᯠááŸá¬ážááœááºážááœá¬ážááŒá®áž áá»áœááºá¯ááºááá¯á·ááœáẠá¡ááœá±á¡ááŸá áºá áá áºáá áºáá¯ááŸááá±á¬á¡áá« á¡áá¬á¡á¬ážáá¯á¶ážááẠá¡ááŸááºááááºáááºáá²á·ááá¯á·áá¯á¶ááá¹áá¬ááºááŸááááºááᯠáááºááŒááºááá¯ááºáááºá á€ááá á¹á ááœááºá HTTPS áá»áááºáááºááŸá¯á¡á¬áž ááááºáá±á¬ááºááá±ážáá² "certificate validation failed" ááá¯á·ááá¯áẠá¡áá¬ážáá° error ááᯠáá»áœááºá¯ááºááá¯á·ááœá±á·ááŒááºááá«áááºá
áá¯á¶ 3á á¡áááºážáááºááŸááºááŸáá·áº áááºážá០áá±ážááá¯ážáá¬ážáá±á¬ á¡áááºá¡áááºáááºážááẠ"áá¯ááº" áá±á¬ááŒá±á¬áá·áº ááœááºážáááºá¡á¬áž áá»ááºááŒááºááœá¬ážáá«áááºá
áá¯á¶ 4 ááœááºá á¡ááœá±á¡ááŸá áºá áá áºáá»á¬ážá¡ááœáẠ"ááŒá±ááŸááºážáá»ááº" ááᯠáá»áœááºá¯ááºááá¯á·ááœá±á·áá¬ážááŒá®ážááŒá áºáááº- á¡áááºá¡áááºáááºááŸááºá ááá¯á·ááá¯áẠá¡ááœá±á¡ááŸá áºá áá áºáá»á¬ážááœáẠááŒáá¯áááºááá·áºááœááºážáá¬ážááá·áº á¡ááŒá¬áž CA á០"ááŒááºáá»á±á¬áºáááºááŸááº" áá áºáá¯ááŸááááºá á€áááºááŸá¬ áááºáá¯ááºáá±á¬ááºááẠááá¯á¡ááºáááº- á€áááºááŸáẠ(Extra download á¡ááŒá Ạá¡ááŸááºá¡áá¬ážááŒá¯áá¬ážááá·áº) ááá¯ááŸá¬ááŒá®áž "áá¯ááºáá±áá±á¬" ááᯠáááºážááŸáá·áº á¡á á¬ážááá¯ážáá«á
áá¯á¶ 4á á¡ááœá±á¡ááŸá áºá áá áºáá»á¬ážá¡ááœáẠá¡á á¬ážááá¯ážááœááºážáááºá
á
áá¬ážáá
ááº- Sectigo á áá±á¬ááºáá¬ááœááºážááŒááºážááŒá±á¬áá·áº á¡áá«á¡ááẠááŒá¿áá¬ááᯠáá»ááºáá»ááºááŒáá·áºááŒáá·áº áá°ááááŸááºááŒá¬áž áá¯ááºáá±á¬áºááŒá±á¬ááá¯ááŒááºážáá»áá¯áž áááŸááá²á·áá«á á¥ááá¬á¡á¬ážááŒáá·áºá á€áá±áá¬ááœáẠáááºááŸááºáá¶á·ááá¯ážáá±ážáá°áá»á¬ážáá²á០áá
áºáŠážá á¡ááŒááºááŒá
áºáááºá
á¡áááºáá¯ááºážá áá°ááá¯á· [Sectigo] áá¬ááŒá¿áá¬á០ááŸááá¬ááŸá¬ááá¯ááºáá°ážááá¯á· áá°ááá¯ááºážá á¡á¬ááá¶áá«áááºá ááá¯á·áá±á¬áºá á¡ááŒá áºááŸááºááŸá¬ á¡áá»áá¯á·áá±á¬ á¡ááœá±á¡ááŸá áºáá¬áá¬áá»á¬áž/á ááºáá á¹á ááºážáá»á¬ážááᯠááááá¯ááºá á±áá«áááºá
á¡á²áá«á áááºá áá¬áá±á¬ááºážáá²á· á¡ááŒá±á¡áá±áá«á áá áºááŸá áºá¡ááœááºáž á¡ááŒáááºáá»á¬ážá áœá¬ áááºáááºážáá¯ááºáá¯á¶ážáá±ááá·áº AddTrust RSA/ECC ááᯠáááºážááá¯á·á á¡á¬áá¯á¶á áá¯ááºááŸá¯ááᯠááœáŸááºááŒáá²á·ááŒá®áž Sectigo á áá»áœááºá¯ááºááá¯á·á¡á¬áž ááŒá¿áá¬áá»á¬ážááŸááá¬áááºááá¯ááºááŒá±á¬ááºáž á¡á¬ááá¶ááá·áºá¡ááŒáááºááá¯ááºážá
ááá¯ááºáá±ážááá¯ááºáᬠáá±ážáááºá
á
ááºáá¯á¶
áááºáá¯ááºáááºááá¯á¡ááºááá·áºá¡áá¬
áá±ááºáá® áááá¯ááºážááá·áº ááá¯á·ááá¯áẠáá¬áá¬á áá áºáá»á¬ážááᯠáááºáá±á¬ááºááŸá¯áá±ážááá·áº áááºááŸááºáá»á¬ážá¡áá«á¡ááẠá¡áá¯á¶ážááŒá¯ááŸá¯á¡áá»á¬ážá á¯á¡ááœááºá AddTrust á¡ááŒá áºááá¯á· ááœááºážáááºáá¬ážáá±á¬ áááºááŸááºáá»á¬ážááᯠáá¯ááºáá±ážáááºááŒá áºá á± ááá¯ááºáá±á¬ááºááẠáááá¯á¡ááºáá«áAprilááŒá®á 30, 2020 áá¡ááŒá áºâ á¡ááœááºáá±á¬ááºážááœááºážáá±á¬ á áá áºáá»á¬ážáá±á«áºááœáẠáá°áááºáá±á¬ áá¯ááºáááºážáá¯ááºáááºážá ááºáá»á¬ážá¡ááœááºá Sectigo ááẠ(áááºááŸááºá¡á á¯á¡áá±ážááœáẠáá°áááºážá¡ááá¯ááºáž) áááŸáááá¯ááºáá±á¬ á¡ááœá±áááºáá¶ááŸá¯á¡áá áºááŒá áºáá±á¬ âAAA Certificate Servicesâ á¡ááŒá áºááᯠáá¯ááºáá±ážáá²á·áááºá ááá¯á·áá±á¬áºáááºáž á¡ááœááºááŸá±ážáá»áá±á¬ á¡ááœá±á¡ááŸá áºá áá áºáá»á¬ážáá±á«áºááœááºáá°áááºááá·áº áááºááá·áºáá¯ááºáááºážá ááºááá¯áááᯠá¡ááœááºááááá¬ážáá«á Sectigo á COMODO root áá²á·ááá¯á·áá±á¬ á¡áá áºáá±á¬ á¡ááŒá áºáá»á¬ážááᯠáá¶á·ááá¯ážááẠááá¯á¡ááºáá±á¬ á¡ááºááááºáá»á¬ážááᯠááááŸááá±á¬ á áá áºáá»á¬ážááẠá¡ááŒá¬ážáá±á¬ áááŸááááŒá áºááá¯á¡ááºáá±á¬ áá¯á¶ááŒá¯á¶áá±ážá¡ááºááááºáá»á¬ážááᯠáááœá²áááœá± áá»á±á¬ááºáá¯á¶ážáá±ááŒá®áž ááá¯á¶ááŒá¯á¶áᯠáá°áááá·áºáá«áááºá AAA Certificate Services root ááá¯á· ááŒááºáá»á±á¬áºáááºáá±á¬ááºááá¯áá«á Sectigo ááá¯á· ááá¯ááºááá¯ááºáááºááœááºáá«á
âá¡áááºážáá±á¬ááºážáááºâ á á¬áááºážááᯠá¡áááºážááŒáá¯ááºáááºá á¥ááá¬á¡á¬ážááŒáá·áºá áá áºááááºáááá¯áá±á¬ áá±á¬ááºáá¯á¶ážá¡ááºááááºáá»á¬ážááŒáá·áº Ubuntu Linux 18.04 LTS (ááá¯á¡áá»áááºááœáẠáá»áœááºá¯ááºááá¯á·áá¡ááŒá±áᶠOS) á ááœááºááá¯ážááºááœáẠááŸáá·áºáááºááŒááºážá á¡ááœááºáá±á¬ááºážáááºáᯠáá±á«áºáááºáááºáá²áá±á¬áºáááºáž áááºážááẠá¡áá¯ááºáááŒá áºáá«á
áááºááŸááºááŒáá·áºááŒá°ážáá°á¡áá»á¬ážá
á¯ááẠáá±á áá ááẠááœááºážááœá²ááá¯ááºážááœáẠáááºážááá¯á·á áá¯á¶ážááŒááºáá»ááºááŸááºá
á¯áá»á¬ážááᯠáá¯ááºááŒááºáá²á·áááºá á¥ááá¬á¡á¬ážááŒáá·áº á¡ááœááºááá·áºáá»á±á¬áºáá±á¬ áááºážááá¬ááá¯ááºáᬠá¡áá¯á¶ážá¡ááŸá¯ááºážáá»á¬ážáá²ááŸ
áá¯á¶ 5á á¡áá¬áá»á¬ážááᯠá¡ááŒááºááŒááºááẠá¡ááá·áºáá¯áá áºááá·áºá
ááŸááá«áááº
áá¯á¶ážááŒááºáá»ááº
á€áá±áá¬ááœáẠááŒá±ááŸááºážáá»ááºááá¯áááºáž ááœá¬ážááá»áá¯ážáááºáááºá á¡á±á¬ááºááœáẠáááºááŸááºáá»á¬ážá¡ááœáẠááŒáá¯ážááŸá
áºá
á¯á¶ááŸááááºá DV Sectigo (Comodo ááá¯ááºáá«á)á áá
áºáá¯á áááºážááŸá®ážááŒá®ážáá¬áž RSA áááºááŸááºáá»á¬ážá¡ááœááºá áá±á¬ááºáá
áºáá¯á ááááºááááºážááŸá®ážáá±á¬ ECC (ECDSA) áááºááŸááºáá»á¬ážá¡ááœáẠ(áá»áœááºáá±á¬áºááá¯á· áá»áááºážááŒáá¯ážááŸá
áºáá¯ááᯠá¡áá¯á¶ážááŒá¯áá±áᬠááŒá¬áá«ááŒá®)á ECC ááŒáá·áºá ááŒá±ááŸááºážáá»ááºá¡áá»á¬ážá
á¯ááẠáááºážááá¯á·ááá»á¶á·ááŸá¶á·ááŸá¯áááºážáá±á¬ááŒá±á¬áá·áº áááºážáááºááŸááºáá»á¬ážáááŸá±á·ááŸá±á¬ááºááœáẠááá·áºááœááºážá
ááºážá
á¬ážááŒááºážáááŸááá±á¬ááŒá±á¬áá·áº áááºážááẠááá¯ááá¯áááºáá²áá«áááºá ááááºá¡áá±ááŒáá·áº ááá¯á¡ááºáá±á¬ á¡áááºá¡áááºáááºááŸááºááᯠááŸá¬ááœá±ááœá±á·ááŸááá²á·áááºá
á¡ááá algorithm ááá¯á¡ááŒá±áá¶á áááºááŸááºáá»á¬ážá¡ááœááºááœááºážááẠRSA. ááá·áºááœááºážáááºááŸáá·áº ááŸáá¯ááºážááŸááºááŒá®áž á¡á±á¬ááºáááºááŸááºááá¯áᬠá¡á
á¬ážááá¯ážáá¬ážáááºááᯠáááááŒá¯áá«á á¡áááºááœááºáá«ááŸáááá·áºá¡ááá¯ááºáž áá»ááºáá±áá±ážáá«áááºá áá«áá°ááá¯á·ááᯠ"áááºážáá°" áá¬ááºáá±á¬ááºááá¯áá±ááœááºááŒááºážáááŒá¯áá² base64 blocks ááá±á¬ááºáá¯á¶ážá
á¬áá¯á¶ážáá¯á¶ážáá¯á¶ážááŒáá·áºá¡áááºááœááºááœá²ááŒá¬ážáá¬ážááẠ(á€ááá
á¹á
ááœááºá En8=
О 1+V
):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
# Algo: RSA, key size: 2048
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB
# SHA-256 Fingerprint: 7F:A4:FF:68:EC:04:A9:9D:75:28:D5:08:5F:94:90:7F:4D:1D:D1:C5:38:1B:AC:DC:83:2E:D5:C9:60:21:46:76
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Algo: RSA, key size: 4096
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
# SHA-256 Fingerprint: 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----
á¡ááá algorithm ááá¯á¡ááŒá±áá¶á áááºááŸááºáá»á¬ážá¡ááœááºááœááºážááẠECC. á¡áá¬ážáá° RSA á¡ááœáẠááœááºážáááºááŸáá·áºá¡áá°á á¡á±á¬ááºáááºááŸááºááá¯áᬠá¡á
á¬ážááá¯ážáá²á·áááºá á¡áááºáááºááŸááºááẠáá°áá®áá±áá±ážááẠ(á€ááá
á¹á
ááœááºá fmA==
О v/c=
):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Domain Validation Secure Server CA
# Algo: EC secp256r1, key size: 256
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: E8:49:90:CB:9B:F8:E3:AB:0B:CA:E8:A6:49:CB:30:FE:4D:C4:D7:67
# SHA-256 Fingerprint: 61:E9:73:75:E9:F6:DA:98:2F:F5:C1:9E:2F:94:E6:6C:4E:35:B6:83:7C:E3:B9:14:D2:24:5C:7F:5F:65:82:5F
-----BEGIN CERTIFICATE-----
MIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw
MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
D1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xk
IQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8Z
wpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYD
VR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYD
VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz
dEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/
BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVD
Q0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRs
cS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd9
4ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Algo: EC secp384r1, key size: 384
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: CA:77:88:C3:2D:A1:E4:B7:86:3A:4F:B5:7D:00:B5:5D:DA:CB:C7:F9
# SHA-256 Fingerprint: A6:CF:64:DB:B4:C8:D5:FD:19:CE:48:89:60:68:DB:03:B5:33:A8:D1:33:6C:62:56:A8:7D:00:CB:B3:DE:F3:EA
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----
áá«áá±á¬áºáá±á¬áºáá±ážáá«áá²á ááá¯á áá¯ááºáá²á·á¡ááœááºáá»á±ážáá°ážáááºáá«áááºá
source: www.habr.com