Loweruka Meyi 30, 2020, vuto lodziwika bwino lidabuka ndi ziphaso zodziwika za SSL/TLS kuchokera kwa ogulitsa Sectigo (omwe kale anali Comodo). Ziphaso zomwezo zidapitilirabe kukhala mwadongosolo labwino, koma chimodzi mwa ziphaso zapakatikati za CA mu unyolo womwe ziphasozi zidaperekedwa zidawola. Zomwe sizili zakupha, koma zosasangalatsa: matembenuzidwe apano a osatsegula sanazindikire kalikonse, koma ma automation ambiri ndi osatsegula / OS akale sanakonzekere kutembenuka kotere.
Habr analinso chimodzimodzi, ndichifukwa chake pulogalamu yamaphunziro iyi / postmortem idalembedwa.
TL; DR Yankho lili kumapeto kwenikweni.
Tiyeni tidumphe chiphunzitso choyambirira cha PKI, SSL/TLS, https, ndi zina. Makina otsimikizira ndi satifiketi yachitetezo cha domeni amakhala ndi ma satifiketi angapo mpaka omwe amadaliridwa ndi msakatuli kapena makina ogwiritsira ntchito, omwe amasungidwa muchomwe chimatchedwa Trust Store. Mndandandawu umagawidwa ndi makina ogwiritsira ntchito, nthawi yogwiritsira ntchito zachilengedwe, kapena msakatuli. Satifiketi iliyonse imakhala ndi tsiku lotha ntchito, pambuyo pake imawonedwa ngati yosadalirika, kuphatikiza satifiketi mu sitolo yodalirika. Kodi unyolo wokhulupirirana unkawoneka bwanji tsiku loyipa lisanafike? Ntchito yapaintaneti itithandiza kuzindikira. kuchokera ku Qualys.
Chifukwa chake, chimodzi mwazinthu zodziwika bwino za "zamalonda" ndi Sectigo Positive SSL (yomwe poyamba inkatchedwa Comodo Positive SSL, ziphaso zomwe zili ndi dzinali zikugwirabe ntchito), ndizomwe zimatchedwa satifiketi ya DV. DV ndiye mulingo wakale kwambiri wa certification, zomwe zikutanthauza kuwunika mwayi wowongolera domain kwa wopereka satifiketi yotere. Kwenikweni, DV imayimira "kutsimikizika kwa domain". Kuti mumve zambiri: palinso OV (chitsimikiziro cha bungwe) ndi EV (chitsimikizo chowonjezereka), ndipo satifiketi yaulere yochokera ku Let's Encrypt ndiyonso DV. Kwa iwo omwe pazifukwa zina sakukhutitsidwa ndi makina a ACME, chinthu cha Positive SSL ndichoyenera kwambiri potengera kuchuluka kwa mtengo / mawonekedwe (satifiketi yamalo amodzi imawononga pafupifupi $ 5-7 pachaka ndi satifiketi yonse yotsimikizika mpaka Zaka 2 ndi miyezi 3).
Mpaka posachedwa, satifiketi yokhazikika ya Sectigo DV (RSA) idaperekedwa ndi mndandanda wotsatira wa ma CA apakati:
Certificate #1:
Data:
Version: 3 (0x2)
Serial Number:
7d:5b:51:26:b4:76:ba:11:db:74:16:0b:bc:53:0d:a7
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Validity
Not Before: Nov 2 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2030 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Certificate #2:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification AuthorityPalibe "satifiketi yachitatu", yodzilembera yokha kuchokera ku AddTrust AB, popeza nthawi ina idakhala ngati makhalidwe oyipa kuphatikiza ziphaso zodzilemba zokha mu unyolo. Mutha kuzindikira kuti CA yapakatikati yoperekedwa ndi UserTrust kuchokera ku AddTrust ili ndi tsiku lotha ntchito pa Meyi 30, 2020. Izi sizophweka, chifukwa ndondomeko yochotsa ntchito inakonzedwa pa CA iyi. Ankakhulupirira kuti pofika Meyi 30, 2020, satifiketi yosainidwa ndi UserTrust ikadapezeka m'masitolo onse odalirika pofika nthawi ino (pansi pa hood ndi satifiketi yomweyo, kapena chinsinsi cha anthu onse) ndi unyolo, ngakhale ndi Satifiketi yosadalirika ikuphatikizidwa, idzakhala ndi njira zina zomangira ndipo palibe amene angazindikire. Komabe, mapulaniwo adasokonezedwa ndi zenizeni, zomwe ndi mawu osamveka bwino akuti "machitidwe olowa". Zowonadi, eni ake asakatuli amakono sanazindikire kalikonse, koma phiri la automation lomwe linamangidwa pamalaibulale a curl ndi ssl/tls a zilankhulo zingapo zamapulogalamu ndi malo opangira ma code adasweka. Muyenera kumvetsetsa kuti zinthu zambiri sizimatsogozedwa ndi zida zomangira unyolo zomwe zimamangidwa mu OS, koma "kunyamula" sitolo yawo yodalirika nawo. Ndipo nthawi zonse amakhala ndi zomwe mukufuna kuwona . Ndipo ku Linux, mapaketi ngati ma ca-satifiketi samasinthidwa nthawi zonse. Pamapeto pake, zonse zikuwoneka kuti zili bwino, koma chinachake sichigwira ntchito apa ndi apo.
Kuchokera pa Chithunzi 1 zikuwonekeratu kuti ngakhale kwa ochuluka chirichonse chinkawoneka ngati mwachizolowezi, kwa ena chinachake chinasweka ndipo magalimoto adatsika kwambiri (mzere wofiira wamanzere), ndiye unakula pamene chimodzi mwa zizindikiro zazikulu chinasinthidwa (mzere woyenera). Panalinso ma spikes pakati, pomwe ziphaso zina zidasinthidwa, zomwe zinadaliranso. Popeza kwa ambiri zonse zowoneka zidapitilira kugwira ntchito mochulukirapo kapena mocheperako (kupatulapo zovuta zachilendo monga kulephera kuyika zithunzi pa Habrastorage), titha kunena molunjika za kuchuluka kwamakasitomala ndi bots pa Habr.
Chithunzi 1. Chithunzi cha magalimoto pa HabrΓ©.
Kuchokera pa Chithunzi 2, mutha kuwunika momwe m'mitundu yamakono asakatuli "njira ina" imapangidwira ku chiphaso chodalirika cha CA mumsakatuli wa wogwiritsa ntchito, ngakhale mutakhala ndi satifiketi "yowola". Izi, monga momwe Sectigo mwiniwake amakhulupilira, chinali chifukwa chenicheni choti asachite kalikonse.
Chithunzi 2. Unyolo ku chiphaso chodalirika cha mtundu wamakono wa osatsegula.
Koma mu Chithunzi 3 mukhoza kuona momwe chirichonse chikuwonekera pamene chinachake chikulakwika ndipo tili ndi dongosolo la cholowa. Pankhaniyi, kulumikizana kwa HTTPS sikunakhazikitsidwe ndipo tikuwona cholakwika ngati "chitsimikiziro cha satifiketi chalephera" kapena zofanana.
Chithunzi 3. Unyolowo unali wosavomerezeka chifukwa chikalata cha mizu ndi satifiketi yapakatikati yomwe idasainidwa ndi "zowola."
Pachithunzi 4 tikuwona kale "yankho" la machitidwe a cholowa: pali satifiketi ina yapakatikati, kapena m'malo mwake "siginecha" yochokera ku CA ina, yomwe nthawi zambiri imayikidwa kale m'machitidwe otengera. Izi ndi zomwe muyenera kuchita: pezani satifiketi iyi (yomwe yalembedwa ngati Kutsitsa kowonjezera) ndikusintha "chovunda" nacho.
Chithunzi 4. Njira ina ya machitidwe a cholowa.
Mwa njira: vutoli silinatchulidwe kwambiri kapena zokambirana zapagulu, kuphatikizapo chifukwa cha kudzikuza kwakukulu kwa Sectigo. Pano, mwachitsanzo, ndi lingaliro la m'modzi mwa opereka satifiketi mu pa izi:
Kale iwo [Sectigo] aliyense amene akutsimikiziridwa kuti palibe mavuto adzakhala. Komabe, chowonadi ndi chakuti ma seva / zida zina za cholowa zimakhudzidwa.
Umenewo ndi mkhalidwe wopusa. Tidawawonetsa chidwi chawo ku AddTrust RSA/ECC yomwe idatha kangapo mkati mwa chaka ndipo nthawi iliyonse Sectigo idatitsimikizira kuti palibe vuto lililonse.
Ndinafunsa ndekha pa Stack Overflow za izi mwezi wapitawu, koma mwachiwonekere, omvera a polojekitiyo sali oyenera kwambiri pa mafunso oterowo, kotero ndinayenera kuyankha ndekha pambuyo pa kusanthula.
Chigawo Pali FAQ pa izi, koma ndi yosawerengeka komanso yayitali kotero kuti ndizosatheka kugwiritsa ntchito. Nawa mawu omwe ali quintessence ya kufalitsa konse:
Zimene Mukuyenera Kuchita
Nthawi zambiri zogwiritsidwa ntchito, kuphatikiza ziphaso zomwe zimagwiritsa ntchito kasitomala wamakono kapena makina a seva, palibe chomwe chikufunika, kaya mwapereka ziphaso zomangika pamzu wa AddTrust kapena ayi.Pofika pa Epulo 30, 2020: Pazinthu zamabizinesi zomwe zimadalira machitidwe akale kwambiri, Sectigo yapangitsa kupezeka (mwachisawawa mu mitolo ya satifiketi) muzu watsopano wa cholowa cha kusaina, muzu wa "AAA Certificate Services". Komabe, chonde samalani kwambiri ndi njira iliyonse yomwe imadalira machitidwe akale kwambiri. Machitidwe omwe sanalandire zosintha zofunikira kuti athandizire mizu yatsopano monga Sectigo's COMODO mizu idzakhala ikusowa zosintha zina zofunika zachitetezo ndipo ziyenera kuonedwa ngati zosatetezeka. Ngati mukufunabe kusaina ku mizu ya AAA Certificate Services, chonde lemberani Sectigo mwachindunji.
Ndimakonda kwambiri malingaliro "akale kwambiri", inde. Mwachitsanzo, curl mu kontrakitala ya Ubuntu Linux 18.04 LTS (OS yathu pakadali pano) yokhala ndi zosintha zaposachedwa zosaposa mwezi sizingatchulidwe kuti zakale kwambiri, koma sizigwira ntchito.
Ogawa satifiketi ambiri adatulutsa zolemba zawo masana a Meyi 30. Mwachitsanzo, mwaukadaulo woyenera kwambiri kuchokera (ndi mafotokozedwe enieni a zoyenera kuchita komanso ndi ma CA-bundle okonzeka mu zip archive, koma RSA yokha):
Chithunzi 5. Masitepe asanu ndi awiri kuti mukonze zonse mwachangu.
pali kuchokera ku Redhat, koma chilichonse ndi Cholowa ndipo muyenera kukhazikitsa chiphaso chochokera ku Comodo kuti chilichonse chigwire ntchito.
chisankho
Ndikoyenera kubwereza yankho panonso. Pansipa pali magulu awiri a maunyolo a satifiketi DV Sectigo (osati Comodo!), imodzi ya ziphaso zanthawi zonse za RSA, inayo ya satifiketi ya ECC (ECDSA) yosadziwika bwino (takhala tikugwiritsa ntchito maunyolo awiri kwanthawi yayitali). Ndi ECC zinali zovuta kwambiri, popeza mayankho ambiri samaganizira za kukhalapo kwa ziphaso zotere chifukwa chakuchepa kwawo. Zotsatira zake, satifiketi yofunikira yapakati idapezeka .
Unyolo wamasatifiketi otengera ma aligorivimu ofunikira RSA. Fananizani ndi unyolo wanu ndipo zindikirani kuti chiphaso chapansi chokha chasinthidwa, pomwe chapamwamba chimakhalabe chimodzimodzi. Ndimawasiyanitsa m'mikhalidwe yatsiku ndi tsiku ndi zilembo zitatu zomaliza za midadada ya base64, osawerengera chizindikiro "chofanana" (pankhaniyi En8= ΠΈ 1+V):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
# Algo: RSA, key size: 2048
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB
# SHA-256 Fingerprint: 7F:A4:FF:68:EC:04:A9:9D:75:28:D5:08:5F:94:90:7F:4D:1D:D1:C5:38:1B:AC:DC:83:2E:D5:C9:60:21:46:76
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Algo: RSA, key size: 4096
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
# SHA-256 Fingerprint: 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----Unyolo wamasatifiketi otengera ma aligorivimu ofunikira ECC. Momwemonso ndi unyolo wa RSA, chiphaso chochepa chokha chinasinthidwa, ndipo chapamwamba chinakhalabe chofanana (pankhaniyi. fmA== ΠΈ v/c=):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Domain Validation Secure Server CA
# Algo: EC secp256r1, key size: 256
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: E8:49:90:CB:9B:F8:E3:AB:0B:CA:E8:A6:49:CB:30:FE:4D:C4:D7:67
# SHA-256 Fingerprint: 61:E9:73:75:E9:F6:DA:98:2F:F5:C1:9E:2F:94:E6:6C:4E:35:B6:83:7C:E3:B9:14:D2:24:5C:7F:5F:65:82:5F
-----BEGIN CERTIFICATE-----
MIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw
MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
D1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xk
IQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8Z
wpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYD
VR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYD
VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz
dEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/
BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVD
Q0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRs
cS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd9
4ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Algo: EC secp384r1, key size: 384
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: CA:77:88:C3:2D:A1:E4:B7:86:3A:4F:B5:7D:00:B5:5D:DA:CB:C7:F9
# SHA-256 Fingerprint: A6:CF:64:DB:B4:C8:D5:FD:19:CE:48:89:60:68:DB:03:B5:33:A8:D1:33:6C:62:56:A8:7D:00:CB:B3:DE:F3:EA
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----Ndizokongola kwambiri. Zikomo chifukwa chakumvetsera.
Source: www.habr.com