I le Aso Toʻonaʻi, Me 30, 2020, o se faʻafitauli e leʻi vave faʻaalia na tulaʻi mai i faʻailoga SSL / TLS lauiloa mai le tagata faʻatau Sectigo (muamua Comodo). O tusi pasi lava ia na faʻaauau pea ona lelei atoatoa, ae ui i lea, o se tasi o tusi faamaonia a le CA i totonu o filifili na tuʻuina atu ai nei tusi pasi na pala. O le tulaga e le o fai mai e leaga, ae le fiafia: o lomiga o loʻo i ai nei o suʻesuʻega e leʻi matauina se mea, peitaʻi, o le tele o masini ma suʻesuʻega tuai / OS e leʻi sauni mo sea taimi.
O Habr e le o se tuusaunoaga, o le mafuaaga lea na tusia ai lenei polokalame aʻoaʻoga / postmortem.
TL; AMA Fofo i le pito tonu lava.
Sei o tatou faase'e le manatu faavae e uiga i le PKI, SSL / TLS, https ma isi mea. O le faʻainisinia o le faʻamaonia ma se tusi faamaonia o le puipuiga o le domain o le fausia lea o se filifili o le tele o tusi faamaonia i se tasi o i latou e faʻatuatuaina e le browser poʻo le faʻaogaina o le system, lea e teuina i totonu o le faleoloa ua taʻua o Trust Store. O lenei lisi o loʻo tufatufaina atu i le faiga faʻaogaina, code runtime ecosystem, poʻo le browser. So'o se tusi pasi e iai le aso e muta ai le taimi e fa'apea e le'i fa'atuatuaina, e aofia ai tusi pasi i le faleoloa fa'alagolago. O le a le foliga o le filifili o le faatuatuaina a o lei oo i le aso matautia? O se upega tafa'ilagi e fesoasoani ia i tatou e iloa ai mai Qualys.
O lea la, o se tasi o tusi sili ona lauiloa "faapisinisi" o Sectigo Positive SSL (muamua Comodo Positive SSL, tusi faamaonia ma lenei igoa o loʻo faʻaaogaina pea), o le mea lea e taʻua o le DV-certificate. O le DV o le tulaga pito sili lea ona fa'amuamua o tusipasi, o lona uiga o le fa'amaoniaina o le avanoa i le pulega fa'alapotopotoga e le na te tu'uina atu sea tusi pasi. O le mea moni, o le DV o loʻo tu mo le "faʻamaonia o le domain". Mo faʻamatalaga: o loʻo iai foʻi le OV (faʻamaonia faʻalapotopotoga) ma le EV (faʻamaonia faʻalautele), ma o se tusi faamaonia e leai se totogi mai le Let's Encrypt o le DV foi. Mo i latou mo nisi mafuaaga e le o faamalieina i le ACME masini, o le Positive SSL oloa e sili ona talafeagai i tulaga o tau / foliga (o se tusi faʻamaonia e tasi-domain tau e uiga i 5-7 tala i le tausaga ma le aofaʻi atoa o le faʻamaonia o le vaitaimi o le maualuga. i le 2 tausaga ma le 3 masina).
O le Sectigo DV Generic Certificate (RSA) seia oʻo mai talu ai nei na sau ma lenei filifili o CA faʻapitoa:
Certificate #1:
Data:
Version: 3 (0x2)
Serial Number:
7d:5b:51:26:b4:76:ba:11:db:74:16:0b:bc:53:0d:a7
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Validity
Not Before: Nov 2 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2030 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Certificate #2:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification AuthorityE leai se "tusi lona tolu", na sainia e le tagata lava ia AddTrust AB, talu ai i se taimi i le taimi na manatu ai o ni uiga leaga e aofia ai tusi faamaonia aʻa na sainia e le tagata lava ia i filifili. Manatua o le CA intermediate na tuʻuina atu e AddTrust's UserTrust ei ai le aso e muta ai Me 30, 2020. E le faigofie lenei mea, ona o se faʻataʻitaʻiga faʻateʻaina na fuafuaina mo lenei CA. Na talitonuina e oʻo atu i le aso 30 o Me, 2020, o le a faʻaalia se tusi faʻamaufaʻailoga mai le UserTrust i faleoloa faʻalagolago uma i le taimi nei (i lalo o le pulou, o le tusi lava lea e tasi, pe o se ki lautele) ma le filifili, e oʻo lava i le ua le talitonuina tusi faamaonia e aofia ai, o le ai ai isi auala e fausia ma e leai se tasi e matauina. Ae ui i lea, o fuafuaga na paʻu i le mea moni, e taʻua o le umi o le "faiga faʻavae". O le mea moni, e leʻi matauina e i latou o loʻo i ai nei lomiga o suʻesuʻega se mea, ae ui i lea, o le mauga o masini na fausia i luga o potutusi curl ma ssl / tls o le tele o gagana faʻapolokalame ma siʻosiʻomaga faʻatinoina tulafono na malepe. E tatau ona malamalama o le tele o oloa e le o taʻitaʻia e meafaigaluega faufale o loʻo fausia i totonu o le OS, ae "ave" a latou faleoloa faʻalagolago ma i latou. Ma e le o iai i taimi uma mea latou te fia vaai i ai. . Ma i Linux, o afifi e pei o ca-certificates e le faʻafouina i taimi uma. I le faaiuga, e foliga mai o loʻo sologa lelei mea uma, ae o se mea e le aoga iinei ma iina.
Mai le Ata 1, o lo'o manino mai e ui lava o mea uma na foliga mai e masani ai mo le to'atele, o se mea na gau mo se tasi ma va'aia le ta'avale (laina mumu agavale), ona fa'atupulaia lea ina ua suia se tasi o tusi pasi (laina taumatau). Sa i ai le pa i le ogatotonu, ina ua suia isi tusi faamaonia, lea sa faalagolago foi i ai se mea. Talu ai mo le toʻatele o mea uma o loʻo faʻaauau pea ona galue i le tele pe itiiti ifo i taimi uma (sei vagana ai faʻalavelave ese e pei o le le mafai ona faʻapipiʻi ata i luga o le Habrastorage), e mafai ona matou faia se faʻamatalaga le tuusaʻo e uiga i le numera o tagata faʻatau ma bots i luga o Habré.
Ata 1. Kalafi o le "ta'avale" i Habré.
Ata 2 o loʻo faʻaalia ai le auala e fausia ai se filifili "sui" i lomiga o loʻo i ai nei o suʻesuʻega i se tusi faamaonia CA faatuatuaina i le suʻesuʻega a le tagata, e tusa lava pe i ai se tusi faamaonia "pala" i le filifili. O lenei, e pei ona talitonuina e Sectigo lava ia, o le mafuaaga tonu lea e le faia ai se mea.
Ata 2. filifili i se tusi faamaonia faatuatuaina mo se su'esu'ega fa'aonaponei.
Ae i le Ata 3, e mafai ona e vaʻavaʻai pe faʻafefea mea uma pe a faʻaletonu se mea ma o loʻo i ai le matou talatuu. I lenei tulaga, e le o faʻamautuina le fesoʻotaʻiga HTTPS ma matou vaʻai i se mea sese e pei o le "faʻamaonia le faʻamaonia" pe tutusa.
Ata 3. Na faalēaogāina le filifili ona o le tusi faamaonia aʻa ma le intermediate saini na ia "pala".
I le Ata 4, ua uma ona tatou vaʻavaʻai i se "fofo" mo faiga faʻaleaganuʻu: o loʻo i ai se isi tusi pasi vavalalata, poʻo se "saini-saini" mai se isi CA, lea e masani ona faʻapipiʻiina i faiga faʻaleaganuʻu. O le mea lea e tatau ona e faia: su'e lenei tusi faamaonia (lea ua faailogaina o le Extra download) ma sui le "pala" i ai.
Ata 4. Su'i filifili mo faiga fa'aleaganu'u.
I le auala: o le faʻafitauli e leʻi i ai se faʻasalalauga lautele ma se ituaiga o talanoaga lautele, e aofia ai ona o le faʻamaualuga tele o Sectigo. Mo se faʻataʻitaʻiga, o le manatu lea o se tasi o kamupani e tuʻuina atu tusi pasi i totonu i lenei tulaga:
I le taimi muamua na latou [Sectigo] faʻamautinoa i tagata uma e leai ni faʻafitauli. Ae ui i lea, o le mea moni o loʻo aʻafia ai nisi o tautua / masini.
O se tulaga faavalevalea lena. Na matou fa'asino atu i latou i le AddTrust RSA/ECC fa'agata i le tele o taimi i totonu o le tausaga ma o taimi uma e fa'amautinoa mai ai e Sectigo e leai ni fa'afitauli.
Sa ou fesili patino atu i luga o le Stack Overflow e uiga i lenei masina talu ai, ae e foliga mai, o le au maimoa o le poloketi e le fetaui lelei mo ia fesili, o lea na tatau ai ona ou taliina aʻu lava pe a uma le auiliiliga.
Sectico E i ai se FAQ i lenei mataupu, ae e matua le mafai ona faitau ma umi e le mafai ona faʻaaogaina. O se upusii lea o le quintessence o le lomiga atoa:
Mea e Tatau Ona E Faia
Mo le tele o tulaga fa'aoga, e aofia ai tusipasi o lo'o tautuaina tagata fa'aonaponei po'o faiga fa'aumau, e leai se gaioiga e mana'omia, tusa lava pe na e tu'uina atu pe leai ni tusi pasi fa'asaga i le a'a AddTrust.Talu mai Aperila 30, 2020: Mo faiga faapisinisi e faʻalagolago i faiga tuai tele, ua faʻaavanoaina e Sectigo (e ala i le faaletonu i totonu o pusa tusi faamaonia) se aʻa talatuu fou mo le sainia o le koluse, le aʻa o le "AAA Certificate Services". Ae ui i lea, fa'amolemole fa'aaoga le fa'aeteete tele i so'o se faiga e fa'alagolago i faiga tuai tuai. O faiga e le'i maua ni fa'afouga e mana'omia e lagolago ai a'a fou e pei o le a'a COMODO a Sectigo o le a mautinoa le misia o isi fa'afouga mo le saogalemu ma e tatau ona manatu e le saogalemu. Afai e te mana'o pea e fa'asaga i le AAA Certificate Services root, fa'amolemole fa'afeso'ota'i sa'o mai Sectigo.
Ou te matua fiafia lava i le suʻesuʻega "matua tuai", ioe. Mo se faʻataʻitaʻiga, faʻapipiʻi i le faʻamafanafanaga o le Ubuntu Linux 18.04 LTS (o loʻo matou faavae OS i le taimi nei) faʻatasi ai ma faʻafouga fou e le sili atu i le masina, e faigata ona valaʻau matua, ae e le aoga.
O le tele o fa'asoa tusi pasi na tu'uina atu a latou fa'amatalaga fa'ai'uga i le tu'i o le aoauli o le aso 30 o Me. Mo se faʻataʻitaʻiga, e fetaui lelei i tulaga faʻapitoa mai (faatasi ai ma se faʻamatalaga patino o le mea e fai ma faʻatasi ai ma CA-faʻapipiʻi saunia i totonu o faʻamaumauga zip, ae naʻo le RSA):
Ata 5. Laasaga e fitu e toe faaleleia vave ai mea.
o loo i ai mai Redhat, ae o loʻo i ai le tele ma sili atu Legacy ma e tatau ona e faʻapipiʻi se tusi sili atu aʻa talatuu mai Comodo mo mea uma e galue.
faaiuga
E aoga le fa'aluaina o le fofo iinei foi. O lo'o i lalo ni seti se lua o filifili mo tusi pasi DV Sectigo (e le o Comodo!), tasi mo tusi faamaonia RSA masani, o le isi mo tusi faamaonia ECC (ECDSA) e le masani ai (ua leva ona matou faʻaaogaina filifili e lua). Faatasi ai ma le ECC, sa sili atu ona faigata, talu ai o le tele o fofo e le amanaia le i ai o ia tusi pasi ona o lo latou maualalo. O le i'uga, na maua ai le tusi pasi mana'omia i luga .
Filifiliga mo tusi faamaonia e faʻavae ile algorithm autu RSA. Faatusatusa i lau filifili ma matau e na o le tusi faamaonia pito i lalo ua suia, ae o le pito i luga o loʻo tumau pea. Ou te faʻavasegaina i latou i le fale e ala i faʻamaumauga mulimuli e tolu o poloka base64, ae le o le faitauina o le "tutusa" uiga (i lenei tulaga En8= и 1+V):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
# Algo: RSA, key size: 2048
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB
# SHA-256 Fingerprint: 7F:A4:FF:68:EC:04:A9:9D:75:28:D5:08:5F:94:90:7F:4D:1D:D1:C5:38:1B:AC:DC:83:2E:D5:C9:60:21:46:76
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Algo: RSA, key size: 4096
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
# SHA-256 Fingerprint: 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----Filifiliga mo tusi faamaonia e faʻavae ile algorithm autu ECC. E faapena foi i le filifili mo le RSA, na o le tusi faamaonia pito i lalo na suia, ae o le pito i luga na tumau pea (i lenei tulaga. fmA== и v/c=):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Domain Validation Secure Server CA
# Algo: EC secp256r1, key size: 256
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: E8:49:90:CB:9B:F8:E3:AB:0B:CA:E8:A6:49:CB:30:FE:4D:C4:D7:67
# SHA-256 Fingerprint: 61:E9:73:75:E9:F6:DA:98:2F:F5:C1:9E:2F:94:E6:6C:4E:35:B6:83:7C:E3:B9:14:D2:24:5C:7F:5F:65:82:5F
-----BEGIN CERTIFICATE-----
MIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw
MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
D1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xk
IQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8Z
wpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYD
VR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYD
VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz
dEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/
BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVD
Q0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRs
cS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd9
4ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Algo: EC secp384r1, key size: 384
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: CA:77:88:C3:2D:A1:E4:B7:86:3A:4F:B5:7D:00:B5:5D:DA:CB:C7:F9
# SHA-256 Fingerprint: A6:CF:64:DB:B4:C8:D5:FD:19:CE:48:89:60:68:DB:03:B5:33:A8:D1:33:6C:62:56:A8:7D:00:CB:B3:DE:F3:EA
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----E matua tele lava lena. Faafetai mo lou gauai mai.
puna: www.habr.com