IETF yakabvumidzwa Automatic Certificate Management Environment (ACME), iyo inozobatsira otomatiki kuwana zvitupa zveSSL. Ngatikuudzei kuti zvinoshanda sei.
/flickr/ /
Nei mupimo wacho waidiwa?
Avhareji pagadziriro kune imwe nzvimbo, maneja anogona kupedza kubva paawa imwe kusvika kumatatu. Kana ukaita chikanganiso, uchafanirwa kumirira kusvika chikumbiro charambwa, ndopachinogona kuendeswa zvakare. Zvese izvi zvinoita kuti zviome kuendesa masisitimu makuru.
Iyo domain yekusimbisa maitiro kune yega yega certification chiremera inogona kusiyana. Kushaikwa kwekumisikidza dzimwe nguva kunotungamira kumatambudziko ekuchengetedza. Famous apo, nekuda kwebug mune system, imwe CA yakasimbisa ese akaziviswa domains. Mumamiriro ezvinhu akadai, zvitupa zveSSL zvinogona kupihwa kune zviwanikwa zvehutsotsi.
IETF yakabvumidza ACME protocol (specification ) inofanirwa kuita otomatiki uye kuenzanisa maitiro ekutora chitupa. Uye kubvisa chinhu chemunhu kuchabatsira kuwedzera kuvimbika uye chengetedzo yekusimbisa zita rezita.
Iyo chiyero yakavhurika uye chero munhu anogona kubatsira mukusimudzira kwayo. IN Mirayiridzo yakakodzera yakatsikiswa.
Sei basa iri
Zvikumbiro zvinotsinhaniswa muACME pamusoro peHTTPS uchishandisa JSON mameseji. Kuti ushande neprotocol, unofanirwa kuisa iyo ACME mutengi pane inotangwa node; inoburitsa yakasarudzika kiyi peya kekutanga iwe yaunowana iyo CA. Zvadaro, ivo vanozoshandiswa kusaina meseji ese kubva kumutengi uye server.
Meseji yekutanga ine ruzivo rwekufonera muridzi wedomain. Inosainwa nekiyi yakavanzika uye inotumirwa kune server pamwe nekiyi yeruzhinji. Inotaridza huchokwadi hwesaina uye, kana zvese zvakarongeka, inotanga maitiro ekuburitsa chitupa cheSSL.
Kuti uwane chitupa, mutengi anofanira kuratidza kune server kuti ndiye muridzi wedura. Kuti aite izvi, anoita zvimwe zviito zvinowanikwa chete kumuridzi. Semuenzaniso, chiremera chechitupa chinogona kuburitsa chiratidzo chakasarudzika uye kukumbira mutengi kuti aiise panzvimbo. Tevere, iyo CA inoburitsa dandemutande kana DNS mubvunzo kuti utore kiyi kubva pane iyi tokeni.
Semuenzaniso, munyaya yeHTTP, kiyi kubva pachiratidzo inofanira kuiswa mufaira iyo ichashandiswa newebhu web server. Munguva yeDNS verification, chiremera chechitupa chinotarisa kiyi yakasarudzika mugwaro rezvinyorwa zveDNS rekodhi. Kana zvese zvakanaka, sevha inosimbisa kuti mutengi akasimbiswa uye CA inoburitsa chitupa.
/flickr/ /
Posts
By IETF, ACME ichave yakakosha kune vatungamiriri vanofanirwa kushanda nemazita akawanda emadomasi. Iyo chiyero ichabatsira kubatanidza imwe neimwe kune inodiwa SSLs.
Pakati pezvakanakira chiyero, nyanzvi dzinocherechedzawo akati wandei . Ivo vanofanirwa kuve nechokwadi chekuti SSL zvitupa zvinopihwa chete kune chaivo varidzi vedomasi. Kunyanya, seti yekuwedzera inoshandiswa kudzivirira kubva kuDNS kurwiswa , uye kudzivirira kubva kuDoS, chiyero chinomisa kumhanya kwekuita kwezvikumbiro zvega - semuenzaniso, HTTP yenzira. . ACME vanogadzira ivo pachavo Kuti uvandudze kuchengetedzeka, wedzera entropy kune DNS mibvunzo uye uzviite kubva kune akawanda mapoinzi panetiweki.
Similar Solutions
Protocols inoshandiswawo kuwana zvitupa ΠΈ .
Yekutanga yakagadzirwa kuCisco Systems. Chinangwa chayo chaive chekurerutsa nzira yekupa X.509 digitaalinen zvitupa uye kuita kuti scalable sezvinobvira. Pamberi peSCEP, kuita uku kwaida kutora chikamu kwevatariri vehurongwa uye hakuna kukwira zvakanaka. Nhasi iyi protocol ndeimwe yeakajairika.
Kana iri EST, inobvumira vatengi vePKI kuwana zvitupa pamusoro penzira dzakachengeteka. Inoshandisa TLS yekutumira meseji uye SSL kuburitswa, pamwe nekusunga iyo CSR kune anotumira. Mukuwedzera, EST inotsigira elliptic cryptography nzira, iyo inogadzira imwezve chengetedzo.
By , mhinduro dzakaita se ACME dzinoda kuwedzera kupararira. Ivo vanopa yakareruka uye yakachengeteka SSL setup modhi uye zvakare nekumhanyisa maitiro.
Mamwe mameseji kubva kune yedu corporate blog:
Source: www.habr.com