Sabtidii Meey 30, 2020, dhib aan isla markiiba caddayn ayaa ka dhalatay shahaadooyinka caanka ah ee SSL / TLS ee iibiyaha Sectigo (Comodo hore). Shahaadooyinka laftoodu waxay ku sii socdeen inay noqdaan kuwo hagaagsan, si kastaba ha ahaatee, mid ka mid ah shahaadooyinka CA dhexdhexaadka ah ee silsiladaha lagu keenay shahaadooyinkan ayaa qudhmay. Xaaladdu maaha in la yiraahdo dhimasho, laakiin aan fiicneyn: noocyada hadda jira ee daalacashada waxba ma ogaanin, si kastaba ha ahaatee, inta badan otomatiga iyo daalacashada hore / OS diyaar uma aha sidan oo kale.
Habr ma ahayn mid ka reeban, waana sababta barnaamijkan waxbarasho / dhimashada ka dib loo qoray.
TL, DR Xalka dhamaadka.
Aynu ka boodno aragtida aasaasiga ah ee ku saabsan PKI, SSL/TLS, https iyo in ka badan. Makaanikada xaqiijinta ee leh shahaadada amniga domain waa in la dhiso silsilado tiro shahaadooyin ah mid ka mid ah kuwa lagu kalsoon yahay browserka ama nidaamka hawlgalka, kuwaas oo lagu kaydiyo waxa loogu yeero Dukaanka Trust. Liiskan waxaa lagu qaybiyay nidaamka hawlgalka, code runtime ecosystem, ama browserka. Shahaadooyin kastaa waxay leeyihiin taariikh dhicis ka dib taas oo loo arko inaan la aamini karin, oo ay ku jiraan shahaadooyinka dukaanka ammaanada. Sidee bay u ekayd silsiladdii kalsoonida ka hor maalinta qaddarinta? Adeegga shabakada ayaa naga caawin doona inaan ogaano ka Qualys.
Marka, mid ka mid ah shahaadooyinka "ganacsiga" ee ugu caansan waa Sectigo Positive SSL (oo hore u ahaan jirtay Comodo Positive SSL, shahaadooyin magacan leh ayaa wali la isticmaalayaa), waa waxa loogu yeero DV-shahaadada. DV waa heerka ugu da'da weyn ee shahaado, taasoo la macno ah xaqiijinta gelitaanka maamulka domain ee soo saaraha shahaado noocan oo kale ah. Dhab ahaantii, DV waxay u taagan tahay "Domain validation". Tixraac ahaan: waxa kale oo jira OV ( ansaxinta ururka) iyo EV ( ansaxinta la dheereeyey), iyo shahaado lacag la'aan ah oo ka socota Aynu Encryption sidoo kale waa DV. Kuwa sababa qaar aan ku qanacsanayn habka ACME, sheyga SSL ee togan ayaa ah kan ugu haboon marka loo eego qiimaha / sifooyinka (shahaadada hal-domain ah waxay ku kacaysaa qiyaastii 5-7 dollars sanadkii oo leh wadarta muddada ansaxinta shahaadada sare ilaa 2 sano iyo 3 bilood).
Shahaadada Sectigo DV Generic (RSA) ilaa ay dhawaan la timid silsiladan CA-yada dhexe:
Certificate #1:
Data:
Version: 3 (0x2)
Serial Number:
7d:5b:51:26:b4:76:ba:11:db:74:16:0b:bc:53:0d:a7
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Validity
Not Before: Nov 2 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2030 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Certificate #2:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification AuthorityMa jirto "shahaadada saddexaad", oo iskeed u saxeexday AddTrust AB, tan iyo markii ay wakhti ka dib noqotay mid loo tixgeliyey anshax xumo in lagu daro shahaadooyin xidid is-saxiix ah oo silsilado ah. Ogsoonow in CA dhexdhexaadka ah ee ay bixiso AddTrust's UserTrust ay leedahay taariikhda dhicitaanka May 30, 2020. Tani ma fududa, maadaama nidaamka shaqo joojinta loo qorsheeyay CA. Waxaa la aaminsanaa in marka la gaaro Maajo 30, 2020, shahaado saxiix ah oo ka socota UserTrust ay ka soo muuqan doonto dhammaan bakhaarada aaminaadda waqtigan (hoostiisa, tani waa shahaado la mid ah, ama halkii furaha dadweynaha) iyo silsiladda, xitaa iyadoo leh shahaado aan horey loo aamini karin ayaa lagu daray, waxay yeelan doontaa dhismo waddooyin kale ah cidina ma ogaan doonto. Si kastaba ha ahaatee, qorshayaasha ayaa ku burburay xaqiiqda, oo ah ereyga dheer ee "nidaamyada dhaxalka". Runtii, mulkiilayaasha noocyada hadda jira ee daalacashada waxba ma ay dareemin, si kastaba ha ahaatee, buurta otomaatiga ah ee lagu dhisay curls iyo ssl/tls maktabadaha tiro luuqado barnaamij ah iyo deegaan fulinta code ayaa jabay. Waa in la fahamsan yahay in alaabooyin badan aysan hagin qalabka dhismaha silsiladda ee lagu dhisay OS, laakiin "qaado" dukaanka kalsoonida iyaga. Oo mar walba kuma jiraan waxay jeclaan lahaayeen inay arkaan. . Iyo Linux, xirmooyinka sida ca-shahaadada mar walba lama cusbooneysiiyo. Ugu dambeyntii, wax walba waxay u muuqdaan inay hagaagsan yihiin, laakiin wax halkan iyo halkaas ma shaqeeyaan.
Jaantuska 1aad, way caddahay in inkasta oo wax walba ay u ekaayeen kuwo caadi ah inta badan, wax jabay qof iyo taraafikada si muuqata (khadka cas ee bidix), ka dibna koray markii mid ka mid ah shahaadooyinka muhiimka ah la bedelay (khadka saxda ah). Waxaa dhexda ka qarxay, markii shahaadooyin kale la bedelay, oo ay wax waliba ku tiirsan yihiin. Maaddaama inta badan wax walba muuqaal ahaan ay u sii wadeen inay si joogto ah u shaqeeyaan ama ka yareeyaan (marka laga reebo cilladaha qariibka ah sida suurta gal la'aanta in sawirro lagu dhejiyo Habrastorage), waxaan samayn karnaa gunaanad aan toos ahayn oo ku saabsan tirada macaamiisha dhaxalka ah iyo bots ee HabrΓ©.
Jaantuska 1. Sawirka "taraafikada" ee HabrΓ©.
Jaantuska 2 wuxuu muujinayaa sida silsilad "kaduwan" loogu dhisay noocyada hadda ee daalacashada ilaa shahaadada CA ee la aamini karo ee browser-ka isticmaalaha, xitaa haddii ay jirto shahaado "qurun" silsiladda. Tani, sida Sectigo lafteeda ay rumaysatay, waa sababta ugu weyn ee aan waxba loo samayn.
Jaantuska 2. Silsiladda shahaado la aamini karo ee nooca browserka casriga ah.
Laakin Jaantuska 3, waxaad ka arki kartaa sida ay wax waliba u muuqdaan marka ay wax qaldamaan oo aanu leenahay nidaam dhaxal gal ah. Xaaladdan oo kale, isku xirka HTTPS lama aasaasin waxaanan aragnaa qalad sida "ansixinta shahaadadu ku guuldareysatay" ama la mid ah.
Jaantuska 3. Silsiladda waa la buriyay sababtoo ah shahaadada xididka iyo dhexdhexaadinta ay saxiixday waxay ahaayeen "qurun".
Jaantuska 4, waxaan horayba u aragnaa "xalka" nidaamyada dhaxalka: waxaa jirta shahaado kale oo dhexdhexaad ah, ama halkii "saxiixa iskutallaabta" ee CA kale, kaas oo badanaa lagu sii rakibay nidaamyada dhaxalka. Tani waa waxa aad u baahan tahay inaad sameyso: hel shahaadadan (oo lagu calaamadeeyay soo dejin dheeri ah) oo ku beddel midda " qudhuntay ".
Jaantus 4. Silsiladda beddelka ah ee hababka dhaxalka.
By the way: dhibaatadu may lahayn dacaayad ballaadhan iyo nooc ka mid ah doodaha dadweynaha, oo ay ku jirto kibirka xad-dhaafka ah ee Sectigo. Tusaale ahaan, waa kan ra'yiga mid ka mid ah bixiyeyaasha shahaadada xaaladdan:
Markii hore waxay ahaayeen [Sectigo] u xaqiijiyay qof walba in wax dhibaato ah aysan noqon doonin. Si kastaba ha ahaatee, xaqiiqadu waxay tahay in qaar ka mid ah server-yada/alaada dhaxalka ay saameeyeen.
Taasi waa xaalad lagu qoslo. Waxaan u tusnay fiiro gaar ah AddTrust RSA/ECC ee dhacaysa dhowr jeer sanad gudihiis iyo mar kasta oo Sectigo ay noo xaqiijisay wax arrimo ah ma jiri doono.
Anigu shakhsi ahaan ayaan weydiiyey on Stack Overflow qiyaastii tan bil ka hor, laakiin sida muuqata, dhagaystayaasha mashruucu aad uguma habboona su'aalahan oo kale, markaa waa inaan nafteyda uga jawaabaa falanqaynta ka dib.
sektigo Waxaa jira su'aalo badan oo mawduucan ku saabsan, laakiin waa mid aan la akhrin karin oo dheereyn oo aan suurtagal ahayn in la isticmaalo. Halkan waxaa ah xigasho taas oo ah nuxurka daabacaadda oo dhan:
Maxaad U Baahan Tahay Inaad Sameyso
Inta badan kiisaska isticmaalka, oo ay ku jiraan shahaadooyinka u adeegaya macmiilka casriga ah ama nidaamyada server-ka, wax tallaabo ah looma baahna, haddii aad bixisay iyo haddii kale aad bixisay shahaadooyin iskutallaabta xididka AddTrust.Laga bilaabo Abriil 30, 2020Nidaamyada ganacsi ee ku xiran nidaamyada aadka u qadiimka ah, Sectigo ayaa diyaarisay (by default xirmooyinka shahaado) xidid dhaxalka cusub ee isdhaafsiga, xididka "AAA Certificate Services". Si kastaba ha ahaatee, fadlan ka taxaddar aad u daran oo ku saabsan geeddi-socod kasta oo ku xiran nidaamyada dhaxalka qadiimka ah. Nidaamyada aan helin cusboonaysiinta lagama maarmaanka u ah xididdada cusub sida Sectigo's COMODO xididka waxaa hubaal ah in ay waayi doonaan cusboonaysiinta kale ee muhiimka ah ee amniga waana in loo tixgeliyo kuwo aan ammaan ahayn. Haddii aad weli jeclaan lahayd inaad u gudubto xididka Adeegyada Shahaadada AAA, fadlan si toos ah ula xiriir Sectigo.
Runtii waan jeclahay qoraalka "aad u da' weyn", dabcan. Tusaale ahaan, ku dheji konsole-ka Ubuntu Linux 18.04 LTS (OS saldhiggayaga hadda) oo leh cusbooneysiintii ugu dambeysay oo aan ka weyneyn hal bil, way adagtahay in la waco mid aad u da' weyn, laakiin ma shaqeyso.
Inta badan qaybiyeyaasha shahaadooyinka ayaa soo saaray qoraallada go'aankooda galabnimadii dambe ee May 30-keedii. Tusaale ahaan, aad ugu habboon shuruudaha farsamada laga bilaabo (oo leh sharraxaad gaar ah oo ku saabsan waxa la sameeyo iyo xirmooyin CA-diyaar ah oo ku jira kaydadka sibka, laakiin RSA oo keliya):
Jaantus 5. Todoba tillaabo oo wax lagu hagaajiyo si dhakhso ah.
Waxaa jira ka Redhat, laakiin waxaa jira Legacy badan oo dheeraad ah oo aad u baahan tahay inaad ku rakibto shahaado dhaxalka xidid xitaa ka badan Comodo wax walba si ay u shaqeeyaan.
go'aanka
Waxaa haboon in halkan sidoo kale lagu soo koobo xalka. Hoos waxaa ah laba silsiladood oo ah silsiladaha shahaadooyinka DV Sectigo (ma aha Comodo!), Mid loogu talagalay shahaadooyinka RSA ee la yaqaan, kan kalena shahaadooyinka ECC (ECDSA) ee aan la aqoon (waxaan isticmaalnay laba silsiladood muddo dheer). Iyadoo ECC, waxay ahayd mid aad u adag, maadaama xalalka intooda badani aysan tixgelineynin joogitaanka shahaadooyinka noocaas ah sababtoo ah faafitaankooda hooseeya. Natiijo ahaan, shahaadada dhexe ee loo baahan yahay ayaa laga helay .
Silsiladda shahaadooyinka ku salaysan algorithmamka muhiimka ah RSA. Is barbar dhig silsiladdaada oo ogow in shahaadadii hoose oo keliya la beddelay, halka tii sarena ay sidii hore ahaan jirtay. Waxaan ku kala soocaa guriga seddexda xaraf ee ugu dambeeya ee blocks64, anigoon tirinaynin dabeecadda "isku mid" (xaaladdan). En8= ΠΈ 1+V):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
# Algo: RSA, key size: 2048
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB
# SHA-256 Fingerprint: 7F:A4:FF:68:EC:04:A9:9D:75:28:D5:08:5F:94:90:7F:4D:1D:D1:C5:38:1B:AC:DC:83:2E:D5:C9:60:21:46:76
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Algo: RSA, key size: 4096
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
# SHA-256 Fingerprint: 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----Silsiladda shahaadooyinka ku salaysan algorithmamka muhiimka ah Ecc. Si la mid ah silsiladda RSA, kaliya shahaadada hoose ayaa la bedelay, halka kan sare uu ahaado mid la mid ah (kiiskan fmA== ΠΈ v/c=):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Domain Validation Secure Server CA
# Algo: EC secp256r1, key size: 256
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: E8:49:90:CB:9B:F8:E3:AB:0B:CA:E8:A6:49:CB:30:FE:4D:C4:D7:67
# SHA-256 Fingerprint: 61:E9:73:75:E9:F6:DA:98:2F:F5:C1:9E:2F:94:E6:6C:4E:35:B6:83:7C:E3:B9:14:D2:24:5C:7F:5F:65:82:5F
-----BEGIN CERTIFICATE-----
MIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw
MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
D1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xk
IQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8Z
wpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYD
VR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYD
VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz
dEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/
BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVD
Q0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRs
cS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd9
4ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Algo: EC secp384r1, key size: 384
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: CA:77:88:C3:2D:A1:E4:B7:86:3A:4F:B5:7D:00:B5:5D:DA:CB:C7:F9
# SHA-256 Fingerprint: A6:CF:64:DB:B4:C8:D5:FD:19:CE:48:89:60:68:DB:03:B5:33:A8:D1:33:6C:62:56:A8:7D:00:CB:B3:DE:F3:EA
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----Taasi waa wax aad u qurux badan. Waad ku mahadsan tahay dareenkaaga.
Source: www.habr.com