Aynu sir dhigno waa hay'ad ay bulshadu maamusho, oo aan macaash doon ahayn hay'ad shahaado ah oo qof walba siisa shahaadooyin bilaash ah. ku saabsan burinta soo socota ee shahaadooyin badan oo hore loo bixiyay TLS/SSL. 116 milyan oo ka mid ah 3 milyan oo ka mid ah kuwa hadda jira ee Aan Sirinno shahaadooyinka, in yar oo ka badan 2.6 milyan (1%) waa lagala noqonayaa, kuwaas oo ku dhawaad 4 milyan ka mid ahi ay yihiin nuqullo ku xidhan isla domain (khalad inta badan waxa ay saamaysay shahaadooyinka oo si joogto ah loo cusboonaysiiyo, taas oo ah sababta ay u badan yihiin nuqullada). Dib u yeerinta ayaa loo mudeeyay 3-ta Maarso (waqtiga saxda ah wali lama go'aamin, laakiin dib u yeerashadu ma dhici doonto ilaa XNUMX a.m. MSK).
Baahida dib-u-celinta waxay sabab u tahay daahfurka Febraayo 29 . Dhibaatadu waxay soo muuqatay ilaa Luulyo 25, 2019 waxayna saamaysaa nidaamka hubinta diiwaanada CAA ee DNS. Diiwaanka CAA (, Oggolaanshaha Hay'adda Shahaadada) waxay u ogolaataa mulkiilaha bogga inuu si cad u qeexo hay'adda shahaado bixinta kaas oo shahaadooyinka lagu soo saari karo goob cayiman. Haddii CA aan lagu qorin diiwaanka CAA, waa in ay xannibtaa soo saarista shahaadooyinka domain la bixiyay oo ay ogeysiiso milkiilaha bogga isku dayga tanaasul. Inta badan, shahaadada waxaa la codsadaa isla markiiba ka dib marka laga gudbo jeega CAA, laakiin natiijada jeegga ayaa loo arkaa inay shaqaynayso 30 maalmood oo kale. Xeerarka sidoo kale waxay u baahan yihiin dib-u-xaqiijinta in la sameeyo ugu dambayn 8 saacadood ka hor inta aan la bixin shahaado cusub (tusaale ahaan, haddii 8 saacadood ka soo wareegtay kormeerkii ugu dambeeyay marka la codsanayo shahaado cusub, dib-u-xaqiijin ayaa loo baahan yahay).
Ciladku waxay dhacdaa haddii codsiga shahaadodu uu daboolo dhowr magac oo domain ah hal mar, mid kasta oo ka mid ah wuxuu u baahan yahay hubinta diiwaanka CAA. Nuxurka khaladku waa in waqtiga dib-u-hubinta, halkii laga ansixin lahaa dhammaan domains, hal domain oo ka mid ah liiska ayaa dib loo hubiyay (haddii codsigu lahaa N domains, halkii N ee hubinta kala duwan, hal domain ayaa la hubiyay N jeer). Qaybaha soo hadhay, jeeg labaad lama samayn oo xogta jeeggii kowaad ayaa la isticmaalay markii go'aan laga gaadhayo (ie, xogta ilaa 30 maalmood jirtay ayaa la isticmaalay). Natiijo ahaan, 30 maalmood gudahood kadib xaqiijinta koowaad, Aynu Encrypt soo saari karo shahaado, xitaa haddii qiimaha rikoorka CAA la beddelay oo Aynu Encrypt ka saarno liiska maamulka shahaado bixinta ee la aqbali karo.
Isticmaalayaasha ay saameysay waxaa lagu ogeysiiyaa iimaylka haddii macluumaadka xiriirka la buuxiyey marka la helayo shahaadada. Waxaad ku hubin kartaa shahaadooyinkaaga adigoo soo dejinaya tirooyinka taxanaha ah ee shahaadooyinka la buriyay ama isticmaalaya (ku yaal cinwaanka IP-ga, ee Ruushka ee Roskomnadzor). Waxaad ku heli kartaa lambarka taxanaha ah ee shahaadada goobta xiisaha adoo adeegsanaya amarka:
openssl s_client -connect example.com:443 -showcerts /dev/null \
| openssl x509 -text -noout | grep -A 1 Serial \ Number | tr-d:
Source: opennet.ru