Ka Moqebelo oa la 30 Mots'eanong, 2020, ho ile ha hlaha bothata bo neng bo sa hlake hang hang ka litifikeiti tse tsebahalang tsa SSL/TLS tse tsoang ho morekisi Sectigo (eo pele e neng e le Comodo). Lisetifikeiti ka botsona li ile tsa tsoela pele ho ba ka tatellano e phethahetseng, empa e 'ngoe ea li-certificate tsa CA tse mahareng tse liketane tseo litifikeiti tsena li neng li fanoe ka tsona e ne e se e bolile. Boemo ha bo bolaee, empa bo sa thabise: liphetolelo tsa morao-rao tsa li-browser ha lia ka tsa hlokomela letho, empa boholo ba li-automation le li-browser tsa khale / OS li ne li sa itokisetsa phetoho e joalo.
Habr e ne e se mokhelo, ke ka lebaka leo lenaneo lena la thuto / postmortem le ileng la ngoloa.
TL; DR Tharollo e qetellong.
Ha re tlōle khopolo ea mantlha mabapi le PKI, SSL/TLS, https, joalo-joalo. Mekhaniki ea netefatso ka setifikeiti sa ts'ireletso ea domain e kenyelletsa ho aha letoto la litifikeiti tse ngata ho fihla ho tse tšeptjoang ke sebatli kapa sistimi ea ts'ebetso, tse bolokiloeng sebakeng se bitsoang Trust Store. Lenane lena le ajoa le sistimi ea ts'ebetso, sistimi ea nako ea ho sebetsa, kapa sebatli. Lisetifikeiti life kapa life li na le letsatsi la ho felloa ke nako, ka mor'a moo li nkuoa li sa tšepahale, ho kenyeletsoa litifikeiti lebenkeleng la trust. Letoto la tšepo le ne le shebahala joang pele ho letsatsi le mahlonoko? Sesebelisoa sa webo se tla re thusa ho e tseba. ho tloha Qualys.
Kahoo, e 'ngoe ea litifikeiti tsa "khoebo" tse tsebahalang haholo ke Sectigo Positive SSL (eo pele e neng e bitsoa Comodo Positive SSL, litifikeiti tse nang le lebitso lena li ntse li sebelisoa), ke se bitsoang setifikeiti sa DV. DV ke boemo ba pele ba setifikeiti, ho bolelang ho hlahloba phihlello ea taolo ea domain bakeng sa mofani oa setifikeiti se joalo. Haele hantle, DV e emetse "domain validation". Bakeng sa litšupiso: ho boetse ho na le OV (netefatso ea mokhatlo) le EV (netefatso e atolositsoeng), le setifikeiti sa mahala se tsoang ho Let's Encrypt le sona ke DV. Bakeng sa bao ka mabaka a itseng ba sa khotsofalang ke mochine oa ACME, sehlahisoa se Positive SSL ke sona se loketseng ka ho fetisisa ho ea ka tekanyo ea theko / likarolo (setifikeiti sa sebaka se le seng se bitsa chelete e ka bang $ 5-7 ka selemo se nang le setifikeiti se feletseng sa ho sebetsa ho fihlela ho. Lilemo tse 2 le likhoeli tse 3).
Ho fihlela haufinyane tjena, setifikeiti se tloaelehileng sa Sectigo DV (RSA) se ne se fanoa ka ketane e latelang ea li-CA tsa mahareng:
Certificate #1:
Data:
Version: 3 (0x2)
Serial Number:
7d:5b:51:26:b4:76:ba:11:db:74:16:0b:bc:53:0d:a7
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Validity
Not Before: Nov 2 00:00:00 2018 GMT
Not After : Dec 31 23:59:59 2030 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Certificate #2:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification AuthorityHa ho na "setifikeiti sa boraro", se ngolisitsoeng ho tsoa ho AddTrust AB, kaha ka nako e 'ngoe ho ile ha nkoa e le mekhoa e mebe ho kenyelletsa mangolo a motso a ikemetseng ka liketane. U kanna ua hlokomela hore CA ea mahareng e fanoeng ke UserTrust ho tsoa AddTrust e na le letsatsi la ho felloa ke nako ka la 30 Mots'eanong 2020. Sena ha se bonolo, kaha ho ne ho reriloe mokhoa oa ho felisa tsamaiso bakeng sa CA ena. Ho ne ho lumeloa hore ka la 30 Mots'eanong 2020, setifikeiti se saenneng se tsoang ho UserTrust se ka be se hlahile mabenkeleng ohle a trust ka nako ena (tlas'a hood ke setifikeiti se tšoanang, kapa senotlolo sa sechaba) le ketane, leha e na le setifikeiti se seng se sa tšepahale se kenyellelitsoe, se tla ba le mekhoa e meng ea kaho mme ha ho motho ea tla e hlokomela. Leha ho le joalo, merero e ile ea senngoa ke 'nete, e leng lentsoe le sa hlakang "litsamaiso tsa lefa". Ehlile, beng ba liphetolelo tsa hajoale tsa sebatli ha baa ka ba hlokomela letho, empa thaba ea othomathike e hahiloeng holim'a lilaebrari tsa curl le ssl/tls tsa lipuo tse ngata tsa mananeo le libaka tsa ts'ebetso ea khoutu li ile tsa robeha. U hloka ho utloisisa hore lihlahisoa tse ngata ha li tataisoe ke lisebelisoa tsa ho haha ketane tse hahiloeng ho OS, empa li "jara" lebenkele la bona la tšepo le tsona. 'Me ha se kamehla li nang le seo u ka ratang ho se bona . 'Me ho Linux, liphutheloana tse kang li-ca-certificate ha li ntlafatsoe kamehla. Qetellong, ntho e 'ngoe le e' ngoe e bonahala e lokile, empa ho na le ntho e sa sebetseng mona le mane.
Ho tloha Setšoantšong sa 1 ho hlakile hore le hoja ho bongata bo boholo ntho e 'ngoe le e' ngoe e ne e shebahala e le e tloaelehileng, ho ba bang ntho e 'ngoe e ile ea robeha' me sephethephethe se ile sa theoha ka mokhoa o hlakileng (mohala o mofubelu o letšehali), joale e ile ea hōla ha setifikeiti se seng sa bohlokoa se nkeloa sebaka (mohala o nepahetseng). Ho ne ho boetse ho e-na le li-spikes bohareng, ha li-certificate tse ling li fetoloa, tseo ho tsona ho neng ho itšetlehile ka ntho e 'ngoe. Kaha ho ba bangata, ntho e 'ngoe le e' ngoe ka pono e ile ea tsoela pele ho sebetsa ka mokhoa o tloaelehileng (ntle le liphoso tse makatsang tse kang ho se khone ho kenya litšoantšo ho Habrastorage), re ka etsa qeto e sa tobang mabapi le palo ea bareki ba lefa le bots ho Habr.
Setšoantšo sa 1. Kerafo ea sephethephethe ho Habré.
Ho tsoa ho Setšoantšo sa 2, u ka hlahloba hore na liphetolelong tsa morao-rao tsa li-browser "ketane e 'ngoe" e hahiloe joang ho setifikeiti sa CA se tšeptjoang ho sebapali sa mosebedisi, leha ho na le setifikeiti se "bolileng" ka ketane. Sena, joalo ka ha Sectigo ka boeona e ne e lumela, e ne e le lona lebaka la ho se etse letho.
Setšoantšo sa 2. Ketane ho setifikeiti se tšeptjoang sa phetolelo ea morao-rao ea sebapali.
Empa ho Setšoantšo sa 3 u ka bona hore na ntho e 'ngoe le e' ngoe e shebahala joang ha ntho e sa tsamaee hantle 'me re na le tsamaiso ea lefa. Tabeng ena, khokahanyo ea HTTPS ha e e-s'o thehoe 'me re bona phoso e kang "tiisetso ea setifikeiti e hlōlehile" kapa e tšoanang.
Setšoantšo sa 3. Ketane e ne e sa sebetse hobane setifikeiti sa motso le setifikeiti sa bohareng se saenneng ke sona se ne se "bolile."
Setšoantšong sa 4 re se re ntse re bona "tharollo" bakeng sa litsamaiso tsa lefa: ho na le setifikeiti se seng sa bohareng, kapa ho e-na le "setifikeiti sa sefapano" se tsoang ho CA e 'ngoe, eo hangata e kentsoeng pele ho litsamaiso tsa lefa. Sena ke seo u lokelang ho se etsa: fumana setifikeiti sena (se tšoailoeng e le download e eketsehileng) 'me u nkele se "bolileng" sebaka ka sona.
Setšoantšo sa 4. Ketane e 'ngoe bakeng sa litsamaiso tsa lefa.
Ka tsela: bothata bo ne bo se na phatlalatso e pharaletseng kapa puisano leha e le efe ea sechaba, ho kenyelletsa le ka lebaka la boikhohomoso bo feteletseng ba Sectigo. Mona, mohlala, ke maikutlo a e mong oa bafani ba setifikeiti ho boemong bona:
Pele ba [Sectigo] e mong le e mong ea tiisitsoeng hore ha ho na mathata a tla ba teng. Leha ho le joalo, 'nete ke hore li-server / lisebelisoa tse ling tsa lefa lia ameha.
Eo ke boemo bo somang. Re lebisitse tlhokomelo ea bona ho AddTrust RSA/ECC e felloang ke nako ka makhetlo a mangata nakong ea selemo mme nako le nako ha Sectigo e re tiisetsa hore ha ho na mathata a tla ba teng.
Ke ile ka botsa ka bonna ka Stack Overflow mabapi le sena khoeling e fetileng, empa ho hlakile hore bamameli ba morero ha ba tšoanelehe haholo bakeng sa lipotso tse joalo, kahoo ke ile ka tlameha ho e araba ka mor'a tlhahlobo.
Sehlopha Ho na le FAQ ka sena, empa ha e balehe ebile e telele hoo ho ke keng ha khoneha ho e sebelisa. Mona ke mantsoe a qotsitsoeng ao e leng quintessence ea phatlalatso eohle:
Seo U Lokelang ho se Etsa
Bakeng sa linyeoe tse ngata tsa ts'ebeliso, ho kenyeletsoa le litifikeiti tse sebeletsang litsamaiso tsa sejoale-joale tsa bareki kapa li-server, ha ho na mohato o hlokahalang, hore na o fane ka litifikeiti tse tlanngoeng ho motso oa AddTrust kapa che.Ho tloha ka la 30 Mmesa, 2020: Bakeng sa lits'ebetso tsa khoebo tse itšetlehileng ka litsamaiso tsa khale haholo, Sectigo e entse hore ho fumanehe (ka ho sa feleng mekotleng ea setifikeiti) motso o mocha oa lefa bakeng sa ho saena, motso oa "AAA Certificate Services". Leha ho le joalo, ka kopo sebelisa tlhokomeliso e feteletseng mabapi le ts'ebetso efe kapa efe e itšetlehileng ka litsamaiso tsa khale haholo tsa lefa. Lits'ebetso tse so fumaneng lintlafatso tse hlokahalang ho ts'ehetsa metso e mecha joalo ka metso ea COMODO ea Sectigo e tla be e haelloa ke lintlha tse ling tsa bohlokoa tsa ts'ireletso mme e lokela ho nkuoa e sa sireletseha. Haeba u ntse u ka rata ho saena ho motso oa Litšebeletso tsa Setifikeiti sa AAA, ka kopo ikopanye le Sectigo ka kotloloho.
Ke hlile ke rata thesis "ea khale haholo", ehlile. Mohlala, curl ka har'a komporo ea Ubuntu Linux 18.04 LTS (OS ea rona hajoale) e nang le lintlafatso tsa morao-rao tse sa feteng khoeli e ke keng ea bitsoa ea khale haholo, empa ha e sebetse.
Boholo ba barekisi ba setifikeiti ba lokolotse lintlha tsa bona tsa liqeto morao thapama ea la 30 Motšeanong. Ka mohlala, haholo botekgeniki loketseng ho tloha (ka tlhaloso e tobileng ea seo u lokelang ho se etsa le ka li-bundle tsa CA tse seng li entsoe li-archives, empa ke RSA feela):
Setšoantšo sa 5. Mehato e supileng ea ho lokisa ntho e 'ngoe le e' ngoe kapele.
Ho na le ho tloha Redhat, empa ntho e 'ngoe le e' ngoe e na le Lefa le ho feta 'me u hloka ho kenya setifikeiti sa lefa la motso le ho feta ho tloha Comodo hore ntho e' ngoe le e 'ngoe e sebetse.
u etsa qeto ea
Ho bohlokoa ho pheta tharollo mona hape. Ka tlase ho na le lihlopha tse peli tsa liketane tsa setifikeiti DV Sectigo (eseng Comodo!), e 'ngoe bakeng sa litifikeiti tse tloaelehileng tsa RSA, e' ngoe bakeng sa litifikeiti tse sa tloaelehang tsa ECC (ECDSA) (e se e le nako e telele re sebelisa liketane tse peli). Ka ECC ho ne ho le thata haholo, kaha litharollo tse ngata ha li nahane ka boteng ba litifikeiti tse joalo ka lebaka la ho ata ha tsona ho tlase. Ka lebaka leo, setifikeiti sa mahareng se hlokahalang se ile sa fumanoa ho .
Ketane ea litifikeiti tse thehiloeng ho algorithm ea bohlokoa RSA. Bapisa le ketane ea hau 'me u hlokomele hore ke setifikeiti sa tlase feela se nketsoeng sebaka, ha se ka holimo se ntse se le joalo. Ke li khetholla maemong a letsatsi le letsatsi ka litlhaku tse tharo tsa ho qetela tsa li-block64, ke sa bale letšoao la "lekana" (tabeng ena. En8= и 1+V):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
# Algo: RSA, key size: 2048
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB
# SHA-256 Fingerprint: 7F:A4:FF:68:EC:04:A9:9D:75:28:D5:08:5F:94:90:7F:4D:1D:D1:C5:38:1B:AC:DC:83:2E:D5:C9:60:21:46:76
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
# Algo: RSA, key size: 4096
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
# SHA-256 Fingerprint: 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----Ketane ea litifikeiti tse thehiloeng ho algorithm ea bohlokoa ECC. Ka mokhoa o ts'oanang le ketane ea RSA, ke setifikeiti se tlase feela se ileng sa nkeloa sebaka, 'me se ka holimo se ile sa sala se le joalo (tabeng ena. fmA== и v/c=):
# Subject: /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Domain Validation Secure Server CA
# Algo: EC secp256r1, key size: 256
# Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Not valid before: 2018-11-02T00:00:00Z
# Not valid after: 2030-12-31T23:59:59Z
# SHA-1 Fingerprint: E8:49:90:CB:9B:F8:E3:AB:0B:CA:E8:A6:49:CB:30:FE:4D:C4:D7:67
# SHA-256 Fingerprint: 61:E9:73:75:E9:F6:DA:98:2F:F5:C1:9E:2F:94:E6:6C:4E:35:B6:83:7C:E3:B9:14:D2:24:5C:7F:5F:65:82:5F
-----BEGIN CERTIFICATE-----
MIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEw
MjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
D1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xk
IQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8Z
wpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYD
VR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYD
VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz
dEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/
BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVD
Q0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1
c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRs
cS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd9
4ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==
-----END CERTIFICATE-----
# Subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority
# Algo: EC secp384r1, key size: 384
# Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
# Not valid before: 2019-03-12T00:00:00Z
# Not valid after: 2028-12-31T23:59:59Z
# SHA-1 Fingerprint: CA:77:88:C3:2D:A1:E4:B7:86:3A:4F:B5:7D:00:B5:5D:DA:CB:C7:F9
# SHA-256 Fingerprint: A6:CF:64:DB:B4:C8:D5:FD:19:CE:48:89:60:68:DB:03:B5:33:A8:D1:33:6C:62:56:A8:7D:00:CB:B3:DE:F3:EA
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----Ke hantle haholo. Kea leboha ha u mametse.
Source: www.habr.com