Masifihlele silawulwa luluntu, sinegunya lesatifikethi esingenzi nzuzo esibonelela ngezatifikethi zasimahla kuye wonke umntu. malunga nokurhoxiswa okuzayo kwezatifikethi ezininzi ezikhutshwe ngaphambili zeTLS/SSL. Kwi-116 lezigidi zezatifikethi ezisebenzayo ngoku Masibhale ngeNguqulelo ngokuntsonkothileyo, ngaphezulu kancinci kwe-3 yezigidi (2.6%) ziyakurhoxiswa, apho malunga nesigidi esi-1 ziyimpinda ebotshelelwe kwindawo enye (impazamo ichaphazeleka ikakhulu izatifikethi ezihlaziywa rhoqo, ezi kutheni kukho ezininzi eziphindiweyo). Ukubuyiselwa kwakhona kuhlelwe ngo-Matshi 4 (ixesha elichanekileyo alikacaciswanga, kodwa ukukhumbula akuyi kwenzeka kude kube yi-3 ekuseni ye-MSK).
Isidingo sokubuyiselwa ngenxa yokufunyanwa kwe-29 kaFebruwari . Ingxaki ibonakala ukususela nge-25 kaJulayi 2019 kwaye ichaphazela inkqubo yokujonga iirekhodi ze-CAA kwi-DNS. Ingxelo ye-CAA (,Ugunyaziso lweSiqinisekiso seSiqinisekiso) luvumela umnini wendawo ukuba achaze ngokucacileyo igunya lesatifikethi apho izatifikethi zinokuveliswa kwindawo ethile. Ukuba i-CA ayidweliswanga kwiirekhodi ze-CAA, kufuneka ivimbele ukukhutshwa kweziqinisekiso kwi-domain enikeziweyo kwaye yazise umnini wesizinda malunga nemizamo yokunciphisa. Kwiimeko ezininzi, isatifikethi sicelwa ngokukhawuleza emva kokupasa itshekhi ye-CAA, kodwa isiphumo setshekhi sithathwa njengesemthethweni ezinye iintsuku ezingama-30. Imigaqo iphinda ifune ukuqinisekiswa kwakhona ukuba kwenziwe ngaphandle kweeyure ze-8 ngaphambi kokukhutshwa kwesatifikethi esitsha (oko kukuthi, ukuba iiyure ze-8 zidlulile ukususela ekuhlolweni kokugqibela xa ucela isatifikethi esitsha, ukuqinisekiswa kwakhona kuyafuneka).
Impazamo yenzeka ukuba isicelo sesatifikethi sigubungela amagama amaninzi esizinda ngaxeshanye, ngalinye lifuna ukutshekishwa kwerekhodi ye-CAA. Undoqo wempazamo kukuba ngexesha lokujonga kwakhona, endaweni yokuqinisekisa yonke imimandla, isizinda esinye kuphela kuluhlu saphinda sajongwa kwakhona (ukuba isicelo sasinemimandla ye-N, endaweni yokutshekishwa kwe-N eyahlukileyo, i-domain enye ihlolwe N. amaxesha). Kwimimandla eseleyo, isheke sesibini asizange senziwe kwaye idatha evela kwitshekhi yokuqala isetyenziswe xa kusenziwa isigqibo (oko kukuthi, idatha eyayifikelela kwiintsuku ze-30 isetyenzisiwe). Ngenxa yoko, kwiintsuku ezingama-30 emva kokuqinisekiswa kokuqala, i-Let Encrypt inokukhupha isatifikethi, nokuba ixabiso lerekhodi le-CAA litshintshile kwaye i-Let Encrypt yasuswa kuluhlu lwamagunya amkelekileyo.
Abasebenzisi abachaphazelekayo bayaziswa nge-imeyile ukuba iinkcukacha zoqhagamshelwano ziye zazaliswa xa befumana isatifikethi. Ungajonga izatifikethi zakho ngokukhuphela iinombolo zesiriyali zezatifikethi ezirhoxisiweyo okanye ukusetyenziswa (ifumaneka kwidilesi ye-IP, kwiRussian Federation nguRoskomnadzor). Ungafumana inombolo yothotho yesatifikethi sendawo yomdla usebenzisa lo myalelo:
openssl s_client -dibanisa umzekelo.com:443 -showcerts /dev/null \
| openssl x509 -umbhalo -noout | grep -A 1 Uthotho\ Inani | tr -d :
umthombo: opennet.ru