Ngomhla zingama-27 kuFebhuwari, 2020 mahhala Igunya lesitifiketi elithi Masibethele .
Enkulumweni yabezindaba yomgubho, abamele iphrojekthi bakhumbula ukuthi kwagujwa iminyaka edlule yezitifiketi ezikhishwe izigidi eziyi-100. . Ngaleso sikhathi, ingxenye yethrafikhi ye-HTTPS ku-inthanethi yayingama-58% (e-USA - 64%). Eminyakeni emibili nengxenye, amanani akhule kakhulu: βNamuhla, amakhasi angama-81% alayishwe emhlabeni wonke asebenzisa i-HTTPS, kanti e-United States siku-91%! - abafana abavela kuphrojekthi bajabule. - Impumelelo emangalisayo. Leli izinga eliphezulu kakhulu lobumfihlo nokuvikeleka kwawo wonke umuntu.β
I-Let Encrypt idlale indima ebaluleke kakhulu ekwenzeni izitifiketi ze-HTTPS zibe yizinga elisebenzayo kanye nokubethela okuqinile kwethrafikhi okujwayelekile ku-inthanethi.
Ukuhlolwa kwe-Beta kwesiphathimandla sesitifiketi se-Let's Encrypt kwaqala ngoDisemba 2015. Isici esiyingqayizivele sesikhungo esisha ukuthi inqubo yokukhishwa kwezitifiketi ekuqaleni yayizisebenzela ngokugcwele.
Ukucushwa okuzenzakalelayo kwe-HTTPS kuseva kwenzeka ngezigaba ezimbili. Esigabeni sokuqala, i-ejenti yazisa iziphathimandla zesitifiketi mayelana namalungelo omphathi weseva egameni lesizinda. Isibonelo, ukuqinisekiswa kungase kuhlanganise ukudala isizinda esithile esingaphansi kwesinye noma ukufaka insiza ye-HTTP nge-URI ethile ngaphakathi kwesizinda.
Masibhale Ngemfihlo ikhomba iseva yewebhu esebenzisa i-ejenti isebenzisa ukhiye wayo osesidlangalaleni. Okhiye basesidlangalaleni nabayimfihlo bakhiqizwa i-ejenti ngaphambi koxhumo lokuqala kusiphathimandla sokunikeza izitifiketi. Ngesikhathi sokuqinisekisa okuzenzakalelayo, i-ejenti yenza izivivinyo eziningi: isibonelo, isayina iphasiwedi yesikhathi esisodwa etholiwe ngokhiye osesidlangalaleni futhi ithule insiza ye-HTTP ene-URI ethile. Uma isiginesha yedijithali ilungile futhi zonke izivivinyo ziphasisiwe, umenzeli unikezwa amalungelo okuphatha izitifiketi zesizinda.
Esigabeni sesibili, i-ejenti ingacela, ivuselele, futhi ihoxise izitifiketi. Ukuze ukhiphe isitifiketi ngokuzenzakalelayo, iphrothokholi yokuqinisekisa yekilasi lokuphendula inselele ebizwa ngokuthi I-Automated Certificate Management Environment (ACME) iyasetshenziswa. Konke ukukhohlisa ngesitifiketi kwenziwa ngaphandle kokumisa iseva yewebhu kusetshenziswa iklayenti le-ACME . Kulula ukuyisebenzisa, isebenza kumasistimu amaningi wokusebenza, futhi ibhalwe kahle. Kukhona imodi yochwepheshe enesethi enwetshiwe yezilungiselelo. Ngaphezu kweCertbot, kukhona .
Indima ebalulekile ye-Let Encrypt
I-Let Encrypt iguqule imakethe phambilini eyayibuswa ama-CA okuhweba. Manje sebecishe baphuma ebhizinisini lokukhipha izitifiketi ze-DV (izitifiketi Zokuqinisekiswa Kwesizinda), nakuba beqhubeka nokuthengisa izitifiketi Zokuqinisekiswa Kwenhlangano (OV) kanye Nokuqinisekisa Okunwetshiwe (EV), ezingakhiphi I-Let's Encrypt. ngoba azikwazi ukuzenzela. Kodwa-ke, lokhu kungumkhiqizo we-niche, futhi izitifiketi ze-Let Encrypt zamahhala zibusa kakhulu emakethe enkulu.
I-Let Encrypt yenze izinga lokukhishwa kabusha kwesitifiketi okuzenzakalelayo. Ngaphandle kokuphila kwazo okufushane (izinsuku ezingu-90), inqubo ezenzakalelayo isusa βisici somuntuβ esimelela ngokwejwayelekile ukuba sengozini okuyinhloko kwezokuvikela. Abaphathi bezizinda bavame ukukhohlwa ukuvuselela izitifiketi, okubangela ukuthi izinsiza zehluleke. Isigameko sakamuva esinjalo senzeke nge-Microsoft Teams. Ngomhla zi-3 kuFebhuwari, 2020, le nsizakalo yokusebenzisana ayizange ixhumeke ku-inthanethi .
Ukushintshwa okuzenzakalelayo kwezitifiketi kusetshenziswa iphrothokholi ye-ACME kuqeda ukuba nokwenzeka kwezigameko ezinjalo.
Nakuba iphrojekthi ethi Let's Encrypt inika amandla ingxenye ye-inthanethi, emhlabeni jikelele iyinhlangano encane engenzi nzuzo: βKule minyaka emibili nengxenye, inhlangano yethu ikhulile, kodwa kancane! - bayabhala. βNgoJuni 2017, sisebenzele amawebhusayithi acishe abe izigidi ezingu-46 anabasebenzi besikhathi esigcwele abangu-11 kanye nesabelomali sonyaka sezigidi ezingu-2,61 zamaRandi. kusho ukuthi sisebenza ngokuphindwe izikhathi ezine kunezingosi eziningi ezinabasebenzi ababili abengeziwe kanye nokwenyuka kwesabelomali ngamaphesenti angama-192.β
Iphrojekthi isekelwa nge ΠΈ .
Njengamanje, i-HTTPS isiphenduke indinganiso ye-de facto ku-inthanethi. Kusukela ngonyaka odlule, iziphequluli ezinkulu bezilokhu zixwayisa abasebenzisi mayelana nezingozi zokuxhuma kumasayithi angabetheli ithrafikhi nge-HTTPS. I-Let Encrypt inesibopho esikhulu salolu shintsho esimweni sokuphepha.
Phezu kwakho konke okunye, i-Let Encrypt ingokoqobo . I-Jabber manje isebenza ngokubethela okuqinile kuwo womabili amazinga eseva yeklayenti kanye neseva, futhi izitifiketi eziningi zikhishwe i-Let Encrypt.
"Njengomphakathi, senze izinto ezimangalisayo ukuvikela abantu ku-inthanethi," kusho yena. . βUkukhishwa kwezitifiketi eziyizigidi eziyinkulungwane kuwubufakazi bayo yonke inqubekelaphambili esesiyenzile njengomphakathi.β
Source: www.habr.com