I-Let Encrypt isiphathimandla sesitifiketi esilawulwa umphakathi esingenzi nzuzo esihlinzeka ngezitifiketi zamahhala kuwo wonke umuntu. mayelana nokuhoxiswa okuzayo kwezitifiketi eziningi ze-TLS/SSL ezikhishwe ngaphambilini. Ezigidini ezingu-116 zezitifiketi ezivumelekile okwamanje ezithi Masibethele, ezingaphezudlwana kwezigidi ezi-3 (2.6%) zizohoxiswa, okuthi cishe isigidi esingu-1 ziyizimpinda eziboshelwe esizindeni esifanayo (iphutha elithinteka kakhulu izitifiketi ezibuyekezwa kaningi, okuyizitifiketi ezibuyekezwa njalo. kungani kunezimpinda eziningi kangaka). Ukubuyiselwa emuva kuhlelelwe uMashi 4 (isikhathi esiqondile asikakanqunywa, kodwa ukubuyiswa ngeke kwenzeke kuze kube yi-3 am MSK).
Isidingo sokubuyiswa kungenxa yokutholakala ngoFebhuwari 29 . Inkinga ibilokhu ivela kusukela ngoJulayi 25, 2019 futhi ithinta isistimu yokuhlola amarekhodi e-CAA ku-DNS. Irekhodi le-CAA (,Ukugunyazwa Kwesiphathimandla Sesitifiketi) kuvumela umnikazi wesizinda ukuthi achaze ngokusobala igunya lokunikeza izitifiketi lapho izitifiketi zingakhiqizwa khona isizinda esithile. Uma i-CA ingekho ohlwini lwamarekhodi e-CAA, kufanele ivimbele ukukhishwa kwezitifiketi zesizinda esinikeziwe futhi yazise umnikazi wesizinda mayelana nemizamo yokuyekethisa. Ezimweni eziningi, isitifiketi sicelwa ngokushesha ngemva kokuphasisa isheke le-CAA, kodwa umphumela wesheke uthathwa njengovumelekile ezinye izinsuku ezingu-30. Imithetho iphinde idinga ukuqinisekiswa kabusha ukuthi kwenziwe kungakapheli amahora angu-8 ngaphambi kokukhishwa kwesitifiketi esisha (okungukuthi, uma amahora angu-8 edlulile kusukela ekuhlolweni kokugcina lapho ucela isitifiketi esisha, ukuqinisekiswa kabusha kuyadingeka).
Iphutha lenzeka uma isicelo sesitifiketi sihlanganisa amagama ambalwa wesizinda ngesikhathi esisodwa, ngasinye esidinga isheke lerekhodi le-CAA. Ingqikithi yephutha iwukuthi ngesikhathi sokuhlolwa kabusha, esikhundleni sokuqinisekisa zonke izizinda, isizinda esisodwa kuphela ohlwini esiphinde sahlolwa (uma isicelo sinezizinda ezingu-N, esikhundleni sokuhlola okuhlukile kuka-N, isizinda esisodwa sahlolwa N. izikhathi). Ezizindeni ezisele, ukuhlola kwesibili akwenziwanga futhi idatha evela kusheke lokuqala yasetshenziswa lapho kwenziwa isinqumo (okungukuthi, idatha eyayifike ezinsukwini ezingu-30 ubudala isetshenzisiwe). Ngenxa yalokho, phakathi nezinsuku ezingu-30 ngemva kokuqinisekiswa kokuqala, i-Let Encrypt ingase ikhiphe isitifiketi ngisho noma inani lerekhodi le-CAA lishintshiwe futhi elithi Let's Encrypt lisusiwe ohlwini lwama-CA amukelekayo.
Abasebenzisi abathintekile baziswa nge-imeyili uma ulwazi lokuxhumana lugcwalisiwe ngesikhathi bethola isitifiketi. Ungahlola izitifiketi zakho ngokulanda izinombolo ze-serial zezitifiketi ezichithiwe noma ezisetshenziswayo (itholakala ekhelini le-IP, eRussia Federation nguRoskomnadzor). Ungathola inombolo ye-serial yesitifiketi sesizinda sentshisekelo usebenzisa umyalo:
openssl s_client -xhuma isibonelo.com:443 -showcerts /dev/null\
| openssl x509 -umbhalo -noout | grep -A 1 Inombolo\ Inombolo | tr -d :
Source: opennet.ru