Nhasi tora SSL chitupa Yako webhusaiti zviri nyore kwazvoPamusoro peizvozvo mitengo yeiyi yakadzikira zvakanyanya zvichienzaniswa neanenge makore 4-5 apfuura apo hofori yekutsvaga "Google" yakatanga kupa chinzvimbo chiri nani kune "https" mawebhusaiti.
Panguva iyoyo, kuwana SSL chitupa pamutengo unodhura zvainge zvakaoma chaizvo, asi nhasi inogona kutowanikwa mahara nerubatsiro rweRega Encrypt.
Ngatitorei Encrypt inzvimbo isingabatsiri chitupa iyo inopa zvitupa zvemahara kune vese. Uye zvino yazivisa kuunzwa kwechirongwa chitsva chemvumo zvitupa zvemasimba.
Kuwanika kune server iyo inogadzira dhairekitori «/.well-known/acme-challenge/» inoshandiswa mu scan iyi ikozvino ichaitwa pachishandiswa zvikumbiro zvakawanda zveHTTP zvinotumirwa kubva kumakero mana akasiyana eIP ari munzvimbo dzakasiyana dzedata uye anowanikwa nehurongwa hwakazvimiririra hwakasiyana. Kuongorora kunofungidzirwa kubudirira chete kana zvingangoita zvisere kubva muzvina zvikumbiro kubva kune akasiyana maIP akabudirira.
Kuongorora kubva kune akawanda subnets iwe unoderedza njodzi dzekuwana zvitupa zvemamwe matunhu nekuitisa zvakanangwa zvinodzosera traffic kuburikidza neakashata nzira yekutsiva uchishandisa BGP.
Paunenge uchishandisa yakawanda-chinzvimbo sisitimu yekuongorora, anorwisa anozoda panguva imwe chete kuwana nzira yekudzokororazve kune akawanda akazvimiririra ekupa masisitimu masisitimu ane akasiyana uplinks, zvinova zvakanyanya kuomarara pane kuendesa imwe nzira.
Mushure meFebruary 19, tichaita zvikumbiro zvina zvakakwana (1 kubva kunzvimbo yepamberi yedata uye matatu kubva kunzvimbo dziri kure dhata). Chikumbiro chikuru uye zvingangoita zviviri zvezvikumbiro zvitatu zviri kure zvinofanirwa kugashira chaiyo yekupindura mhinduro kudunhu kuti rionekwe serechokwadi.
Mune ramangwana isu ticharamba tichiongorora kuwedzera mamwe maratidziro enetiweki uye inogona kuchinja iyo nhamba uye chikumbaridzo chinodiwa.
Uyewo, kutumira zvikumbiro kubva kune akasiyana maIP zvichawedzera kuvimbika kweyechokwadi kana mumwe munhu Regai Tinyorwe mauto apinda mumablog mazita (semuenzaniso muRussia imwe IP letsencrypt.org yakawira pasi peRoskomnadzor ichivharira).
Kusvikira June 1, pachave nenguva yekuchinja izvo zvinobvumidza zvitifiketi kugadzirwa pakubudirira kunoitwa kubva kune yekutanga data centre kana iyo inomiririra isingawanikwe kubva kune mamwe ma subnets (semuenzaniso, izvi zvinogona kuitika kana iyo inomiririra maneja pane firewall akatendera zvikumbiro kubva kune yekutanga data nzvimbo chete Ngatinyorwei kana nekuda kwe kutyorwa kwenzvimbo kuwiriranisa muDNS).
Zvinoenderana nezvakanyorwa, whitelist ichagadzirirwa madomeni ane dambudziko rekuongorora kubva kune matatu ekuwedzera madhata. Maseru chete ane ruzivo rwevachena. Kana dura racho risiri pane rakachengeterwa, chikumbiro chezvivakwa chinogona zvakare kutumirwa kuburikidza neakasarudzika fomu.
Nhasi Lets Encrypt yakaburitsa zvitupa mamirioni zana nemakumi matatu nematatu zvakafukidza madhora mazana emamirioni zana (zana nemamiriyoni zana nemakumi mashanu eminda yakafukidzwa gore rapfuura uye mamirioni makumi matanhatu nemapfumbamwe akafukidzwa makore maviri apfuura
Zvinoenderana nenhamba kubva kuFirefox's telemetry sevhisi, yepasirose muzana yezvikumbiro zvepeji pamusoro peHTTPS ndeye 81% (77% gore rapfuura, 69% makore maviri apfuura) uye 91% muUnited States.
Uyewo, Apple chinangwa chekumira kuvimba zvitupa nehusherufu hupenyu hwemazuva anodarika mazana matatu nemakumi masere nemasere zvinogona kuonekwa (13 mwedzi) muSafari browser.
Zvakanaka ikozvino waronga kuunza iyo inorambidzwa chete kune zvitupa zvakapihwa kubva munaGunyana 1, 2020. Kune zvitupa zvine nguva yakareba yekutenderwa yakagamuchirwa pamberi paGunyana 1, trust ichachengetedzwa, asi ichaganhurirwa kumazuva 825 (makore 2.2).
Iko shanduko inogona kukanganisa bhizinesi revatambi vane masimba vanotengesa zvitupa zvakachipa zvine hurefu hwakavimbika unosvika makore mashanu.
Sekureva kwaApple, chizvarwa chezvitupa zvakadaro chinowedzera dzimwe njodzi dzekuchengetedza, Inokanganisa mashandiro ekuitwa kweiyo itsva cryptographic zviyero uye inobvumira vanorwisa kuti vatarise traffic yevakabatwa kwenguva yakareba kana kuishandisa iyo spoofing kana kukangwara kwakadonhedza chitupa semhedzisiro yekubiridzira.