Namhlanje fumana isatifikethi se-SSL yewebhusayithi yakho ilula kakhuluUkongeza, iindleko zezi ziye zancipha kakhulu xa kuthelekiswa neminyaka emi-4-5 eyadlulayo xa ingxilimbela yokukhangela "uGoogle" yaqala ukunika isikhundla esingcono kwiiwebhusayithi ze "https".
Ngelo xesha, ukufumana isatifikethi se-SSL ngexabiso elifikelelekayo kwakunzima ngenene, kodwa namhlanje inokufumaneka simahla ngoncedo lwe-Encrypt.
Masibethele ngoku liziko elingena ngeniso ebonelela ngezatifikethi simahla kubo bonke. Kwaye ngoku ibhengeze ukwaziswa kwesikimu sokugunyazisa esitsha izatifikethi zemimandla.
Ukufikelela kwiseva ebamba isikhombisi «/.well-known/acme-challenge/» esetyenziswe kwiskena ngoku iya kwenziwa kusetyenziswa izicelo ezininzi ze-HTTP ezithunyelwe zivela kwiidilesi ezi-4 ezahlukeneyo ze-IP ezikumaziko eedatha ahlukeneyo kwaye ziphethwe ziinkqubo ezahlukeneyo ezizimeleyo. Ukuqinisekiswa kuthathwa njengempumelelo kuphela ukuba ubuncinci izicelo ezi-3 kwezi-4 ezivela kwii-IPs ezahlukeneyo ziphumelele.
Iskena kwi-subnets ezininzi uya kunciphisa umngcipheko wokufumana izatifikethi zemimandla yamanye amazwe ngokwenza uhlaselo ekujoliswe kulo oluhambisa ukugcwala kwabantu ngendlela engenabungozi endaweni yokusebenzisa iBGP.
Xa usebenzisa inkqubo yokuqinisekisa isikhundla esineendawo ezininzi, umhlaseli uyakudinga ukufezekisa ulungelelwaniso lwendlela ngaxeshanye kwiinkqubo ezininzi zabazimeleyo zokubonelela ngee-uplinks ezahlukeneyo, ekunzima ngakumbi kunokuqondisa indlela enye.
Emva koFebruwari 19, siza kwenza izicelo ezine zokuqinisekisa (1 kwiziko ledatha lokuqala kunye ne-3 kumaziko wedatha ekude). Esona sicelo siphambili kwaye ubuncinci isi-2 kwizicelo ezi-3 ezikude kufuneka zifumane ixabiso elifanelekileyo lokuphendula umngeni wedomeyini ukuba ithathelwe ingqalelo njengegunyazisiweyo.
Kwixesha elizayo siza kuqhubeka nokuvavanya ukongeza ukuqonda okuninzi kwenethiwekhi kwaye sinokutshintsha inani kunye nomyinge ofunekayo.
Kwakhona, ukuthumela izicelo kwii-IPs ezahlukeneyo kuya kwandisa ukuthembeka kokuqinisekiswa ukuba umntu ngamnye Masibethele ngokufihlakeleyo angene kuluhlu lweebhloko (umz. eRussia ezinye IP letsencrypt.org iwele phantsi kweRoskomnadzor blocking).
Kude kube ngoJuni 1, kuya kubakho ixesha lotshintsho Eziza kuvumela izatifikethi ukuba ziveliswe ekuqinisekisweni okuyimpumelelo kwiziko ledatha eliphambili xa inginginya ingafumaneki kwezinye iisethi zomnatha (umzekelo, oku kunokwenzeka xa umphathi womgcini kwi-firewall evumela izicelo kwiziko ledatha lokuqala kuphela Masibethele okanye ngenxa yokophulwa kongqamaniso lwendawo kwi-DNS).
Ngokweerekhodi, I-whitelist iya kulungiselelwa imimandla enengxaki yokuqinisekisa ukusuka kumaziko e-3 ongezelelweyo. Yimimandla kuphela eneenkcukacha zonxibelelwano ezimhlophe. Ukuba isizinda asikho kuluhlu olugunyazisiweyo, isicelo samancedo sinokungeniswa kwifom ekhethekileyo.
Namhlanje masibethelelwe sikhuphe izatifikethi eziyi-113 yezigidi ezibandakanya malunga ne-190 yezigidi zedomain (i-150 yezigidi zemimandla yagutyungelwa kunyaka ophelileyo kwaye i-61 yezigidi yagutyungelwa kwiminyaka emibini edlulileyo).
Ngokwezibalo ezivela kwinkonzo yefowuni yeFirefox, ipesenti yepesenti yezicelo zamaphepha ngaphezulu kwe-HTTPS yi-81% (i-77% kunyaka ophelileyo, i-69% kwiminyaka emibini edlulileyo) kunye ne-91% e-United States.
Kwakhona, Injongo ka-Apple yokuyeka ukuthembela kwizatifikethi ezinobomi obungaphezulu kweentsuku ezingama-398 (Iinyanga ezili-13) kwisikhangeli seSafari.
Kulungile ngoku uceba ukwazisa isithintelo kuphela kwizatifikethi ezikhutshwe ukusukela nge-1 kaSeptemba 2020. Kwizatifikethi ezinexesha elide lokuqinisekiswa okufunyenwe ngaphambi kuka-Septemba 1, ukuthembana kuya kugcinwa, kodwa kuya kuncitshiswa kwiintsuku ezingama-825 (iminyaka eyi-2.2) .
Utshintsho lunokuchaphazela kakubi ishishini labasemagunyeni abathengisa iziqinisekiso ezingabizi kakhulu ezinesithuba eside seminyaka emihlanu.
Ngokuka-Apple, ukuveliswa kwezi zatifikethi kubeka umngcipheko okhuselekileyo okhuseleko, iphazamisa ukuphunyezwa kokusebenza kwemigangatho emitsha ye-cryptographic kwaye ivumela abahlaseli ukuba babeke iliso kwitrafikhi yexhoba ixesha elide okanye bayisebenzisele ukuphamba kwimeko yokuvuza okungacacanga kwesatifikethi njengesiphumo sokugenca.