Nabani na oye watyhubela ingxaki yokudala iwebhusayithi ekhuselekileyo uyazi ukuba kunzima kangakanani kwaye kuyacaphukisa ukufumana isatifikethi se-SSL. MasiFihlisele kuya kuzenzekela le nkqubo kwaye sivumele abalawuli bewebhu ukuba benze i-HTTPS isebenze ngokucofa okukodwa okanye umyalelo ovela kwi-terminal.
Xa i-Let Encrypt isungula inkonzo yayo ehlotyeni ngo-2015, ukunika amandla i-HTTPS kwiwebhusayithi kuya kuba lula njengokufaka iqhekeza elincinci lesoftware yolawulo lwesatifikethi kumncedisi:
sudo apt-fumana ukufaka i-lets-encrypt lets-encrypt mieb.com
Yiyo kuphela into ekhoyo ekwenzeni i-https kwi-mieb.com!
Masiguqulele isoftware yolawulo oluntsonkothileyo iya:
- zibonakalisa ngokuzenzekelayo ukuba Masifihle ukuba silawula iwebhusayithi ekuthethwa ngayo
- Fumana isatifikethi esithembekileyo se-SSL kwaye usifake kwiseva yethu yewebhu
- Gcina umkhondo wokuba iza kuphelelwa nini isatifikethi kwaye usihlaziye ngokuzenzekelayo
- Sincede sirhoxise isatifikethi ukuba sinokuthi sibe yimfuneko.
Akuyi kubakho zi-imeyile zokuqinisekisa, akukho lungelelwaniso olunzima, akukho ziqinisekiso eziphelelwe lixesha “ezaphula” iwebhusayithi. Kwaye, ngokungathi oku akwanelanga, Masibhale ngeFihlo siza kubonelela ngezatifikethi simahla, ngaphandle kokufuna intywenka yemali unyaka nonyaka.
Kutheni unikezela ngenkonzo efana nale simahla?
Ngaba ukhe wacinga ukuba ikhuselekile kangakanani i-Intanethi ukuba ukufaka kunye nokuqwalasela i-HTTPS bekulula? Ewe, inxalenye enkulu yaloo ngxaki ilele ekufumaneni izatifikethi ze-SSL ezithembekileyo, ezihlawulwa ngokubanzi kwaye kunokuba nzima kakhulu ukuzifakela ezo zintsha kumxholo.
Masi Fihla ligunya lesatifikethi sasimahla, esizenzekelayo, nesivulekileyo esidalwe liQela loPhando ngoKhuseleko lwe-Intanethi (ISRG).
Imigaqo ephambili emva kweLet Encrypting yile:
- free: Nabani na ongumnini wedomeyini unokufumana isatifikethi esiqinisekisiweyo salo mmandla ngexabiso elinguziro.
- Ngokuzenzekelayo: Inkqubo yobhaliso yazo zonke izatifikethi yenzeka lula ngexesha loqwalaselo lwemveli lomncedisi okanye inkqubo yofakelo, ngelixa uhlaziyo lwenzeka ngokuzenzekelayo ngasemva.
- Ngokuqinisekileyo: Masibethele siza kusebenza njengeqonga lokuphunyezwa kweendlela zokhuseleko zale mihla kunye nezona ndlela zisebenzayo.
- Ebekekileyo: Zonke iirekhodi zokukhutshwa kwesatifikethi kunye nokurhoxiswa ziya kufumaneka kuye nabani na onqwenela ukuziphonononga.
- Vula: Ukukhutshwa kunye neprotocol yokuhlaziya ngokuzenzekelayo iya kuba ngumgangatho ovulekileyo kwaye isoftware iya kuba ngumthombo ovulekileyo kangangoko kunokwenzeka.
- Intsebenziswano: Njengeeprothokholi ze-Intanethi ezisisiseko ngokwazo, iLet Encrypt yinzame edibeneyo yokunceda uluntu luphela, ngaphaya kolawulo lwawo nawuphi na umbutho omnye.
Sele benabaxhasi abafana neMozilla, Cisco kunye neElectronic Frontier Foundation (EFF). Nangona kunjalo, unako kwakhona ukujoyina.
Ukuba ufuna ukwazi ngakumbi malunga nendlela esebenza ngayo iSifihlo ngasemva kwezigcawu, ndicebisa ukuba ujonge icandelo lobugcisa kwindawo yeprojekthi esemthethweni. Ukuba ufuna ngokwenene ukuntywila kwiinkcukacha, ungafunda iprothocol epheleleyo kwi Github.
Isihloko sinomdla, kodwa okwangoku uxhulumaniso olukhuselekileyo luncinci. Kunjalo ke, kwaye ndiyathandabuza ukuba iya kutshintsha kakhulu. Oko akusithinteli ekwenzeni konke okusemandleni, kwaye eli lithuba.
Eyona nto ilungileyo iya kuba kukuba lonke uqhagamshelo lukhuseleke, kwaye ukuba akunjalo, okwangoku ayizukuba ngenxa yokunqongophala kweendlela...
Ukubulisa
Ziindaba ezimnandi ezo, nangona ndikhetha ukukhuphela kwaye ndifake isatifikethi ngesandla.
Apha eMexico izatifikethi ziqala kwi-40 ukuya kwi-100 yase-US ngokuxhomekeke kumboneleli, zifumane simahla \o/
Ndijonge phambili kwinkonzo ngalo lonke ithemba lam!
Okwangoku kuyenzeka ukufumana izatifikethi zasimahla: https://www.startssl.com/?app=0
kodwa...intle le projekthi, wamkelekile ukuba ube nenxaxheba koko sinako...
Ikhefu
Ndicinga ukuba akusiyo i-encryption ye-SSL kodwa enye ene-TLS, eyona ndlela iphantsi yomthetho i-Mozilla eya kuxhasa nge-34 ye-Firefox... I-SSL v3 iye yawa kwaye ithathwa njengefile [1], ngoko ke kubalulekile ukunika ukwazi oko.
Inyathelo eligqwesileyo kwicala leqela elahlukileyo (yenza ntoni iCisco apho?), masibone ukuba ngale ndlela sisondela kancinci kufihlo lwewebhu.
Ukubulisa
1: http://www.securitybydefault.com/2014/10/vulnerabilidad-critica-en-ssl-poodle.html
Ngaba ingasetyenziselwa iinkonzo ezingezizo ezewebhu njengeseva ye-SVN okanye izinto ezinjalo?
Ngumbuzo omhle lowo. Andazi...kodwa ndiyaqonda ukuba ewe. Kuya kufuneka silinde kude kube ngunyaka olandelayo… 🙂
Ngaba isebenza kuBuntu kuphela?
Ungayifaka njani ukuba uyayifuna kwi-CentOS?
Gracias
Hayi. Iza kusebenza kuyo nayiphi na inkqubo yokusebenza, njengoko ndiyiqonda. Kuyo nayiphi na imeko, kuya kufuneka silinde.