Namuhla thola isitifiketi se-SSL yewebhusayithi yakho ilula ngokwedluleleNgaphezu kwalokho izindleko zalokhu zehle kakhulu uma kuqhathaniswa neminyaka eyi-4-5 edlule lapho i-giant Google "i-Google" iqala ukunikeza isikhundla esingcono kumawebhusayithi we "https".
Ngaleso sikhathi, ukuthola isitifiketi se-SSL ngentengo engabizi kwakunzima impela, kepha namuhla ingatholwa mahhala nangosizo lwe-Encrypt.
Masibethele siyisikhungo sokungenzi nzuzo enikeza izitifiketi mahhala kubo bonke. Futhi manje umemezele ukwethulwa kohlelo olusha lokugunyazwa izitifiketi zezizinda.
Ukufinyelela kuseva ebamba umkhombandlela «/.well-known/acme-challenge/» esetshenziswe kuskena manje izokwenziwa kusetshenziswa izicelo eziningi ze-HTTP ezithunyelwa zivela kumakheli e-IP e-4 ahlukene atholakala kuzikhungo ezahlukahlukene zedatha futhi aphethwe yizinhlelo ezahlukahlukene ezizimele. Ukuqinisekiswa kuthathwa njengokuphumelela kuphela uma okungenani izicelo ezi-3 kwezingu-4 ezivela kuma-IPs ahlukene ziphumelele.
Iskena kusuka kuma-subnet amaningi uzonciphisa ubungozi bokuthola izitifiketi zezizinda zangaphandle ngokwenza ukuhlasela okuqondisiwe okuqondisa kabusha ithrafikhi ngokufaka endaweni yomgwaqo onamandla usebenzisa i-BGP.
Lapho usebenzisa uhlelo lokuqinisekisa lwezikhundla eziningi, umhlaseli uzodinga ngasikhathi sinye ukufeza ukuqondiswa kabusha komzila wezinhlelo eziningi zokuzimela zabahlinzeki ezinama-uplink ahlukile, okuyinkimbinkimbi kakhulu kunokuqondisa kabusha umzila owodwa.
Ngemuva kukaFebhuwari 19, sizokwenza izicelo ezine zokuqinisekisa (1 kusuka esikhungweni sedatha eyinhloko kanye nezingu-3 kusuka ezikhungweni zedatha ekude). Isicelo esikhulu kanye okungenani nezicelo ezi-2 ezikude ezi-3 kumele zithole inani elifanele lenselelo yokuphendula inselelo yokuthi isizinda sizothathwa njengesinegunya.
Ngokuzayo sizoqhubeka nokuhlola ukungeza imininingwane eminingi yenethiwekhi futhi singashintsha inombolo nomngcele odingekayo.
Futhi, ukuthumela izicelo ezivela kuma-IPs ahlukene kuzokhulisa ukuthembeka kokuqinisekisa uma kwenzeka ukusingathwa kwe-Let One Encrypt kungena kuhlu lwamabhulokhi (isb. eRussia amanye ama-IP letsencrypt.org awela ngaphansi kokuvinjelwa kweRoskomnadzor).
Kuze kube ngoJuni 1, kuzoba nesikhathi soguquko okuzovumela ukuthi kukhiqizwe izitifiketi ekuqinisekisweni okuyimpumelelo okuvela esikhungweni sedatha eyinhloko lapho umphathi engatholakali kwamanye ama-subnet (ngokwesibonelo, lokhu kungenzeka uma umphathi womsingathi ku-firewall evumela izicelo ezivela esikhungweni sedatha eyinhloko kuphela Masibethele noma ngenxa yokwephula ukuvumelanisa kwendawo ku-DNS).
Ngokwamarekhodi, umhlophe uzolungiselelwa izizinda ezinenkinga yokuqinisekisa kusuka kuzikhungo ezingeziwe ze-3. Izizinda kuphela ezinemininingwane yokuxhumana egunyaziwe. Uma isizinda singekho ohlwini lwabamhlophe, isicelo sezikhungo singathunyelwa nangefomu elikhethekile.
Namuhla i-Let Encrypt ikhiphe izitifiketi eziyizigidi eziyi-113 ezibandakanya izizinda ezingaba yizigidi eziyi-190 (izizinda eziyizigidi eziyi-150 zahlanganiswa onyakeni owedlule kwathi eziyizigidi ezingama-61 zahlanganiswa eminyakeni emibili eyedlule).
Ngokwezibalo ezivela kwinsizakalo ye-Firefox telemetry, amaphesenti omhlaba wezicelo zekhasi ngaphezulu kwe-HTTPS angama-81% (77% ngonyaka odlule, 69% eminyakeni emibili eyedlule) nama-91% ase-United States.
Futhi, Inhloso ka-Apple yokuyeka ukwethemba izitifiketi ngempilo eshalofini engaphezu kwezinsuku ezingama-398 ingabonakala (Izinyanga eziyi-13) kusiphequluli seSafari.
Manje uhlela ukwethula umkhawulo wezitifiketi ezikhishwe kusuka ngoSepthemba 1, 2020. Ngezitifiketi ezinesikhathi eside semvume ezitholwe ngaphambi kukaSepthemba 1, i-trust izogcinwa, kepha izokhawulelwa ezinsukwini ezingama-825 (iminyaka engu-2.2) .
Ushintsho lungalimaza kabi ibhizinisi leziphathimandla zezitifiketi ezithengisa izitifiketi ezishibhile ezinesikhathi eside sokusebenza esingafika eminyakeni emi-5.
Ngokusho kuka-Apple, ukwenziwa kwezitifiketi ezinjalo kubeka ezinye izingozi zokuphepha, iphazamisa ukusetshenziswa kokusebenza kwamazinga amasha we-cryptographic futhi ivumela abahlaseli ukuqapha ithrafikhi yesisulu isikhathi eside noma ukusisebenzisela ukuphambanisa uma kwenzeka ukuvuza kwesitifiketi kungenxa yokugenca.