Let's Encrypt Is Revoking Three Millions Certificates On March 4

栏目: IT技术 · 发布时间: 4年前

内容简介:Non-profit certificate authority Let's Encrypt, which provides X.509 certificates for TLS encryption at no charge, has announced it willTheThree million certificates are just a small portion of the nearly 120M certificates currently served by Let's Encrypt

Non-profit certificate authority Let's Encrypt, which provides X.509 certificates for TLS encryption at no charge, has announced it will revoke customer certificates today due to a bug in their Boulder CA software .

The bug caused slightly more that 3 million certificates to bypass proper multi-domain validation under specific circumstances, with one third of them being duplicated certificates. To make a long story short, when you create an X.509 certificate, you go through two steps: validating your domain name, then issuing the required certificate for that domain. Issuing a certificate also requires making sure the CA is authorized to issue certificate for the given domain, which is accomplished by checking a CAA record. Let's Encrypt considers domain validations valid for up to 30 days, but according to current rules for CAA record validation , it needs to be checked again if you attempt to issue a certificate 8 hours past the initial validation. At this point is where the bug strikes:

When a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt.

Three million certificates are just a small portion of the nearly 120M certificates currently served by Let's Encrypt. Still, this will be a major nuisance to many customers, who will need to renew their certificates before revocation starts on 2020-03-04 3pm US EST if they want their systems to keep working as expected.

Let's Encrypt set up a test page for all customers to check the validity of their certificates , and whether they are affected by the bug, on a domain-by-domain basis. Or you could check out the full list of affected certificate serial numbers .

Let's Encrypt launched on April 12, 2016 and somehow transformed the Internet by making a costly and lengthy process, such as using HTTPS through an X.509 certificate, into a straightforward, free, widely available service. Recently, the organization announced it has issued one billion certificates overall since its foundation and it is estimated that Let's Encrypt doubled the Internet's percentage of secure websites .


以上所述就是小编给大家介绍的《Let's Encrypt Is Revoking Three Millions Certificates On March 4》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

B端产品经理必修课

B端产品经理必修课

李宽 / 电子工业出版社 / 2018-9 / 59

《B端产品经理必修课:从业务逻辑到产品构建全攻略》主要讲述了“单个产品管理流程”,以展示B 端产品经理的工作方法及B 端产品的设计方法。《B端产品经理必修课:从业务逻辑到产品构建全攻略》分为三个部分。第一部分主要讲述的是B 端产品经理的工作流程和定义(即单个产品管理流程),以及从事B 端产品经理的职业现状和规划,还包括设计B 端产品时需要了解的指导思想。第二部分是通过各个章节来讲述单个产品管理流程......一起来看看 《B端产品经理必修课》 这本书的介绍吧!

URL 编码/解码
URL 编码/解码

URL 编码/解码

HEX CMYK 转换工具
HEX CMYK 转换工具

HEX CMYK 互转工具

HSV CMYK 转换工具
HSV CMYK 转换工具

HSV CMYK互换工具