IdenTrust 願意再幫 Let’s Encrypt 交叉簽三年 – Gea-Suan Lin's BLOG
source link: https://blog.gslin.org/archives/2020/12/23/9901/identrust-%e9%a1%98%e6%84%8f%e5%86%8d%e5%b9%ab-lets-encrypt-%e4%ba%a4%e5%8f%89%e7%b0%bd%e4%b8%89%e5%b9%b4/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
IdenTrust 願意再幫 Let's Encrypt 交叉簽三年
先前在「Let's Encrypt 在 Android 平台上遇到的問題」這邊提到了 IdenTrust 幫 Let's Encrypt 交叉簽名的有效日會在 2021 年的八月底左右到期,而這會導致比較舊的 Android 平台因為沒有內建 ISRG Root X1 這個憑證,造成 Let's Encrypt 簽出來的憑證在這些舊的 Android 裝置上都認不出來。
文章出來過了一個多月後,剛剛看到 Let's Encrypt 發佈消息,IdenTrust 願意再交叉簽名三年:「Extending Android Device Compatibility for Let's Encrypt Certificates」,當時猜測發文是要讓 IdenTrust 表態,看起來目的達成了...
話說中間跑出來的「ZeroSSL 也提供免費的 SSL Certificate (DV) 了」不知道後續會怎麼樣,之後可以看看 Certificate Transparency 的資料來看看到底有多少人用...
Related
Let's Encrypt 在 Android 平台上遇到的問題
同樣是「Standing on Our Own Two Feet」這篇文章,Let's Encrypt 預期明年九月後會在 Android 上遇到嚴重的相容性問題。 很舊的裝置主要是透過 IdenTrust 的 Root CA (DST Root CA X3) 對 Let's Encrypt 的 Intermediate CA (目前主要是 Let's Encrypt Authority X3) 簽名,從而建立憑證的信任鍊,而新的裝置除了 IdenTrust 的 CA 外,也信任了 Let's Encrypt 自家的 Root CA (ISRG Root X1):(出自「Chain of Trust」) 在 2016 年四月正式對外啟用時主要是靠 IdenTrust 的…
November 8, 2020
In "Computer"
Let's Encrypt 從七月開始將會改用自己的 Root 簽發憑證
Let's Encrypt 宣佈了以後的憑證的簽發計畫:「Transitioning to ISRG's Root」。 主要的改變是 2019/07/08 之後提供的 intermediate CA 會改變,從現在的 cross-sign 變成只有自己的 Root CA: On July 8, 2019, we will change the default intermediate certificate we provide via ACME. Most subscribers don’t need to do anything. Subscribers who support very old TLS/SSL clients may want to manually configure…
April 21, 2019
In "Computer"
Let's Encrypt 建立 Root Certificate 與 Intermediate Certificate
Let's Encrypt 的 Root Certificate 與 Intermediate Certificate 建出來了:「Let's Encrypt Root and Intermediate Certificates」。 Intermediate Certificate 除了會讓自己的 Root Certificate 簽名外,也會讓 IdenTrust 的 DST Root CA X3 簽 (目前各大瀏覽器與 SSL library 都有支援)。 目前是 RSA key,之後會生出 ECDSA key: All ISRG keys are currently RSA keys. We are planning to generate ECDSA keys…
June 6, 2015
In "Computer"
Author Gea-Suan LinPosted on December 23, 2020Categories Computer, Murmuring, Network, Privacy, Security, ServiceTags acme, android, authority, ca, certificate, cross, device, https, identrust, isrg, legacy, letsencrypt, root, security, sign, ssl, tls, x1, zerosslLeave a Reply Cancel reply
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Notify me of follow-up comments by email.
Notify me of new posts by email.
Post navigation
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK