{"id":2076,"date":"2023-07-27T17:22:13","date_gmt":"2023-07-27T09:22:13","guid":{"rendered":"https:\/\/www.zhidianwl.net\/zhidianwl\/?p=2076"},"modified":"2023-07-27T17:22:13","modified_gmt":"2023-07-27T09:22:13","slug":"%e7%94%b3%e8%af%b7ssl-%e6%8f%90%e7%a4%bacaa%e4%b8%8d%e5%ad%98%e5%9c%a8%e6%80%8e%e4%b9%88%e5%8a%9e%ef%bc%9f","status":"publish","type":"post","link":"https:\/\/www.zhidianwl.net\/zhidianwl\/2023\/07\/27\/%e7%94%b3%e8%af%b7ssl-%e6%8f%90%e7%a4%bacaa%e4%b8%8d%e5%ad%98%e5%9c%a8%e6%80%8e%e4%b9%88%e5%8a%9e%ef%bc%9f\/","title":{"rendered":"\u7533\u8bf7ssl \u63d0\u793acaa\u4e0d\u5b58\u5728\u600e\u4e48\u529e\uff1f"},"content":{"rendered":"

SSL\u8bc1\u4e66\u662f\u4e00\u79cd\u7528\u4e8e\u4fdd\u62a4\u7f51\u7ad9\u548c\u6570\u636e\u4f20\u8f93\u5b89\u5168\u7684\u6570\u5b57\u8bc1\u4e66\uff0c\u5728\u7f51\u7ad9\u5efa\u8bbe\u4e2d\u975e\u5e38\u91cd\u8981\u3002\u7136\u800c\uff0c\u5728\u7533\u8bf7SSL\u8bc1\u4e66\u65f6\uff0c\u53ef\u80fd\u4f1a\u9047\u5230\u4e00\u4e9b\u95ee\u9898\uff0c\u6bd4\u5982\u63d0\u793aCAA\u4e0d\u5b58\u5728\u7684\u9519\u8bef\u3002\u672c\u6587\u5c06\u8be6\u7ec6\u4ecb\u7ecdCAA\u8bb0\u5f55\u7684\u539f\u7406\u548c\u5982\u4f55\u89e3\u51b3CAA\u4e0d\u5b58\u5728\u7684\u95ee\u9898\u3002<\/p>\n

\u4e00\u3001\u4ec0\u4e48\u662fCAA\u8bb0\u5f55\uff1f<\/p>\n

CAA\u8bb0\u5f55\uff08Certification Authority Authorization\uff09\u662f\u4e00\u79cdDNS\u8bb0\u5f55\u7c7b\u578b\uff0c\u7528\u4e8e\u9650\u5236\u54ea\u4e9b\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff08CA\uff09\u53ef\u4ee5\u4e3a\u7279\u5b9a\u57df\u540d\u9881\u53d1SSL\u8bc1\u4e66\u3002\u5b83\u53ef\u4ee5\u786e\u4fdd\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u53ea\u80fd\u9881\u53d1\u7279\u5b9a\u7684SSL\u8bc1\u4e66\uff0c\u4ece\u800c\u63d0\u9ad8SSL\u8bc1\u4e66\u7684\u5b89\u5168\u6027\u3002<\/p>\n

\u4f8b\u5982\uff0c\u5982\u679c\u60a8\u60f3\u8981\u786e\u4fdd\u53ea\u6709Symantec\u548cGeoTrust\u53ef\u4ee5\u4e3a\u60a8\u7684\u57df\u540d\u9881\u53d1SSL\u8bc1\u4e66\uff0c\u60a8\u53ef\u4ee5\u5728DNS\u4e2d\u6dfb\u52a0CAA\u8bb0\u5f55\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n

example.com. CAA 0 issue “symantec.com”<\/p>\n

example.com. CAA 0 issue “geotrust.com”<\/p>\n

\u8fd9\u5c06\u9650\u5236\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u53ea\u80fd\u4e3a\u60a8\u7684\u57df\u540d\u9881\u53d1Symantec\u6216GeoTrust\u7684SSL\u8bc1\u4e66\u3002<\/p>\n

\u4e8c\u3001\u4e3a\u4ec0\u4e48\u4f1a\u63d0\u793aCAA\u4e0d\u5b58\u5728\uff1f<\/p>\n

\u5f53\u60a8\u5c1d\u8bd5\u7533\u8bf7SSL\u8bc1\u4e66\u65f6\uff0c\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4f1a\u68c0\u67e5\u60a8\u7684CAA\u8bb0\u5f55\uff0c\u4ee5\u786e\u4fdd\u5b83\u4eec\u6709\u6743\u9881\u53d1SSL\u8bc1\u4e66\u3002\u5982\u679c\u60a8\u6ca1\u6709\u4e3a\u60a8\u7684\u57df\u540d\u8bbe\u7f6eCAA\u8bb0\u5f55\uff0c\u6216\u8005\u8bbe\u7f6e\u7684CAA\u8bb0\u5f55\u4e0d\u5305\u542b\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff0c\u60a8\u5c06\u4f1a\u6536\u5230\u201cCAA\u4e0d\u5b58\u5728\u201d\u7684\u9519\u8bef\u63d0\u793a\u3002<\/p>\n

\u4e09\u3001\u5982\u4f55\u89e3\u51b3CAA\u4e0d\u5b58\u5728\u7684\u95ee\u9898\uff1f<\/p>\n

\u5982\u679c\u60a8\u6536\u5230\u201cCAA\u4e0d\u5b58\u5728\u201d\u7684\u9519\u8bef\u63d0\u793a\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u6b65\u9aa4\u89e3\u51b3\u95ee\u9898\uff1a<\/p>\n

1. \u68c0\u67e5\u60a8\u7684DNS\u8bbe\u7f6e<\/p>\n

\u672a\u5907\u6848\u57df\u540d\u514d\u8d39\u7533\u8bf7ssl\u8bc1\u4e66<\/a>\u9996\u5148\uff0c\u60a8\u9700\u8981\u68c0\u67e5\u60a8\u7684DNS\u8bbe\u7f6e\uff0c\u786e\u4fdd\u60a8\u7684\u57df\u540d\u5df2\u6b63\u786e\u8bbe\u7f6eCAA\u8bb0\u5f55\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u5728\u7ebf\u5de5\u5177\uff08\u5982https:\/\/toolbox.googleapps.com\/apps\/dig\/#CAA\/\uff09\u6765\u68c0\u67e5\u60a8\u7684CAA\u8bb0\u5f55\u662f\u5426\u6b63\u786e\u3002<\/p>\n

2. \u66f4\u65b0\u60a8\u7684CAA\u8bb0\u5f55<\/p>\n

\u5982\u679c\u60a8\u7684CAA\u8bb0\u5f55\u4e0d\u6b63\u786e\uff0c\u60a8\u9700\u8981\u66f4\u65b0\u5b83\u4eec\u4ee5\u5305\u542b\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5411DNS\u6dfb\u52a0CAA\u8bb0\u5f55\uff1a<\/p>\n

$ORIGIN example.com.<\/p>\n

@ IN CAA 0 issue “letsencrypt.org”<\/p>\n

\u8fd9\u5c06\u5141\u8bb8Let’s Encrypt\u9881\u53d1\u8bc1\u4e66\u3002<\/p>\n

3. \u7b49\u5f85DNS\u66f4\u65b0<\/p>\n

\u4e00\u65e6\u60a8\u66f4\u65b0\u4e86CAA\u8bb0\u5f55\uff0c\u60a8\u9700\u8981\u7b49\u5f85DNS\u8bb0\u5f55\u66f4\u65b0\u3002\u8fd9\u53ef\u80fd\u9700\u8981\u51e0\u5206\u949f\u6216\u51e0\u4e2a\u5c0f\u65f6\u7684\u65f6\u95f4\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u60a8\u7684DNS\u8bbe\u7f6e\u3002<\/p>\n

4. \u91cd\u65b0\u7533\u8bf7SSL\u8bc1\u4e66<\/p>\n

\u4e00\u65e6\u60a8\u7684CAA\u8bb0\u5f55\u5df2\u66f4\u65b0\u5e76\u7b49\u5f85DNS\u8bb0\u5f55\u66f4\u65b0\u5b8c\u6bd5\uff0c\u60a8\u53ef\u4ee5\u91cd\u65b0\u7533\u8bf7SSL\u8bc1\u4e66\u3002\u8fd9\u6b21\uff0c\u60a8\u5e94\u8be5\u4e0d\u4f1a\u518d\u6536\u5230\u201cCAA\u4e0d\u5b58\u5728\u201d\u7684\u9519\u8bef\u63d0\u793a\u3002<\/p>\n

\u603b\u7ed3\uff1a<\/p>\n

CAA\u8bb0\u5f55\u662f\u4e00\u79cdDNS\u8bb0\u5f55\u7c7b\u578b\uff0c\u7528\u4e8e\u9650\u5236\u53ef\u4ee5\u4e3a\u7279\u5b9a\u57df\u540d\u9881\u53d1SSL\u8bc1\u4e66\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002\u5982\u679c\u60a8\u9047\u5230\u201cCA<\/p>\n

<\/figure>\n<\/p>\n

A\u4e0d\u5b58\u5728\u201d\u7684\u9519\u8bef\u63d0\u793a\uff0c\u60a8\u9700\u8981\u68c0\u67e5\u60a8\u7684DNS\u8bbe\u7f6e\uff0c\u5e76\u66f4\u65b0\u60a8\u7684CAA\u8bb0\u5f55\u4ee5\u5305\u542b\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002\u4e00\u65e6\u60a8\u66f4\u65b0\u4e86CAA\u8bb0\u5f55\u5e76\u7b49\u5f85DNS\u8bb0\u5f55\u66f4\u65b0\u5b8c\u6bd5\uff0c\u60a8\u53ef\u4ee5\u91cd\u65b0\u7533\u8bf7SSL\u8bc1\u4e66\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

SSL\u8bc1\u4e66\u662f\u4e00\u79cd\u7528\u4e8e\u4fdd\u62a4\u7f51\u7ad9\u548c\u6570\u636e\u4f20\u8f93\u5b89\u5168\u7684\u6570\u5b57\u8bc1\u4e66\uff0c\u5728\u7f51\u7ad9\u5efa\u8bbe\u4e2d\u975e\u5e38\u91cd\u8981\u3002\u7136\u800c\uff0c\u5728\u7533\u8bf7SSL\u8bc1\u4e66\u65f6\uff0c\u53ef\u80fd\u4f1a\u9047\u5230\u4e00\u4e9b\u95ee\u9898\uff0c\u6bd4\u5982\u63d0\u793aCAA\u4e0d\u5b58\u5728\u7684\u9519\u8bef\u3002\u672c\u6587\u5c06\u8be6\u7ec6\u4ecb\u7ecdCAA\u8bb0\u5f55\u7684\u539f\u7406\u548c\u5982\u4f55\u89e3\u51b3CAA\u4e0d<\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[4412,4414,241,4413,138],"topic":[],"class_list":{"0":"post-2076","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-sslzhengshu","7":"tag-https","8":"tag-4414","9":"tag-241","11":"tag-138"},"_links":{"self":[{"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/posts\/2076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/comments?post=2076"}],"version-history":[{"count":0,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/posts\/2076\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/media?parent=2076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/categories?post=2076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/tags?post=2076"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/topic?post=2076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}