ãã§ããããããããããã
ããžã¿ã«èšŒææž ãšã¯ïŒ
æçµæŽæ°:
ð¡ ããã®ãµã€ãã¯æ¬ç©ã§ãããšã墚ä»ããäžããé»åã®å°é
ð ãã®ããŒãžã®ãã€ã³ã
- èªèšŒå±ãšåŒã°ããä¿¡é Œã§ãã第äžè æ©é¢ãçºè¡ã»çœ²åãã
- HTTPSéä¿¡ã§ãµã€ãã®æ£åœæ§ã蚌æããå ¬ééµã®é åžææ®µã«ããªã
- æå¹æéããããæéåãã倱å¹ïŒCRL/OCSPïŒã«ã泚æãå¿ èŠ
- ãSSLèšŒææžããšåŒã°ããããšãå€ãã宿 ã¯TLSèšŒææž
ããžã¿ã«èšŒææžã£ãŠäœã®ããã«ããã®ïŒ
ãŠã§ããµã€ãããæ¬ç©ãã©ãããã蚌æããããã ããäŸãã°ããã®ãµã€ãã¯æ¬åœã«Amazonã§ãããšç¬¬äžè
ãä¿èšŒããŠãããä»çµã¿ã§ããªãããŸããµã€ããèŠåããããã®ä»æããªãã ã
誰ãä¿èšŒããŠãã®ïŒ
èªèšŒå±ïŒCAïŒCertificate AuthorityïŒãšããæ©é¢ã ãããã©ãŠã¶ãOSã«ã¯ä¿¡é Œã§ããCAã®ãªã¹ããæåããå
¥ã£ãŠããŠããã®CAã眲åããèšŒææžãªãä¿¡é Œã§ãããšã¿ãªããã ã
éµããŒã¯ãã€ããŠããµã€ãã¯å
šéšå®å
šãªã®ïŒ
ãéä¿¡ãæå·åãããŠãããã¯ä¿èšŒããããã©ãããµã€ããå®å
šããã¯å¥ã®è©±ãªãã ããã£ãã·ã³ã°ãµã€ãã§ãèšŒææžãååŸã§ãããããéµããŒã¯ã ãã§å®å
šãšã¯èšããªãããURLãšãµã€ãã®å
容ã確èªããããšã倧åã ãã
æå¹æéãåãããšã©ããªãã®ïŒ
ãã©ãŠã¶ãããã®èšŒææžã¯æéåãã§ãããšèŠåã衚瀺ããŠããŠãŒã¶ãŒãã¢ã¯ã»ã¹ãããããããã«ãªããã ãæ£èŠã®ãµã€ãã§ãæŽæ°ãå¿ãããšæ©äŒæå€±ã«ãªããç¡æã§èªåæŽæ°ã§ããLet's Encryptãæ®åããããšã§ãæŽæ°å¿ãã¯ä»¥åããæžã£ããã
èšŒææžã倱å¹ããã£ãŠãæå¹æéãåãããã®ãšã¯éãã®ïŒ
éãããæå¹æéã¯æåããæ±ºãŸã£ãæ¥ä»ã ãã©ã倱å¹ã¯ãæéåã«ç¡å¹åãããããšãç§å¯éµãæŒãããããšãããã¡ã€ã³ã®ææè
ãå€ãã£ããšããªã©ã«ãCAãèšŒææžã倱å¹ãããããã©ãŠã¶ã¯CRLïŒèšŒææžå€±å¹ãªã¹ãïŒãOCSPïŒãªã³ã©ã€ã³èšŒææžç¶æ
ãããã³ã«ïŒã§å€±å¹ç¢ºèªããããã ããã ããã®ç¢ºèªãå®å
šã«ã¯æ©èœããªãã±ãŒã¹ããããæ¥çå
šäœã®èª²é¡ãšããŠè°è«ãç¶ããŠãããã
ãŸãšãïŒãã£ããããã ãèŠããã°OKïŒ
ããžã¿ã«èšŒææžã£ãŠåºãŠãããã第äžè
æ©é¢ãå
¬ééµãšææè
ãä¿èšŒããé»åã®ã墚ä»ãææžããšæãã°ã ãããOKïŒ
ð ããŸãïŒè±èªã®æå³
ãDigital Certificateã ïŒ ããžã¿ã«ã®èšŒææž
ð¬ X.509ãšããèŠæ Œã§å®çŸ©ãããŠããããšãå€ãããCertificateïŒèšŒææžã»è³æ ŒïŒããèªæºã§ã身åèšŒææžã®ããžã¿ã«çãšèãããšåãããããã