V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX  ›  stevenhawking  ›  全部回复第 1 页 / 共 17 页
回复总数  332
1  2  3  4  5  6  7  8  9  10 ... 17  
2022-10-16 03:41:45 +08:00
回复了 aliyun007 创建的主题 SSL 阿里云免费证书认领办法(收费证书找我有优惠)
找我也便宜。 联系 Tg: @quantumca
2022-10-05 23:09:02 +08:00
回复了 xinge666 创建的主题 SSL 免费的半年 IPv4 / IPv6 和通配符域名 acme SSL 证书 HiCA
@vipwuping 已经解决了,EAB 应该可用了
2022-08-08 02:33:35 +08:00
回复了 xinge666 创建的主题 SSL 免费的半年 IPv4 / IPv6 和通配符域名 acme SSL 证书 HiCA
@liuxyon 做一个国家的生意就要遵守一个国家的法律。如果不想做,你大可以润
2022-07-29 21:25:27 +08:00
回复了 xinge666 创建的主题 SSL 免费的半年 IPv4 / IPv6 和通配符域名 acme SSL 证书 HiCA
修复个楼上的链接:
- 违规被浏览器列入黑名单的 CA 、SSL 证书 https://blog.myssl.com/ca-blacklist/
2022-07-29 21:24:58 +08:00
回复了 xinge666 创建的主题 SSL 免费的半年 IPv4 / IPv6 和通配符域名 acme SSL 证书 HiCA
@Cassius 这是中国局部的特殊情况,标准和合规不能随便因为局部就乱改的。否则亚洲诚信总结的 《违规被浏览器列入黑名单的 CA 、SSL 证书》( https://blog.myssl.com/ca-blacklist/)就是下场
2022-07-26 13:54:50 +08:00
回复了 xinge666 创建的主题 SSL 免费的半年 IPv4 / IPv6 和通配符域名 acme SSL 证书 HiCA
@Cassius

根据 CA / B Forum 的 《 Baseline Requirements Documents (SSL/TLS Server Certificates): https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.8.4.pdf 》之定义:

1.6.1 Definitions:
Authorized Ports: One of the following ports: 80 ( http), 443 ( https), 25 (smtp), 22 (ssh).

3.2.2.4.18 Agreed‑Upon Change to Website v2
Confirming the Applicant’s control over a FQDN by validating domain control of the FQDN using the ACME HTTP Challenge method defined in Section 8.3 of RFC 8555. The following are additive requirements to RFC 8555. The CA MUST receive a successful HTTP response from the request (meaning a 2xx HTTP status code must be received). The token (as defined in RFC 8555, Section 8.3) MUST NOT be used for more than 30 days from its creation. The CPS MAY specify a shorter validity period for Random Values, in which case the CA MUST follow its CPS.
If the CA follows redirects, the following apply:
1. Redirects MUST be initiated at the HTTP protocol layer.
a. For validations performed on or after July 1, 2021, redirects MUST be the result of a 301, 302, or 307 HTTP status code response, as defined in RFC 7231, Section 6.4, or a 308 HTTP status code response, as defined in RFC 7538, Section 3. Redirects MUST be to the final value of the Location HTTP response header, as defined in RFC 7231, Section 7.1.2.
b. For validations performed prior to July 1, 2021, redirects MUST be the result
of an HTTP status code result within the 3xx Redirection class of status codes, as defined in RFC 7231, Section 6.4. CAs SHOULD limit the accepted status codes and resource URLs to those defined within 1.a.
2. Redirects MUST be to resource URLs with either the “http” or “https” scheme.
3. Redirects MUST be to resource URLs accessed via Authorized Ports.
Note: * For Certificates issued prior to 2021‐12‐01, the CA MAY also issue Certificates for other FQDNs that end with all the labels of the validated FQDN. This method is suitable for validating Wildcard Domain Names. * For Certificates issued on or after 2021‐12‐01, the CA MUST NOT issue Certificates for other FQDNs that end with all the labels of the
validated FQDN unless the CA performs a separate validation for that FQDN using an authorized method. This method is NOT suitable for validating Wildcard Domain Names.

3.2.2.4.19 Agreed‑Upon Change to Website ‑ ACME
Confirming the Applicant’s control over a FQDN by validating domain control of the FQDN using the ACME HTTP Challenge method defined in Section 8.3 of RFC 8555. The following are additive requirements to RFC 8555.
The CA MUST receive a successful HTTP response from the request (meaning a 2xx HTTP status code must be received).
The token (as defined in RFC 8555, Section 8.3) MUST NOT be used for more than 30 days from its creation. The CPS MAY specify a shorter validity period for Random Values, in which case the CA MUST follow its CPS.
If the CA follows redirects, the following apply:
1. Redirects MUST be initiated at the HTTP protocol layer.
a. For validations performed on or after July 1, 2021, redirects MUST be the result of a 301, 302, or 307 HTTP status code response, as defined in RFC 7231, Section 6.4, or a 308 HTTP status code response, as defined in RFC 7538,
Section 3. Redirects MUST be to the final value of the Location HTTP response header, as defined in RFC 7231, Section 7.1.2.
b. For validations performed prior to July 1, 2021, redirects MUST be the result of an HTTP status code result within the 3xx Redirection class of status codes, as defined in RFC 7231, Section 6.4. CAs SHOULD limit the accepted status codes and resource URLs to those defined within 1.a.
2. Redirects MUST be to resource URLs with either the “http” or “https” scheme.
3. Redirects MUST be to resource URLs accessed via Authorized Ports.
Note: * For Certificates issued prior to 2021‐12‐01, the CA MAY also issue Certificates for other FQDNs that end with all the labels of the validated FQDN. This method is suitable for validating Wildcard Domain Names. * For Certificates issued on or after 2021‐12‐01, the CA MUST NOT issue Certificates for other FQDNs that end with all the labels of the validated FQDN unless the CA performs a separate validation for that FQDN using an authorized method. This method is NOT suitable for validating Wildcard Domain Names.

可以看到,HTTP 验证只能使用 80 端口。部分 CA 可以用 HTTPS ( 443 端口)、SMTP ( 25 端口)、SSH ( 22 端口,目前无 CA 支持)验证。

所以,IP 证书必须 80 端口验证,是他们做错了吗?
2022-07-26 01:24:21 +08:00
回复了 xinge666 创建的主题 SSL 免费的半年 IPv4 / IPv6 和通配符域名 acme SSL 证书 HiCA
@ZeroClover TrustOcean 没有提供国内 OCSP 。而且经过测试,这个 HiCA 写了提供国内 OCSP ,但其实签发出来的没有提供。

所以应该是有条件提供的。
2022-07-24 23:10:55 +08:00
回复了 xinge666 创建的主题 SSL 免费的半年 IPv4 / IPv6 和通配符域名 acme SSL 证书 HiCA
@1423 每款客户端都有细微差异的,这家服务器应该是自己写的,没有用标准的 Boulder 来搭建,所以没有适配其他 ACME 客户端。
2022-07-24 19:46:39 +08:00
回复了 qiandongdong 创建的主题 SSL 中级 CA 门槛
我们提供低预算的贴牌方案。

### 效果
![MacOS X.png]( https://s3.pki.plus/file/aJG0Re/z5MuaEDz6i8arwPJM6Sg26GUKBl1UAoyo0FAS3R3.png)
![Windows.png]( https://s3.pki.plus/file/aJG0Re/BhVdT8nz0P1Htd1dh9ilzc0Qwb1srZgppfcx7pWA.png)

### 演示
[https://www.quantumca.com.cn]( https://www.quantumca.com.cn)

### 联系方式
![Wechat.jpg]( https://s3.pki.plus/file/aJG0Re/JTYwdDjHDtmatTiWG2GjvfeZeZNw1Gs8y083NOe2.jpg)
2022-07-24 19:41:35 +08:00
回复了 xinge666 创建的主题 SSL 免费的半年 IPv4 / IPv6 和通配符域名 acme SSL 证书 HiCA
@Zerek 试过了,`https://acme.hi.cn/directory` 不支持手动
2022-07-24 19:40:57 +08:00
回复了 xinge666 创建的主题 SSL 免费的半年 IPv4 / IPv6 和通配符域名 acme SSL 证书 HiCA
@1423 他们屏蔽了除 `acme.sh` 之外的客户端,包括 Caddy
2022-06-01 23:52:17 +08:00
回复了 estk 创建的主题 程序员 Cloudflare Pages 挺良心
@YUyu101 间歇性不稳定,CFPages 我们早就不玩了
2022-04-24 06:56:56 +08:00
回复了 stevenhawking 创建的主题 程序员 公布一个很 2 的 IDC: qingcloud (青云)
首先不法与否不重要。人家国外人提供的公益 noip 服务,肯定不会在中国备案。青云那边的人直接说不法,我就笑了。
不懂技术没事,但是失去了友好的态度,就很难跟他们沟通。
2022-04-19 21:59:04 +08:00
回复了 stevenhawking 创建的主题 程序员 公布一个很 2 的 IDC: qingcloud (青云)
@wuxiao2522 购买未备案域名了拦截系统,我前同事创业公司福州趣云有售 http://www.quyun.com/qdog.html ,1 年 5 位数预算肯定够的
2022-04-19 21:57:16 +08:00
回复了 stevenhawking 创建的主题 程序员 公布一个很 2 的 IDC: qingcloud (青云)
@Showfom 利润很大,我们最近在搞 ACME ,来来来聊下聊下老板😊
2022-04-19 21:12:38 +08:00
回复了 stevenhawking 创建的主题 程序员 公布一个很 2 的 IDC: qingcloud (青云)
@Showfom

哎,用户本身就不应该关心这个 `恶意指向` 。
老板,来,我们聊聊可否搞点 SSL 的事情。
2022-04-19 10:04:06 +08:00
回复了 stevenhawking 创建的主题 程序员 公布一个很 2 的 IDC: qingcloud (青云)
@defunct9 谁说的?腾讯云阿里云谁家不是未备案域名直接拦截的?
2022-04-18 23:50:53 +08:00
回复了 stevenhawking 创建的主题 程序员 公布一个很 2 的 IDC: qingcloud (青云)
@sebastianwade 问题是域名太多,你怎么 ban ? 有 nip, 有 noip ,也许还有 noip2 ,ipv4.noip ,ipv6.noip
所有都要搞吗?

IDC 本来就有成熟的在机房拦截未备案域名配置 80 、443 的方案,
既然做了 IDC , 就不要抠门嗖嗖的,这点钱都不舍得。
1  2  3  4  5  6  7  8  9  10 ... 17  
关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5847 人在线   最高记录 6679   ·     Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 · 28ms · UTC 02:33 · PVG 10:33 · LAX 18:33 · JFK 21:33
Developed with CodeLauncher
♥ Do have faith in what you're doing.