全球主机交流论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

CeraNetworks网络延迟测速工具IP归属甄别会员请立即修改密码
查看: 1736|回复: 34

关于百度自家SSL证书

[复制链接]
发表于 2020-5-21 12:56:29 | 显示全部楼层 |阅读模式
起因:
上个月看到 https://www.hostloc.com/thread-678592-1-1.html 说百度推出了自家的SSL证书( https://cloud.baidu.com/product/ssl.html ),看样子应该是中级证书(subCA),于是昨晚专程去 censys.io 翻了下各大根CA签中间证书颁发机构的记录,找到了百度的三张subCA

Baidu, Inc. EV CA
Basic Information
        Subject DN
                C=CN, O=Baidu, Inc., CN=Baidu, Inc. EV CA
        Issuer DN
                C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
        Serial
                Decimal: 57533546455300744502657975942678358579
                Hex: 0x2b488ed898cbbe708fa15bb30130aa33
        Validity
                2020-04-01 00:00:00 to 2030-04-01 23:59:59 (3652 days, 23:59:59)
Fingerprint
        SHA-256
                c30bc9667e273937833c396ad85ee325de633f4fccc51483417a9c8a4e33b39d
        SHA-1
                c23960e01ec0c229bc8a956eb11467e85b0aa4bc
        MD5
                3f246519779c34285a2af5bba4e37562
PEM
  1. -----BEGIN CERTIFICATE-----
  2. MIIF3zCCA8egAwIBAgIQK0iO2JjLvnCPoVuzATCqMzANBgkqhkiG9w0BAQwFADCB
  3. iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
  4. cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
  5. BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjAw
  6. NDAxMDAwMDAwWhcNMzAwNDAxMjM1OTU5WjA/MQswCQYDVQQGEwJDTjEUMBIGA1UE
  7. ChMLQmFpZHUsIEluYy4xGjAYBgNVBAMTEUJhaWR1LCBJbmMuIEVWIENBMIIBIjAN
  8. BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilOL9CnmSZqn5RCw7u4xDOcAgx3x
  9. CsDRCtUrhphJddSVzihJ2rN2bii0332/NywxAyemMOKiKfcmKV21A+7wvx/bIQ67
  10. RTTHHDYCpKtVIusMd6M6+YTHeQRd8Ia33XzVlJ2Ot8DqqcupGPMPxnCi8fI6T3n/
  11. nx0uvpgt8JWa3FAlo8+RUAj1OiAf+hDrSBGzg4rU5iFOz4GYjl/zZQpQqsTaL45G
  12. FRMWfulagfNchHTdi/MVUl/X/DwxsBaPZ+Mrkx1zoYeFGHmo2nr3wCKCL6lLWev7
  13. xNnyWzKihgzzloghYfgeo2mBmjQoLEE8ZwMeT8/CKgobqmBUs9jPMbGCCwIDAQAB
  14. o4IBizCCAYcwHwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0O
  15. BBYEFIUahTNItySfI6RVWGsy4uO93Ub2MA4GA1UdDwEB/wQEAwIBhjASBgNVHRMB
  16. Af8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA4BgNV
  17. HSAEMTAvMC0GBFUdIAAwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNv
  18. bS9DUFMwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29t
  19. L1VTRVJUcnVzdFJTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUF
  20. BwEBBGowaDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VT
  21. RVJUcnVzdFJTQUFkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2Nz
  22. cC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBT2CsjI+brJsAVXEB/
  23. lvSfQWIsSVU77TRMQNPoxFtVmWBUpOMAvJv1plZX4bkX4ixZKcgF3osxoBqZRLOd
  24. KAjZhjll3tMm+cVXke6fj7GSmn97XpH/ZMn4Hu+ldm7tzjll+Z4yPnBUMblC37/L
  25. yEgDkAEBPu0gEq1V3DKQP/yhgg28HxSlwPfH16yORIDLrGy0qCbn/wJ3Ax6NLbzk
  26. 13xZBf+WMsKBYYn+A6aXFK4vQz29d+tGQ9kk5nTorQAI8AKi3TNTooDYWevc/MhU
  27. c6qXNckuDlb4DonRZfZw6NbykI+wYxPWbVCEAEG83gVBD+ymh4TaoQfsylVzlh3/
  28. 8+q8wqok+FdohfPNnqGlGqmua7VQlbym0+OabQWjsck4ID2OGNtIUL/ZT+q+4X6C
  29. zPS+ociaq0w2h+dsosZJa653tTCerDBH5iHG9jMja7aE5ncId73HcdKn+2E7YZOr
  30. kJZ9zuNXxDUwCJ8B9D6xJGGSYdLYtasSvW2WeO0cv0LvU6kzZMRUAyeZ8Z5xTTYA
  31. Jxn8ZLIkpRDga86Qr49ve2SjnirlALGmK62Hs6wyHKkEcShohtKCR74+7Fi9AG2r
  32. zrt6iFDy+WGZExGnlAC65ZGlKX3okLbQRL172C60jjimysQguSSeWa5vrZYhVZIc
  33. iESJ8q8BOmhJo6nvO8e5sINrYw==
  34. -----END CERTIFICATE-----
复制代码



Baidu, Inc. OV CA
Basic Information
        Subject DN
                C=CN, O=Baidu, Inc., CN=Baidu, Inc. OV CA
        Issuer DN
                C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
        Serial
                Decimal: 205949414021948995202228189155014956161
                Hex: 0x9af06a12cd2ce07a04b04452ef0b5481
        Validity
                2020-04-01 00:00:00 to 2030-04-01 23:59:59 (3652 days, 23:59:59)
Fingerprint
        SHA-256
                4b704cda80e244d4186844f0ef242b70c4b1ab4d8d8961568f28e12c89784f23
        SHA-1
                0375861afb6fcf30971df32ef9f0dde2c9bff9e6
        MD5
                5ed195f00a5baa6fccd86fc7f089f850
PEM
  1. -----BEGIN CERTIFICATE-----
  2. MIIFwzCCA6ugAwIBAgIRAJrwahLNLOB6BLBEUu8LVIEwDQYJKoZIhvcNAQEMBQAw
  3. gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
  4. ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
  5. VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw
  6. MDQwMTAwMDAwMFoXDTMwMDQwMTIzNTk1OVowPzELMAkGA1UEBhMCQ04xFDASBgNV
  7. BAoTC0JhaWR1LCBJbmMuMRowGAYDVQQDExFCYWlkdSwgSW5jLiBPViBDQTCCASIw
  8. DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhq7CvNLkZvJYki92h8FQNKzcDN
  9. LTOLUMER05FwwE3t3xtKE7aMzPFL0QGhQsofWdZRgjsbSikhkbdH8SsmCtYrBXKA
  10. 2dr1OyCdUkc/EJBJseB2lcGpK9MAxVzuQ3aMwC9HEFuK+a0qEiyJAcQ9QPIwCXfF
  11. h4zTjDb3DBPKVOxVzay7Nsf8/PPGIixonns+NqRrxwpuYWdD42s7Qq95ZCZNxtco
  12. kTGGUIj6MVzKAHpwWQzueE4dczzHUqOqmUOK96O4x1LRgb7gW+M6rSEIW3/Klu6W
  13. 4ysZb1u6s8zxAxX4kBOXYppkFO6reapz/tAv5jFZT3jAto6M0jtGjJEgFc8CAwEA
  14. AaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1Ud
  15. DgQWBBQ3gXHH6PSDAlDMx7cTjMDlhJV32DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0T
  16. AQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
  17. VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BBhj9odHRw
  18. Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNhdGlvbkF1
  19. dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8v
  20. Y3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5jcnQwJQYI
  21. KwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEM
  22. BQADggIBACpDyWxqbXnIT+meN6nVfE1lIlUf0GErrKJFuWaAISFv+/DMox/v0R1g
  23. 6QvC8DGpo5hUAdO4Hb4E+q0**8iJgBldImIMXCPo9aDmpCZfiHDCDRvBOPcsufd
  24. nZzhWUhis4YnaI5uxKws0UDIJpl8/rwtNRx8/7aDi2rwNYKpkDp2E3qa4RDesp0+
  25. AdPsgT/yjwABbksqh98jpNy2911LpG8LAyEoqsCzO7GZ2JguKoDxpnq9t08KwWAr
  26. VQ214WMSCEP60W9NdFZXS7zyWB0HcL7p+fs2/e3pleQm0WX8OYHpLzg3jioAh8DG
  27. vBbHKcr+m0yP2utw31M26G1EQBLZJRJMkXWcyZowELNMD72dSQGj11hRW9LtgRaT
  28. P0mnbZ1g33OmwV8LvWBo7U6GYbwWgxqmeIu3WUGusfA8o/z8rJ3dlxmH4kEQ6Vff
  29. vJpFDgi/1Rru2rn9Uhbi0cQoe9lFEgJAeKsKqQM2U60ClmAwqtqqDHo7TIlIPjSl
  30. tTV1ZmpKliFf4mmn/rZkHy9Y0nJRZRSGKEVxVE7aoBtchdM9C37XvBjL+xNGDOVC
  31. WtPFoUquRC+aoV43ZvpgjlOPBfjDhR9aY8Q3zbKRPQFDmtmZ9C8SaVmfSO81IaBX
  32. 3d4zpdzi/nXE6VlRpH9FcuslcbSXi8XiOCCFUM5Y/WIFrcoyhFuP
  33. -----END CERTIFICATE-----
复制代码


Baidu, Inc. DV CA
Basic Information
        Subject DN
                C=CN, O=Baidu, Inc., CN=Baidu, Inc. DV CA
        Issuer DN
                C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
        Serial
                Decimal: 94722165348429491556351850227464396050
                Hex: 0x4742d3519ebf14347c2f5dade537dd12
        Validity
                2020-04-01 00:00:00 to 2030-04-01 23:59:59 (3652 days, 23:59:59)
Fingerprint
        SHA-256
                ea423f1b3b1b529d1c7db9a21af87dc78de7259555e298ba26c63cf1275a912c
        SHA-1
                e79280b96086d6098eaeddcc18c092491eaf0e4e
        MD5
                dce83ef44ae5e30306e7ba92abe8b0cb
PEM
  1. -----BEGIN CERTIFICATE-----
  2. MIIFwjCCA6qgAwIBAgIQR0LTUZ6/FDR8L12t5TfdEjANBgkqhkiG9w0BAQwFADCB
  3. iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
  4. cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
  5. BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjAw
  6. NDAxMDAwMDAwWhcNMzAwNDAxMjM1OTU5WjA/MQswCQYDVQQGEwJDTjEUMBIGA1UE
  7. ChMLQmFpZHUsIEluYy4xGjAYBgNVBAMTEUJhaWR1LCBJbmMuIERWIENBMIIBIjAN
  8. BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlMpUY9l4tMZQl4gonqZdwqqtz+u
  9. 8fblX1F44zjaP25ttZ0suqg9akJ7WXHndl2M0ICkFJ5R4qqdx6TVZ6+1XvBF3Zr4
  10. FjIiMKIqxFMMGb96vHN+sshhGcJKUyAO7AmdIR2FRwhUTz3pQnne/uLUzJnYmYhx
  11. 8Ti7M1iJ1scXQgV5Tx/rnFAufnFHMNon1Ia3Jor2aWfncHdMCGA+Mj3vjY7DCa4V
  12. p+j65xckWgmmOjWtp/zAl8Z7g3Fccr1Ki/MgMqeBY4ZukbTYVr9K85FoV7bNnkyg
  13. rnVTaJChmo1ZGg1XL8Y0pqxqEsAYywOaBdbRSaG8Vo5ae82MOc5itI7K+QIDAQAB
  14. o4IBbjCCAWowHwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0O
  15. BBYEFN89SAdm+eCRW3ixqtc8WTAXO02FMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMB
  16. Af8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNV
  17. HSAEFDASMAYGBFUdIAAwCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6
  18. Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0
  19. aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9j
  20. cnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggr
  21. BgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwF
  22. AAOCAgEAaCp581xitsN4IWCA1WE/vUpve/v59Ik8cusF9YjOjrnalqIZd/r3lgPk
  23. cRwH1TJsLUCKg88X3e6nacp1nPl8p8Hg+pXVeyX2cbyagcFT6pJD8ph0xsFZBzc+
  24. YiNeePfSTu+4LdfStir4gstY/j/qz1IzhMt7rtASC5nPHktneU365PIb/cErc8ls
  25. XFogAesi/vHY680PlmXY/ve8njJq1ZigKeWQoHevFc/L16a2cahZP5KU3DudpKjM
  26. RlajM2Rmvn211740s/G+fxDZV97OkP8p/80cSnLIIK9SnOem0W8DwzhvQdnIIPZh
  27. Y+XxMIk9sIr0IpP8PdRHu0IrTsTE/8AE2NfwZwngLtAofnQFg6U6+FqrwYE7zDFx
  28. 0UvUFurX9y5Wy9eZjcP8Os+futiqlWwlrW8xscTN/vSOmCcaW4B1cvHFbn4hdJn4
  29. ERE4D+2dVaY/yxMAd8de24dpIbTxu+/yJOBijPFv5ahISRTWyV/n2C4yMdmANEi2
  30. /igiLvlx3rH2Jx6dEdxf9xjlguvXugXHr2dW3tMruSWjr/v93gojRIwZ+bOJKctc
  31. FrhpYYv0mJKhB9oa8EXROpAsAlhllaAsuGAgpku2IN2G9nbdn5QokiE+Th3u/k80
  32. IhGYkrKef0RI4xtz0m9ZbUr9Rpi0B+G3PuZoym2EzdKTVZIyEsk=
  33. -----END CERTIFICATE-----
复制代码


三张中间证书都是 USERTrust ,也就是 Sectigo 根签发的,受 Sectigo 的监管,有 Certificate Transparency (CT,证书透明度),百度做CA算是中规中矩,但“百度网民权益保障计划”专属认证标识实属DD行为,甚至可以说算是挑战CA/B

不过直到现在,百度还是在用着GlobalSign的证书(2020年4月2号签的,但百度的三张subCA在4月1号就已经签了
发表于 2020-5-21 21:11:36 | 显示全部楼层
说到底还是磕毛豆
发表于 2020-5-21 18:54:17 | 显示全部楼层
本帖最后由 catbox 于 2020-5-21 18:58 编辑

这种都是Sectigo保管私钥的,相当于就是个贴牌证书,证书的实际控制权不在百度手里。
验证还是Sectigo做,只不过是通过百度卖出的证书Sectigo用写有百度名字的中间证书签名而已。
发表于 2020-5-21 12:58:29 来自手机 | 显示全部楼层
跟我走什么关系,又不能白女票
发表于 2020-5-21 13:07:30 | 显示全部楼层
百度:用我家CDN,有网址自动提交加成

百度:用我家主机,能快速收录

百度:你说你是给我掏钱呢还是不掏呢
发表于 2020-5-21 19:08:07 | 显示全部楼层
提示: 作者被禁止或删除 内容自动屏蔽
 楼主| 发表于 2020-5-21 19:15:44 | 显示全部楼层
h20 发表于 2020-5-21 19:08
USERTRUST Network 是谁家的?

Sectigo
 楼主| 发表于 2020-5-21 19:20:08 | 显示全部楼层
catbox 发表于 2020-5-21 18:54
这种都是Sectigo保管私钥的,相当于就是个贴牌证书,证书的实际控制权不在百度手里。
验证还是Sectigo做, ...

USERTrust 还签了 WoTrus 沃通的各系证书,CN后面写了 Run by Issuer
环洋和亚信好像也是 Sectigo 背书的,亚信是自建验证,环洋还是由 COMODO/Sectigo 做验证好像
发表于 2020-5-21 19:22:19 | 显示全部楼层
百度智能云有百度搜索加持,还是不温不火
发表于 2020-5-21 19:25:52 来自手机 | 显示全部楼层
便宜点就入了
您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|全球主机交流论坛

GMT+8, 2024-3-28 21:25 , Processed in 0.062732 second(s), 10 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表