起因:
上个月看到 https://www.hostloc.com/thread-678592-1-1.html 说百度推出了自家的SSL证书( https://cloud.baidu.com/product/ssl.html ),看样子应该是中级证书(subCA),于是昨晚专程去 censys.io 翻了下各大根CA签中间证书颁发机构的记录,找到了百度的三张subCA
Baidu, Inc. EV CA
Basic Information
Subject DN
C=CN, O=Baidu, Inc., CN=Baidu, Inc. EV CA
Issuer DN
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Serial
Decimal: 57533546455300744502657975942678358579
Hex: 0x2b488ed898cbbe708fa15bb30130aa33
Validity
2020-04-01 00:00:00 to 2030-04-01 23:59:59 (3652 days, 23:59:59)
Fingerprint
SHA-256
c30bc9667e273937833c396ad85ee325de633f4fccc51483417a9c8a4e33b39d
SHA-1
c23960e01ec0c229bc8a956eb11467e85b0aa4bc
MD5
3f246519779c34285a2af5bba4e37562
PEM
- -----BEGIN CERTIFICATE-----
- MIIF3zCCA8egAwIBAgIQK0iO2JjLvnCPoVuzATCqMzANBgkqhkiG9w0BAQwFADCB
- iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
- cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
- BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjAw
- NDAxMDAwMDAwWhcNMzAwNDAxMjM1OTU5WjA/MQswCQYDVQQGEwJDTjEUMBIGA1UE
- ChMLQmFpZHUsIEluYy4xGjAYBgNVBAMTEUJhaWR1LCBJbmMuIEVWIENBMIIBIjAN
- BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilOL9CnmSZqn5RCw7u4xDOcAgx3x
- CsDRCtUrhphJddSVzihJ2rN2bii0332/NywxAyemMOKiKfcmKV21A+7wvx/bIQ67
- RTTHHDYCpKtVIusMd6M6+YTHeQRd8Ia33XzVlJ2Ot8DqqcupGPMPxnCi8fI6T3n/
- nx0uvpgt8JWa3FAlo8+RUAj1OiAf+hDrSBGzg4rU5iFOz4GYjl/zZQpQqsTaL45G
- FRMWfulagfNchHTdi/MVUl/X/DwxsBaPZ+Mrkx1zoYeFGHmo2nr3wCKCL6lLWev7
- xNnyWzKihgzzloghYfgeo2mBmjQoLEE8ZwMeT8/CKgobqmBUs9jPMbGCCwIDAQAB
- o4IBizCCAYcwHwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0O
- BBYEFIUahTNItySfI6RVWGsy4uO93Ub2MA4GA1UdDwEB/wQEAwIBhjASBgNVHRMB
- Af8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA4BgNV
- HSAEMTAvMC0GBFUdIAAwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNv
- bS9DUFMwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29t
- L1VTRVJUcnVzdFJTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUF
- BwEBBGowaDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VT
- RVJUcnVzdFJTQUFkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2Nz
- cC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBT2CsjI+brJsAVXEB/
- lvSfQWIsSVU77TRMQNPoxFtVmWBUpOMAvJv1plZX4bkX4ixZKcgF3osxoBqZRLOd
- KAjZhjll3tMm+cVXke6fj7GSmn97XpH/ZMn4Hu+ldm7tzjll+Z4yPnBUMblC37/L
- yEgDkAEBPu0gEq1V3DKQP/yhgg28HxSlwPfH16yORIDLrGy0qCbn/wJ3Ax6NLbzk
- 13xZBf+WMsKBYYn+A6aXFK4vQz29d+tGQ9kk5nTorQAI8AKi3TNTooDYWevc/MhU
- c6qXNckuDlb4DonRZfZw6NbykI+wYxPWbVCEAEG83gVBD+ymh4TaoQfsylVzlh3/
- 8+q8wqok+FdohfPNnqGlGqmua7VQlbym0+OabQWjsck4ID2OGNtIUL/ZT+q+4X6C
- zPS+ociaq0w2h+dsosZJa653tTCerDBH5iHG9jMja7aE5ncId73HcdKn+2E7YZOr
- kJZ9zuNXxDUwCJ8B9D6xJGGSYdLYtasSvW2WeO0cv0LvU6kzZMRUAyeZ8Z5xTTYA
- Jxn8ZLIkpRDga86Qr49ve2SjnirlALGmK62Hs6wyHKkEcShohtKCR74+7Fi9AG2r
- zrt6iFDy+WGZExGnlAC65ZGlKX3okLbQRL172C60jjimysQguSSeWa5vrZYhVZIc
- iESJ8q8BOmhJo6nvO8e5sINrYw==
- -----END CERTIFICATE-----
复制代码
Baidu, Inc. OV CA
Basic Information
Subject DN
C=CN, O=Baidu, Inc., CN=Baidu, Inc. OV CA
Issuer DN
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Serial
Decimal: 205949414021948995202228189155014956161
Hex: 0x9af06a12cd2ce07a04b04452ef0b5481
Validity
2020-04-01 00:00:00 to 2030-04-01 23:59:59 (3652 days, 23:59:59)
Fingerprint
SHA-256
4b704cda80e244d4186844f0ef242b70c4b1ab4d8d8961568f28e12c89784f23
SHA-1
0375861afb6fcf30971df32ef9f0dde2c9bff9e6
MD5
5ed195f00a5baa6fccd86fc7f089f850
PEM
- -----BEGIN CERTIFICATE-----
- MIIFwzCCA6ugAwIBAgIRAJrwahLNLOB6BLBEUu8LVIEwDQYJKoZIhvcNAQEMBQAw
- gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
- ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
- VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw
- MDQwMTAwMDAwMFoXDTMwMDQwMTIzNTk1OVowPzELMAkGA1UEBhMCQ04xFDASBgNV
- BAoTC0JhaWR1LCBJbmMuMRowGAYDVQQDExFCYWlkdSwgSW5jLiBPViBDQTCCASIw
- DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhq7CvNLkZvJYki92h8FQNKzcDN
- LTOLUMER05FwwE3t3xtKE7aMzPFL0QGhQsofWdZRgjsbSikhkbdH8SsmCtYrBXKA
- 2dr1OyCdUkc/EJBJseB2lcGpK9MAxVzuQ3aMwC9HEFuK+a0qEiyJAcQ9QPIwCXfF
- h4zTjDb3DBPKVOxVzay7Nsf8/PPGIixonns+NqRrxwpuYWdD42s7Qq95ZCZNxtco
- kTGGUIj6MVzKAHpwWQzueE4dczzHUqOqmUOK96O4x1LRgb7gW+M6rSEIW3/Klu6W
- 4ysZb1u6s8zxAxX4kBOXYppkFO6reapz/tAv5jFZT3jAto6M0jtGjJEgFc8CAwEA
- AaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1Ud
- DgQWBBQ3gXHH6PSDAlDMx7cTjMDlhJV32DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0T
- AQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
- VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BBhj9odHRw
- Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNhdGlvbkF1
- dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8v
- Y3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5jcnQwJQYI
- KwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEM
- BQADggIBACpDyWxqbXnIT+meN6nVfE1lIlUf0GErrKJFuWaAISFv+/DMox/v0R1g
- 6QvC8DGpo5hUAdO4Hb4E+q0**8iJgBldImIMXCPo9aDmpCZfiHDCDRvBOPcsufd
- nZzhWUhis4YnaI5uxKws0UDIJpl8/rwtNRx8/7aDi2rwNYKpkDp2E3qa4RDesp0+
- AdPsgT/yjwABbksqh98jpNy2911LpG8LAyEoqsCzO7GZ2JguKoDxpnq9t08KwWAr
- VQ214WMSCEP60W9NdFZXS7zyWB0HcL7p+fs2/e3pleQm0WX8OYHpLzg3jioAh8DG
- vBbHKcr+m0yP2utw31M26G1EQBLZJRJMkXWcyZowELNMD72dSQGj11hRW9LtgRaT
- P0mnbZ1g33OmwV8LvWBo7U6GYbwWgxqmeIu3WUGusfA8o/z8rJ3dlxmH4kEQ6Vff
- vJpFDgi/1Rru2rn9Uhbi0cQoe9lFEgJAeKsKqQM2U60ClmAwqtqqDHo7TIlIPjSl
- tTV1ZmpKliFf4mmn/rZkHy9Y0nJRZRSGKEVxVE7aoBtchdM9C37XvBjL+xNGDOVC
- WtPFoUquRC+aoV43ZvpgjlOPBfjDhR9aY8Q3zbKRPQFDmtmZ9C8SaVmfSO81IaBX
- 3d4zpdzi/nXE6VlRpH9FcuslcbSXi8XiOCCFUM5Y/WIFrcoyhFuP
- -----END CERTIFICATE-----
复制代码
Baidu, Inc. DV CA
Basic Information
Subject DN
C=CN, O=Baidu, Inc., CN=Baidu, Inc. DV CA
Issuer DN
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Serial
Decimal: 94722165348429491556351850227464396050
Hex: 0x4742d3519ebf14347c2f5dade537dd12
Validity
2020-04-01 00:00:00 to 2030-04-01 23:59:59 (3652 days, 23:59:59)
Fingerprint
SHA-256
ea423f1b3b1b529d1c7db9a21af87dc78de7259555e298ba26c63cf1275a912c
SHA-1
e79280b96086d6098eaeddcc18c092491eaf0e4e
MD5
dce83ef44ae5e30306e7ba92abe8b0cb
PEM
- -----BEGIN CERTIFICATE-----
- MIIFwjCCA6qgAwIBAgIQR0LTUZ6/FDR8L12t5TfdEjANBgkqhkiG9w0BAQwFADCB
- iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
- cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
- BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjAw
- NDAxMDAwMDAwWhcNMzAwNDAxMjM1OTU5WjA/MQswCQYDVQQGEwJDTjEUMBIGA1UE
- ChMLQmFpZHUsIEluYy4xGjAYBgNVBAMTEUJhaWR1LCBJbmMuIERWIENBMIIBIjAN
- BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlMpUY9l4tMZQl4gonqZdwqqtz+u
- 8fblX1F44zjaP25ttZ0suqg9akJ7WXHndl2M0ICkFJ5R4qqdx6TVZ6+1XvBF3Zr4
- FjIiMKIqxFMMGb96vHN+sshhGcJKUyAO7AmdIR2FRwhUTz3pQnne/uLUzJnYmYhx
- 8Ti7M1iJ1scXQgV5Tx/rnFAufnFHMNon1Ia3Jor2aWfncHdMCGA+Mj3vjY7DCa4V
- p+j65xckWgmmOjWtp/zAl8Z7g3Fccr1Ki/MgMqeBY4ZukbTYVr9K85FoV7bNnkyg
- rnVTaJChmo1ZGg1XL8Y0pqxqEsAYywOaBdbRSaG8Vo5ae82MOc5itI7K+QIDAQAB
- o4IBbjCCAWowHwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0O
- BBYEFN89SAdm+eCRW3ixqtc8WTAXO02FMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMB
- Af8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNV
- HSAEFDASMAYGBFUdIAAwCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6
- Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0
- aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9j
- cnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggr
- BgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwF
- AAOCAgEAaCp581xitsN4IWCA1WE/vUpve/v59Ik8cusF9YjOjrnalqIZd/r3lgPk
- cRwH1TJsLUCKg88X3e6nacp1nPl8p8Hg+pXVeyX2cbyagcFT6pJD8ph0xsFZBzc+
- YiNeePfSTu+4LdfStir4gstY/j/qz1IzhMt7rtASC5nPHktneU365PIb/cErc8ls
- XFogAesi/vHY680PlmXY/ve8njJq1ZigKeWQoHevFc/L16a2cahZP5KU3DudpKjM
- RlajM2Rmvn211740s/G+fxDZV97OkP8p/80cSnLIIK9SnOem0W8DwzhvQdnIIPZh
- Y+XxMIk9sIr0IpP8PdRHu0IrTsTE/8AE2NfwZwngLtAofnQFg6U6+FqrwYE7zDFx
- 0UvUFurX9y5Wy9eZjcP8Os+futiqlWwlrW8xscTN/vSOmCcaW4B1cvHFbn4hdJn4
- ERE4D+2dVaY/yxMAd8de24dpIbTxu+/yJOBijPFv5ahISRTWyV/n2C4yMdmANEi2
- /igiLvlx3rH2Jx6dEdxf9xjlguvXugXHr2dW3tMruSWjr/v93gojRIwZ+bOJKctc
- FrhpYYv0mJKhB9oa8EXROpAsAlhllaAsuGAgpku2IN2G9nbdn5QokiE+Th3u/k80
- IhGYkrKef0RI4xtz0m9ZbUr9Rpi0B+G3PuZoym2EzdKTVZIyEsk=
- -----END CERTIFICATE-----
复制代码
三张中间证书都是 USERTrust ,也就是 Sectigo 根签发的,受 Sectigo 的监管,有 Certificate Transparency (CT,证书透明度),百度做CA算是中规中矩,但“百度网民权益保障计划”专属认证标识实属DD行为,甚至可以说算是挑战CA/B
不过直到现在,百度还是在用着GlobalSign的证书(2020年4月2号签的,但百度的三张subCA在4月1号就已经签了 ) |