ot ctrl(9-10-2003)
Zdraveite,
SHTe podlozha na kritika saita http://egateway.government.bg.
SHTe vzema za primer browser IE s operatsionna sistema Windows
2000 SP4.
Stava vupros za slednoto:
Kogato se opitame da se lognem na saita ot
"https://egateway.government.bg/secure/login.aspx"
se poiaviava preduprezhdenie, che sertifikatut na server-a
"http://egateway.government.bg/"
ne mozhe da bude verifitsiran. Kolko ot potrebitelite na
uslugata shte uspeiat da si obiasniat zashto tova e taka i kak da
postupiat po-natatuk? V tozi sluchai, estestvena reaktsiia na
vuprosa "Do you want to proceeed?" da se otgovori
s "Yes", koeto e absolyutno nepravilno!
Nikude niama obiasneniia za tova kak triabva da se protsedira v
tozi sluchai. Az shte go napravia, kato se nadiavam tova da
stigne do kolkoto se mozhe poveche potrebiteli.
V tozi sluchai po printsip triabva da se klikne v/u butona
"View Certificate" i posle toi (sertifikatut na
"http://egateway.government.bg/")
sledva da bude "instaliran" v Windows. Tova stava
kato se klikne v/u butona "Install Certificate" i
se sledvat instruktsiite na Windows. Sled tazi stupka
sertifikatut e "instaliran" i saitut bi triabvalo
da e veche "trusted", no za saita "http://egateway.government.bg"
tova niama da e dostatuchno :)
Windows postavia sertifikata na "http://egateway.government.bg"
v "Intermediate Certification Authorities", no toi
vse oshte ne mozhe da bude verifitsiran, ponezhe se okazva, che
lipsvat 2 neshta:
1. Sertifikat na "StampIT Domestic CA". Tova e
izdateliat na sertifikata na na "http://egateway.government.bg"
2. Root-sertifikat na StampIT -"StampIT Domestic
Root CA". Tova e izdateliat na sertifikata na
"StampIT Domestic CA".
Tezi sertifikati mogat da budat svaleni svobodno ot saita na
StampIT (http://web.stampit.org/).
Te sledva da budat instalirani - "StampIT Domestic
CA" kum "Intermediate Certification
Authorities", a StampIT Domestic Root CA" v
"Trusted Root Certification Authorities". Togava
saitut "http://egateway.government.bg"
shte se verifitsira uspeshno.
Kato obobshtenie moga da posocha, che server-a na "http://egateway.government.bg"
predostavia nepulna veriga ot sertifikati na svoite izdateli.
Tova e mnogo seriozna greshka za sait na "Bulgarskoto
Elektronno Pravitelstvo". Po nachina, po koito raboti v
nastoiashtiia moment, bih preporuchal na vsichki potrebiteli da go
izbiagvat.
Oshte neshto: Vizhte kakvo se poluchi po pri edin ot moite opiti
za logvane:
--------------------------------------------------------------------------------
Server Error in '/' Application.
--------------------------------------------------------------------------------
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the
execution of the current web request. Please review the
stack trace for more information about the error and where
it originated in the code.
Exception Details: System.NullReferenceException: Object
reference not set to an instance of an object.
Source Error:
An unhandled exception was generated during the execution of
the current web request. Information regarding the origin
and location of the exception can be identified using the
exception stack trace below.
Stack Trace:
[NullReferenceException: Object reference not set to an
instance of an object.]
egovportal.secure.signRequest.Page_Load(Object sender,
EventArgs e) in
\\egovportal\c$\Inetpub\EGovPortalDefault\secure\signRequest.aspx.cs:41
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework
Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
------------------------------------------------------------------------------
:)
I posledno, prilagam dump na chasti ot dve HTTPS sesii,
ednata pri logvane kum http://egateway.government.bg, a
drugata kum nash HTTPS server. Ostaviam na vas da otkriete
razlikite:
--------------------------------------------------------------------------------------------------
http://egateway.government.bg
--------------------------------------------------------------------------------------------------
HTTP/1.0 200 Connection established
---------------------------------------------------------------
1 1 0.0682 (0.0217) C>S SSLv2 compatible client hello
Version 3.0
cipher suites
SSL_RSA_WITH_RC4_128_MD5
SSL2_CK_RC4
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_CK_RC2
SSL2_CK_3DES
Unknown value 0x3a
Unknown value 0x39
Unknown value 0x38
Unknown value 0x35
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Unknown value 0x34
Unknown value 0x33
Unknown value 0x32
Unknown value 0x2f
SSL_DHE_DSS_WITH_RC4_128_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL2_CK_RC464
SSL_DHE_DSS_WITH_RC2_56_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
SSL_RSA_EXPORT1024_WITH_RC4_56_MD5
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL2_CK_DES
1 2 0.2622 (0.1940) S>C Handshake
ServerHello
Version 3.0
session_id[32]=
e9 1b 00 00 39 7c ae c7 f4 78 c6 74 90 c0 6d 31
f4 d9 ec d6 a1 fd 4c ba be cb 18 37 fd 59 20 3e
cipherSuite SSL_RSA_WITH_RC4_128_MD5
compressionMethod NULL
Certificate
Subject
C=BG
L=Sofia
O=CAD R&D CENTER PROGRESS
OU=CAD R&D CENTER PROGRESS
CN=egateway.government.bg
Issuer
C=BG
O=Information Services Plc.
OU=StampIT
CN=StampIT Domestic CA
Serial 02 59
Extensions
Extension: X509v3 Authority Key Identifier
Extension: X509v3 Subject Key Identifier
Extension: X509v3 Key Usage
Critical
Extension: X509v3 Extended Key Usage
Extension: X509v3 Certificate Policies
Extension: X509v3 Issuer Alternative Name
Extension: X509v3 Basic Constraints
Critical
Extension: X509v3 CRL Distribution Points
Subject
C=BG
O=Information Services Plc.
OU=StampIT
CN=StampIT Domestic CA
Issuer
C=BG
O=Information Services Plc.
OU=StampIT
CN=StampIT Domestic Root CA
Serial 06
Extensions
Extension: X509v3 Authority Key Identifier
Extension: X509v3 Subject Key Identifier
Extension: X509v3 Key Usage
Critical
Extension: X509v3 Certificate Policies
Extension: X509v3 Basic Constraints
Critical
Extension: X509v3 CRL Distribution Points
ServerHelloDone
-----------------------------------------------------------------------------------------
192.168.15.10
-----------------------------------------------------------------------------------------
New TCP connection #4: gladiator.bsc.bg(33293)
192.168.15.10(443)
4 1 0.0102 (0.0102) C>S SSLv2 compatible client hello
Version 3.0
cipher suites
SSL_RSA_WITH_RC4_128_MD5
SSL2_CK_RC4
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_CK_RC2
SSL2_CK_3DES
Unknown value 0x3a
Unknown value 0x39
Unknown value 0x38
Unknown value 0x35
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Unknown value 0x34
Unknown value 0x33
Unknown value 0x32
Unknown value 0x2f
SSL_DHE_DSS_WITH_RC4_128_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL2_CK_RC464
SSL_DHE_DSS_WITH_RC2_56_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
SSL_RSA_EXPORT1024_WITH_RC4_56_MD5
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL2_CK_DES
4 2 0.4823 (0.4720) S>C Handshake
ServerHello
Version 3.0
session_id[32]=
3f 85 49 71 fe 64 23 4f cd 70 49 dd 29 e2 c7 2c
b2 c0 ce 67 36 b6 75 65 c4 e9 2b de dc 84 d0 dd
cipherSuite SSL_RSA_WITH_RC4_128_MD5
compressionMethod NULL
Certificate
Subject
C=BG
CN=192.168.15.10
emailAddress=3sweb@bsc.bg
L=Varna
O=BSC Group
OU=3S
ST=Varna
title=3sweb
Issuer
title=BSC CA
C=BG
ST=Varna
L=Varna
O=BSC Group
OU=3S
CN=BSC Group Certification Authority
emailAddress=ca@bsc.bg
Serial 69 da 50 04 25
Extensions
Extension: X509v3 Basic Constraints
Critical
Extension: X509v3 Subject Alternative Name
Extension: X509v3 Key Usage
Extension: X509v3 Subject Key Identifier
Extension: X509v3 Authority Key Identifier
Extension: X509v3 CRL Distribution Points
Subject
emailAddress=ca@bsc.bg
CN=BSC Group Certification Authority
OU=3S
O=BSC Group
L=Varna
ST=Varna
C=BG
title=BSC CA
Issuer
emailAddress=ca@bsc.bg
CN=BSC Group Certification Authority
OU=3S
O=BSC Group
L=Varna
ST=Varna
C=BG
title=BSC CA
Serial 0b 13 b8 1e e6 b1 d4 19
Extensions
Extension: X509v3 Basic Constraints
Critical
Extension: X509v3 Subject Alternative Name
Extension: X509v3 Key Usage
Extension: X509v3 Subject Key Identifier
Extension: X509v3 Authority Key Identifier
Extension: X509v3 CRL Distribution Points
CertificateRequest
certificate_types rsa_sign
certificate_types dss_sign
certificate_authority
emailAddress=ca@bsc.bg
CN=BSC Group Certification Authority
OU=3S
O=BSC Group
L=Varna
ST=Varna
C=BG
title=BSC CA
certificate_authority
C=BE
O=GlobalSign nv-sa
OU=Class 1 CA
CN=GlobalSign Class 1 CA
certificate_authority
C=US
O=VeriSign, Inc.
OU=Class 1 Public Primary Certification Authority
ServerHelloDone
-------------------------------------------------------------------------------------------------------
<< Na 10.10 izlezna Mozilla 1.4.1 | Novini ot fronta >>
|
