Appearance
CA / 证书颁发机构
fwnet 提供 证书颁发机构(CA)服务,并且可以通过 ACME 颁发证书,该服务由 smallstep/step-ca 提供。
fwnet provides Certificate Authority (CA) services and can issue certificates through ACME, which is powered by smallstep/step-ca.
Root CA
目前 fwnet 共有以下 Root CA。
| 证书名称 Common Name | 证书文件 files in PEM format | 证书到期日 Expiration Date | 签名算法 Algorithm | 颁发者 Issuer |
|---|---|---|---|---|
| deprecated 5050net Root CA | https://5050net.cn/5050net-root-ca.crt | 2033/03/26 | ECDSA + SHA256 | 5050net |
| fwnet ECDSA Root CA 1 | https://5050net.cn/fwnet-ecdsa-root-ca-1.crt | 2030/03/23 | ECDSA + SHA256 | fwnet |
| fwnet ECDSA Root CA 2 | https://5050net.cn/fwnet_ECDSA_Root_CA_2.crt | 2030/06/07 | ECDSA + SHA384 | fwnet |
| fwnet SM2 Root CA 1 | https://5050net.cn/fwnet-sm2-root-ca-1.crt | 2030/03/23 | SM2 + SM3 | fwnet |
5050net Root CA
最初被小范围广泛使用,由于配置不完善而逐渐被弃用。
Was widely used in a limited scope initially but has gradually been phased out due to imperfect configurations.
警告 / CAUTION
5050net Root CA 已经停止颁发新的证书,请使用 fwnet ECDSA Root CA 2 代替。
fwnet ECDSA Root CA 1
fwnet 内最常用的 Root CA,几乎所有证书都来自此 Root CA。
The most commonly used Root CA, almost all certificates are issued from this Root CA.
但应逐步切换至 fwnet ECDSA Root CA 2。
Should gradually switch to fwnet ECDSA Root CA 2.
ACME 端点 Endpoints:
bash
# 在一些 Linux 发行版上安装 / Install on some Linux distributions
sudo wget -O /usr/local/share/ca-certificates/fwnet-ecdsa-root-ca-1.crt https://5050net.cn/fwnet-ecdsa-root-ca-1.crt
sudo update-ca-certificatesfwnet ECDSA Root CA 2
fwnet 的第二个 Root CA,弥补了一些 fwnet ECDSA Root CA 1 的缺陷。
为了在过渡期内使客户端平滑兼容,部分颁发点对 fwnet ECDSA Root CA 1 进行了交叉签名。
拥有数个由不同维护者运营的 ACME 颁发点。
| 证书类型 Type | 维护者 Maintainer | ACME Directory |
|---|---|---|
| fwnet Intermediate CA (R2-R1 交叉签名) | SerinaNya | https://serinanya.cn/acme/official |
bash
# 在一些 Linux 发行版上安装 / Install on some Linux distributions
sudo wget -O /usr/local/share/ca-certificates/fwnet_ECDSA_Root_CA_2.crt https://5050net.cn/fwnet_ECDSA_Root_CA_2.crt
sudo update-ca-certificatesfwnet SM2 Root CA 1
注意 / WARNING
Microsoft Windows 目前并没有原生的 SM2 和 SM3 支持,若要使用需安装第三方套件。
Microsoft Windows currently does NOT have native support for SM2 and SM3. If you would like to use it, it is necessary to install third-party softwares.
SM2 和 SM3 是由中国国家密码管理局发布的密码标准。SM2 是非对称加密算法,SM3 是摘要算法。
SM2 and SM3 are cryptographic standards issued by State Cryptography Administration of China. SM2 is an asymmetric encryption algorithm, and SM3 is a digest algorithm.
OpenSSL 从 1.1.1 开始支持 SM2 和 SM3,从而使签发此类证书不再困难重重。
OpenSSL has supported SM2 and SM3 since version 1.1.1, making it no longer difficult to issue such certificates.
目前暂时没有任何 ACME 颁发点。
Currently, there are no ACME endpoints available.