V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
yanwen
V2EX  ›  问与答

广发银行的网上银行证书是被劫持了么??

  •  
  •   yanwen · 2015-01-22 09:17:22 +08:00 · 3099 次点击
    这是一个创建于 3353 天前的主题,其中的信息可能已经有所发展或是发生改变。
    登录网银的时候证书提示不受信任


    求分析。。

    证书如下:

    -----BEGIN CERTIFICATE-----
    MIIFkzCCBHugAwIBAgIETCDbCDANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
    VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
    Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
    KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
    Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMzA2MjYwMjE0MjRaFw0xNTA2MjYy
    MDIzNDVaMIHjMQswCQYDVQQGEwJDTjESMBAGA1UECBMJR3Vhbmdkb25nMRIwEAYD
    VQQHEwlHdWFuZ3pob3UxEzARBgsrBgEEAYI3PAIBAxMCQ04xGjAYBgsrBgEEAYI3
    PAIBAhMJR3Vhbmdkb25nMSMwIQYDVQQKExpDaGluYSBHdWFuZ2ZhIEJhbmsgQ28u
    LEx0ZDEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xNzAWBgNVBAUTDzQ0
    MDAwMDAwMDA0NjU0MTAdBgNVBAMTFmViYW5rcy5jZ2JjaGluYS5jb20uY24wggEi
    MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB5igK2SLPtzLXSKn0n698aVD0
    F+cnbmhZDjvm6jJkTwUCHU5MuI/dgYJf41ho1W6DRsInMke5l0NBjNZXI7BkV/Jc
    JLDJEs+vhnYbU7kuiitHTXsyhb3kRJpQML51FUDSSC7G7gI+XGaG60Tqk5IfQBTV
    KAdoTS/bmP8ukAvshVhpdgOPy8gslDMsUjPgJPPwH/8Qmqe1xtazU0sQ0MdYb1ZZ
    SJmfU7C9+N2I9azMhYb909JI3QF6brlPchBLR4c/BOyuQSbpXIFD/xFvBxVcVfRZ
    dnrbYl7S+nVfbIHBVtfZY/lIyFJJ+ZuoRC11PX2Z3VJbuUwSyU8xV1/uat03AgMB
    AAGjggF9MIIBeTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
    AQUFBwMCMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
    ZW50cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQv
    bDFlLWNoYWluLmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1
    c3QubmV0L2xldmVsMWUuY3JsMEEGA1UdIAQ6MDgwNgYKYIZIAYb6bAoBAjAoMCYG
    CCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAhBgNVHREEGjAY
    ghZlYmFua3MuY2diY2hpbmEuY29tLmNuMB8GA1UdIwQYMBaAFFtBirLEQ8G9v8hU
    QVWd4Jat/7mhMB0GA1UdDgQWBBR/BPr0b4SytJZ750e7QkkSrQgdOTAJBgNVHRME
    AjAAMA0GCSqGSIb3DQEBBQUAA4IBAQCwgTHkbn3Z8vOjbKEc6CDAfcsO35faCXMV
    1rYqv5kQu92QmCWyfRJldqttjGhIhgOwSYjZp2ftdpsxsD2UaVCXzFEg0xaUUP9y
    5ZNCrZfV/JTZte32QHo5Fg95GP7XOGcUicFBWh9019dvLDsvWJGN8VC8YzX5227i
    K5EIRr1HgOWX/etw10pDCJp4dt3kuAkSh0IJgGo4IihjFgcEvVdveL4znivy0jSV
    7kg2C1K4Whsczt7EJuCf3F2otF4zp2idYSIY1h9fOTTT9y/a7NqZMdnjzYKfhQc6
    tATpi9UyS5QcFRNSGYTFL2DgwBH0+sM1dp3Z2M7GNnedIsKmUyJh
    -----END CERTIFICATE-----
    10 条回复    2015-01-23 21:35:20 +08:00
    lzxgh621
        1
    lzxgh621  
       2015-01-22 09:25:57 +08:00   ❤️ 1
    未重现 技术细节没点开 看不到信息
    SharkIng
        2
    SharkIng  
       2015-01-22 09:28:39 +08:00   ❤️ 1
    我打开是正常证书

    -----BEGIN CERTIFICATE-----
    MIIFkzCCBHugAwIBAgIETCDbCDANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
    VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
    Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
    KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
    Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMzA2MjYwMjE0MjRaFw0xNTA2MjYy
    MDIzNDVaMIHjMQswCQYDVQQGEwJDTjESMBAGA1UECBMJR3Vhbmdkb25nMRIwEAYD
    VQQHEwlHdWFuZ3pob3UxEzARBgsrBgEEAYI3PAIBAxMCQ04xGjAYBgsrBgEEAYI3
    PAIBAhMJR3Vhbmdkb25nMSMwIQYDVQQKExpDaGluYSBHdWFuZ2ZhIEJhbmsgQ28u
    LEx0ZDEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xNzAWBgNVBAUTDzQ0
    MDAwMDAwMDA0NjU0MTAdBgNVBAMTFmViYW5rcy5jZ2JjaGluYS5jb20uY24wggEi
    MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB5igK2SLPtzLXSKn0n698aVD0
    F+cnbmhZDjvm6jJkTwUCHU5MuI/dgYJf41ho1W6DRsInMke5l0NBjNZXI7BkV/Jc
    JLDJEs+vhnYbU7kuiitHTXsyhb3kRJpQML51FUDSSC7G7gI+XGaG60Tqk5IfQBTV
    KAdoTS/bmP8ukAvshVhpdgOPy8gslDMsUjPgJPPwH/8Qmqe1xtazU0sQ0MdYb1ZZ
    SJmfU7C9+N2I9azMhYb909JI3QF6brlPchBLR4c/BOyuQSbpXIFD/xFvBxVcVfRZ
    dnrbYl7S+nVfbIHBVtfZY/lIyFJJ+ZuoRC11PX2Z3VJbuUwSyU8xV1/uat03AgMB
    AAGjggF9MIIBeTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
    AQUFBwMCMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
    ZW50cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQv
    bDFlLWNoYWluLmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1
    c3QubmV0L2xldmVsMWUuY3JsMEEGA1UdIAQ6MDgwNgYKYIZIAYb6bAoBAjAoMCYG
    CCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAhBgNVHREEGjAY
    ghZlYmFua3MuY2diY2hpbmEuY29tLmNuMB8GA1UdIwQYMBaAFFtBirLEQ8G9v8hU
    QVWd4Jat/7mhMB0GA1UdDgQWBBR/BPr0b4SytJZ750e7QkkSrQgdOTAJBgNVHRME
    AjAAMA0GCSqGSIb3DQEBBQUAA4IBAQCwgTHkbn3Z8vOjbKEc6CDAfcsO35faCXMV
    1rYqv5kQu92QmCWyfRJldqttjGhIhgOwSYjZp2ftdpsxsD2UaVCXzFEg0xaUUP9y
    5ZNCrZfV/JTZte32QHo5Fg95GP7XOGcUicFBWh9019dvLDsvWJGN8VC8YzX5227i
    K5EIRr1HgOWX/etw10pDCJp4dt3kuAkSh0IJgGo4IihjFgcEvVdveL4znivy0jSV
    7kg2C1K4Whsczt7EJuCf3F2otF4zp2idYSIY1h9fOTTT9y/a7NqZMdnjzYKfhQc6
    tATpi9UyS5QcFRNSGYTFL2DgwBH0+sM1dp3Z2M7GNnedIsKmUyJh
    -----END CERTIFICATE-----

    感觉是一样的啊
    yanwen
        4
    yanwen  
    OP
       2015-01-22 09:39:41 +08:00
    @SharkIng 我用了chrome 打开 貌似也是正常的。。估计是Firefox的问题吧。。
    COSTRENGTH
        5
    COSTRENGTH  
       2015-01-22 09:54:48 +08:00   ❤️ 1
    Entrust的证书,网上说已经跟CNNIC解除关系了,但是你信么?
    所以劫持不劫持还有意义么……
    threezhiwang
        6
    threezhiwang  
       2015-01-22 09:56:26 +08:00   ❤️ 1
    根证书不受信吧。
    不信很简单,不用呗。
    SharkIng
        7
    SharkIng  
       2015-01-22 10:27:47 +08:00   ❤️ 1
    @yanwen 好像Entrust的证书在FIrefox下就是总有问题。
    aaaa007cn
        8
    aaaa007cn  
       2015-01-22 22:48:12 +08:00   ❤️ 1
    我的 35.0 显示 sec_error_unknown_issuer
    删了 profile 下的 cert8.db 让 firefox 重建后就正常了

    话说广发银行的证书是 EV 证书
    但在 firefox 中有时显示为绿色的 EV 证书
    有时又显示成普通的灰锁
    ocsp.entrust.net 走代理后就一直绿了
    ocsp.entrust.net 是解析到 akamai 的
    该说不意外?
    yanwen
        9
    yanwen  
    OP
       2015-01-23 08:30:42 +08:00
    @aaaa007cn 擦。。果真如此。。
    aaaa007cn
        10
    aaaa007cn  
       2015-01-23 21:35:20 +08:00
    cert8.db 删除后
    之前加入的例外、手工撤销的证书也会全都丢失
    别忘记去撤销某些证书~~
    https://github.com/chengr28/RevokeChinaCerts
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   我们的愿景   ·   实用小工具   ·   965 人在线   最高记录 6543   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 21:16 · PVG 05:16 · LAX 14:16 · JFK 17:16
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.