广发银行的网上银行证书是被劫持了么？？

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

已注册用户请登录

这是一个创建于 3918 天前的主题，其中的信息可能已经有所发展或是发生改变。

登录网银的时候证书提示不受信任

求分析。。

证书如下：

-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgIETCDbCDANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMzA2MjYwMjE0MjRaFw0xNTA2MjYy
MDIzNDVaMIHjMQswCQYDVQQGEwJDTjESMBAGA1UECBMJR3Vhbmdkb25nMRIwEAYD
VQQHEwlHdWFuZ3pob3UxEzARBgsrBgEEAYI3PAIBAxMCQ04xGjAYBgsrBgEEAYI3
PAIBAhMJR3Vhbmdkb25nMSMwIQYDVQQKExpDaGluYSBHdWFuZ2ZhIEJhbmsgQ28u
LEx0ZDEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xNzAWBgNVBAUTDzQ0
MDAwMDAwMDA0NjU0MTAdBgNVBAMTFmViYW5rcy5jZ2JjaGluYS5jb20uY24wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB5igK2SLPtzLXSKn0n698aVD0
F+cnbmhZDjvm6jJkTwUCHU5MuI/dgYJf41ho1W6DRsInMke5l0NBjNZXI7BkV/Jc
JLDJEs+vhnYbU7kuiitHTXsyhb3kRJpQML51FUDSSC7G7gI+XGaG60Tqk5IfQBTV
KAdoTS/bmP8ukAvshVhpdgOPy8gslDMsUjPgJPPwH/8Qmqe1xtazU0sQ0MdYb1ZZ
SJmfU7C9+N2I9azMhYb909JI3QF6brlPchBLR4c/BOyuQSbpXIFD/xFvBxVcVfRZ
dnrbYl7S+nVfbIHBVtfZY/lIyFJJ+ZuoRC11PX2Z3VJbuUwSyU8xV1/uat03AgMB
AAGjggF9MIIBeTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQv
bDFlLWNoYWluLmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1
c3QubmV0L2xldmVsMWUuY3JsMEEGA1UdIAQ6MDgwNgYKYIZIAYb6bAoBAjAoMCYG
CCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAhBgNVHREEGjAY
ghZlYmFua3MuY2diY2hpbmEuY29tLmNuMB8GA1UdIwQYMBaAFFtBirLEQ8G9v8hU
QVWd4Jat/7mhMB0GA1UdDgQWBBR/BPr0b4SytJZ750e7QkkSrQgdOTAJBgNVHRME
AjAAMA0GCSqGSIb3DQEBBQUAA4IBAQCwgTHkbn3Z8vOjbKEc6CDAfcsO35faCXMV
1rYqv5kQu92QmCWyfRJldqttjGhIhgOwSYjZp2ftdpsxsD2UaVCXzFEg0xaUUP9y
5ZNCrZfV/JTZte32QHo5Fg95GP7XOGcUicFBWh9019dvLDsvWJGN8VC8YzX5227i
K5EIRr1HgOWX/etw10pDCJp4dt3kuAkSh0IJgGo4IihjFgcEvVdveL4znivy0jSV
7kg2C1K4Whsczt7EJuCf3F2otF4zp2idYSIY1h9fOTTT9y/a7NqZMdnjzYKfhQc6
tATpi9UyS5QcFRNSGYTFL2DgwBH0+sM1dp3Z2M7GNnedIsKmUyJh
-----END CERTIFICATE-----

证书

广发

劫持

10 条回复 2015-01-23 21:35:20 +08:00

lzxgh621

2015-01-22 09:25:57 +08:00

未重现技术细节没点开看不到信息

SharkIng

2015-01-22 09:28:39 +08:00

我打开是正常证书

-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgIETCDbCDANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMzA2MjYwMjE0MjRaFw0xNTA2MjYy
MDIzNDVaMIHjMQswCQYDVQQGEwJDTjESMBAGA1UECBMJR3Vhbmdkb25nMRIwEAYD
VQQHEwlHdWFuZ3pob3UxEzARBgsrBgEEAYI3PAIBAxMCQ04xGjAYBgsrBgEEAYI3
PAIBAhMJR3Vhbmdkb25nMSMwIQYDVQQKExpDaGluYSBHdWFuZ2ZhIEJhbmsgQ28u
LEx0ZDEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xNzAWBgNVBAUTDzQ0
MDAwMDAwMDA0NjU0MTAdBgNVBAMTFmViYW5rcy5jZ2JjaGluYS5jb20uY24wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB5igK2SLPtzLXSKn0n698aVD0
F+cnbmhZDjvm6jJkTwUCHU5MuI/dgYJf41ho1W6DRsInMke5l0NBjNZXI7BkV/Jc
JLDJEs+vhnYbU7kuiitHTXsyhb3kRJpQML51FUDSSC7G7gI+XGaG60Tqk5IfQBTV
KAdoTS/bmP8ukAvshVhpdgOPy8gslDMsUjPgJPPwH/8Qmqe1xtazU0sQ0MdYb1ZZ
SJmfU7C9+N2I9azMhYb909JI3QF6brlPchBLR4c/BOyuQSbpXIFD/xFvBxVcVfRZ
dnrbYl7S+nVfbIHBVtfZY/lIyFJJ+ZuoRC11PX2Z3VJbuUwSyU8xV1/uat03AgMB
AAGjggF9MIIBeTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQv
bDFlLWNoYWluLmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1
c3QubmV0L2xldmVsMWUuY3JsMEEGA1UdIAQ6MDgwNgYKYIZIAYb6bAoBAjAoMCYG
CCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAhBgNVHREEGjAY
ghZlYmFua3MuY2diY2hpbmEuY29tLmNuMB8GA1UdIwQYMBaAFFtBirLEQ8G9v8hU
QVWd4Jat/7mhMB0GA1UdDgQWBBR/BPr0b4SytJZ750e7QkkSrQgdOTAJBgNVHRME
AjAAMA0GCSqGSIb3DQEBBQUAA4IBAQCwgTHkbn3Z8vOjbKEc6CDAfcsO35faCXMV
1rYqv5kQu92QmCWyfRJldqttjGhIhgOwSYjZp2ftdpsxsD2UaVCXzFEg0xaUUP9y
5ZNCrZfV/JTZte32QHo5Fg95GP7XOGcUicFBWh9019dvLDsvWJGN8VC8YzX5227i
K5EIRr1HgOWX/etw10pDCJp4dt3kuAkSh0IJgGo4IihjFgcEvVdveL4znivy0jSV
7kg2C1K4Whsczt7EJuCf3F2otF4zp2idYSIY1h9fOTTT9y/a7NqZMdnjzYKfhQc6
tATpi9UyS5QcFRNSGYTFL2DgwBH0+sM1dp3Z2M7GNnedIsKmUyJh
-----END CERTIFICATE-----

感觉是一样的啊

yanwen

2015-01-22 09:39:41 +08:00

@SharkIng 我用了chrome 打开貌似也是正常的。。估计是Firefox的问题吧。。

COSTRENGTH

2015-01-22 09:54:48 +08:00

Entrust的证书，网上说已经跟CNNIC解除关系了，但是你信么？
所以劫持不劫持还有意义么……

threezhiwang

2015-01-22 09:56:26 +08:00

根证书不受信吧。
不信很简单，不用呗。

SharkIng

2015-01-22 10:27:47 +08:00

@yanwen 好像Entrust的证书在FIrefox下就是总有问题。

aaaa007cn

2015-01-22 22:48:12 +08:00

我的 35.0 显示 sec_error_unknown_issuer
删了 profile 下的 cert8.db 让 firefox 重建后就正常了

话说广发银行的证书是 EV 证书
但在 firefox 中有时显示为绿色的 EV 证书
有时又显示成普通的灰锁
让 ocsp.entrust.net 走代理后就一直绿了
ocsp.entrust.net 是解析到 akamai 的
该说不意外？

yanwen

2015-01-23 08:30:42 +08:00

@aaaa007cn 擦。。果真如此。。

aaaa007cn

2015-01-23 21:35:20 +08:00

cert8.db 删除后
之前加入的例外、手工撤销的证书也会全都丢失
别忘记去撤销某些证书~~
https://github.com/chengr28/RevokeChinaCerts