Uniform certificate

מתוך ויקי נטפרי
גרסה מ־22:21, 22 בינואר 2026 מאת DovidStroh (שיחה | תרומות)
(הבדל) → הגרסה הקודמת | הגרסה האחרונה (הבדל) | הגרסה הבאה ← (הבדל)
קפיצה לניווט קפיצה לחיפוש

לעברית לחצו כאן

To switch from edit view to read view

To search in the Wiki

Home page > Security certificate > Uniform certificate ‎‎



In order for NetFree’s filtering system to also filter secure (HTTPS) content, a security certificate must be installed on every computer or device connected to the NetFree network.

In the past, NetFree created a separate certificate for each Internet provider in order to isolate security risks. This way, even if a vulnerability or security breach were to occur, it would be limited to a specific provider and would not affect the entire system.

Prior to the expiration of the certificate of RL about a year and a half ago, NetFree developed a new structure for creating a unified certificate with a special risk-isolation mechanism.

The core idea is to use a single master key, which holds a root certificate with an exceptionally long validity period, allowing secure and efficient issuance of certificates for all providers over time.

The master key is generated in a highly secure environment completely disconnected from the internet, using multiple sources of true randomness to ensure high-quality entropy and strong cryptographic security.

The key is stored in separate parts, with each part kept on encrypted hardware that meets strict security standards, and each part stored in a different physical location.

Once every three months, the custodians of the key parts meet in order to sign an intermediate certificate using the master key.

This intermediate certificate has a validity period of four months, with one month of overlap with the previous certificate.

The intermediate certificate is then used to automatically issue short-lived certificates (approximately every 24 hours) for each provider, in order to minimize risks in case of a potential compromise.

In the first version of the unified certificate, a mistake was made in the certificate attributes, which caused some systems to be unable to support it.

Therefore, NetFree created version 2 of the certificate, which includes the missing attributes.

This certificate will be integrated into the new version of the filtering system (and in the old version - on servers affected by expirations), and it is recommended to install it in advance in order to prevent future issues.

You can install it using the following guide: Uniform certificate installer 2.

אוחזר מתוך "https://wiki.netfree.link/index.php?title=Uniform_certificate&oldid=18018"