Uniform certificate: הבדלים בין גרסאות בדף
DovidStroh (שיחה | תרומות) (יצירת דף עם התוכן "{{עמוד בעברית|תעודת אבטחה אחידה}} <div lang="en" dir="ltr" class="mw-content-ltr"> {{קישור אנגלית לתצוגת קריאה}} {...") |
DovidStroh (שיחה | תרומות) |
||
| שורה 29: | שורה 29: | ||
Therefore, NetFree created version 2 of the certificate, which includes the missing attributes. | Therefore, NetFree created version 2 of the certificate, which includes the missing attributes. | ||
| − | This certificate will be integrated into the [[New Version of the NetFree Filtering System|new version of the filtering system]], and it is recommended to install it in advance in order to prevent future issues. | + | This certificate will be integrated into the [[New Version of the NetFree Filtering System|new version of the filtering system]] (and in the old version - on servers affected by expirations), and it is recommended to install it in advance in order to prevent future issues. |
'''You can install it using the following guide: [[Uniform certificate installer 2]].''' | '''You can install it using the following guide: [[Uniform certificate installer 2]].''' | ||
גרסה אחרונה מ־22:21, 22 בינואר 2026
לעברית לחצו כאן
To switch from edit view to read view
Home page > Security certificate > Uniform certificate
In order for NetFree’s filtering system to also filter secure (HTTPS) content, a security certificate must be installed on every computer or device connected to the NetFree network.
In the past, NetFree created a separate certificate for each Internet provider in order to isolate security risks. This way, even if a vulnerability or security breach were to occur, it would be limited to a specific provider and would not affect the entire system.
Prior to the expiration of the certificate of RL about a year and a half ago, NetFree developed a new structure for creating a unified certificate with a special risk-isolation mechanism.
The core idea is to use a single master key, which holds a root certificate with an exceptionally long validity period, allowing secure and efficient issuance of certificates for all providers over time.
The master key is generated in a highly secure environment completely disconnected from the internet, using multiple sources of true randomness to ensure high-quality entropy and strong cryptographic security.
The key is stored in separate parts, with each part kept on encrypted hardware that meets strict security standards, and each part stored in a different physical location.
Once every three months, the custodians of the key parts meet in order to sign an intermediate certificate using the master key.
This intermediate certificate has a validity period of four months, with one month of overlap with the previous certificate.
The intermediate certificate is then used to automatically issue short-lived certificates (approximately every 24 hours) for each provider, in order to minimize risks in case of a potential compromise.
In the first version of the unified certificate, a mistake was made in the certificate attributes, which caused some systems to be unable to support it.
Therefore, NetFree created version 2 of the certificate, which includes the missing attributes.
This certificate will be integrated into the new version of the filtering system (and in the old version - on servers affected by expirations), and it is recommended to install it in advance in order to prevent future issues.
You can install it using the following guide: Uniform certificate installer 2.