[Перевод] Let's Encrypt обслуживает почти 30% доменов
193590544 null 47237383 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3 13367305 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA 13092572 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA 10081610 C=US, O=Google Trust Services, CN=Google Internet Authority G3 7048258 C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority 6772537 C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA 4946970 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018 3926261 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 3727005 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority — G2 3483129 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority — G2 3404488 C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2 2523036 C=US, O=Amazon, OU=Server CA 1B, CN=Amazon 2498667 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1 2431104 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA — SHA256 — G2 2422131 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA — SHA256 — G2 2310140 C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA 1791127 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA — G1 1298054 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA 1019337 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018 853367 C=US, O=DigiCert Inc, CN=DigiCert ECC Secure Server CA 842994 C=US, ST=Someprovince, L=Sometown, O=none, OU=none, CN=localhost, emailAddress=webmaster@localhost 828175 C=CH, L=Schaffhausen, O=Plesk, CN=Plesk, emailAddress=info@plesk.com 800601 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte RSA CA 2018 736336 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA — SHA256 — G2 679798 C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 648187 OU=Default Web server, CN=www.example.com, emailAddress=postmaster@example.com 572342 C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=server.ab-archive.net, emailAddress=root@server.ab-archive.net 546456 C=DE, ST=Bayern, L=Muenchen, O=ispgateway, CN=webserver.ispgateway.de, emailAddress=hostmaster@ispgateway.de 501592 C=US, ST=Virginia, L=Herndon, O=Parallels, OU=Parallels Panel, CN=Parallels Panel, emailAddress=info@parallels.com 501093 C=US, ST=California, O=DreamHost, CN=sni.dreamhost.com 480468 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA 468190 C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA — SHA256 — G3 464242 C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=localhost.localdomain, emailAddress=root@localhost.localdomain 455067 C=PL, O=home.pl SA, CN=Certyfikat SSL 445550 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA — G2 417062 C=PL, O=Unizeto Technologies SA, OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 416966 C=JP, ST=Tokyo, L=Chiyoda-ku, O=Gehirn Inc., CN=Gehirn Managed Certification Authority — RSA DV 384480 C=IT, ST=Bergamo, L=Ponte San Pietro, O=Actalis SpA/03358520967, CN=Actalis Organization Validated Server CA G2 368708 C=JP, ST=OSAKA, L=OSAKA, O=SecureCore, CN=SecureCore RSA DV CA 353716 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1 343034 C=US, O=DigiCert Inc, CN=DigiCert Global CA G2 278170 C=PL, O=nazwa.pl sp. z oo, OU=http://nazwa.pl, CN=nazwaSSL 267784 C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Organization Validation SHA256 CA, Level 1, emailAddress=ca@trustwave.com 251987 C=IT, ST=Bergamo, L=Ponte San Pietro, O=Actalis SpA/03358520967, CN=Actalis Domain Validation Server CA G2 244273 C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan Public CA G3 236608 C=US, ST=Washington, L=Seattle, O=Odin, OU=Plesk, CN=Plesk, emailAddress=info@plesk.com 228615 C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA 202529 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1 184627 C=US, ST=MI, L=Ann Arbor, O=Internet2, OU=InCommon, CN=InCommon RSA Server CA 184276 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=© 2012 Entrust, Inc. — for authorized use only, CN=Entrust Certification Authority — L1K 177315 C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3 171469 C=LV, L=Riga, O=GoGetSSL, CN=GoGetSSL RSA DV CA 168933 C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA 150830 C=RU, ST=Moscow, L=Moscow, O=Odin, OU=Odin Automation, CN=odin.com, emailAddress=webmaster@odin.com 122399 C=JP, O=Japan Registry Services Co., Ltd., CN=JPRS Domain Validation Authority — G2 118029 C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA 109435 C=GB, ST=Berkshire, L=Newbury, O=My Company Ltd 108309 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 108016 C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA — G3 107719 C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=ns546485.ip-158–69–252.net, emailAddress=root@ns546485.ip-158–69–252.net 106164 C=US, ST=DE, L=Wilmington, O=Corporation Service Company, CN=Trusted Secure Certificate Authority DV 104634 CN=localhost
В схеме zgrab это .data.tls.server_certificates.certificate.parsed.issuer_dn
, результаты можно воспроизвести с помощью zcat 2019-08-01-ssl-*.gz | parallel --pipe jq -r .data.tls.server_certificates.certificate.parsed.issuer_dn | sort | uniq -c zcat 2019-08-01-ssl-*.gz | parallel --pipe jq -r .data.tls.server_certificates.certificate.parsed.issuer_dn | sort | uniq -c zcat 2019-08-01-ssl-*.gz | parallel --pipe jq -r .data.tls.server_certificates.certificate.parsed.issuer_dn | sort | uniq -c