# 从电脑中移除CNNIC证书

3月24日，有关媒体发布“谷歌称CNNIC发布用于中间人攻击证书”的报道，CNNIC声明如下：
1、CNNIC未发布用于中间人攻击的证书，谷歌博客近日也未指责是CNNIC发布了用于中间人攻击的证书。
2、CNNIC 服务器证书业务合作方MCS公司确认其不当签发的测试证书仅用于其实验室内部测试。
3、CNNIC已于3月22日撤销对MCS公司的业务授权。
4、CNNIC保留追究法律责任的权利。

2015年3月25日

2015年4月2日
对于这种事实上已经造成了非授权证书被使用的信用破产机构居然还能如此厚颜无耻的连续发这么多条声明，我只能说你不要脸，XX还要脸。
Goolge和Mozilla虽然已经不再信任CNNIC办法的证书，但CNNIC ROOT证书依然还存在于系统的根证书列表里，在CNNIC未对这次事件作出解释和道歉之前，让其证书出现在受信任的根证书列表里是个极大的信息安全隐患。下面是网上收集的关于如何从电脑中剔除CNNIC证书的操作方法：

# Nginx 反向代理访问google

server {
listen 80;
server_name g.lequ.im; #1
location / {
proxy_redirect off;
sub_filter_once off;
}
}

#1，设置反向代理的域名

You probably know that Google’s site: operator lets you restrict results to a site or domain. Search for [site:cnn.com iran] to restrict the results for “Iran” to CNN’s site, search for [site:googlesystem.blogspot.com gmail tips] to find Gmail tips from this blog. You can also use the site: operator for top-level domains and search for [site:fr debussy] or [site:edu ai].

Google’s site: operator is a lot more powerful than that. You can leave out some components of the address and replace them with asterisks. For example, you can find results from addresses that match this pattern: maps.*.com. Unfortunately, Google doesn’t show all the results that match the pattern.

You can also find results that have URLs which start with “news.” like “news.cnet.com” or “news.discovery.com”. Just search for [site:news.*].

What if you want to search Amazon’s international sites? Instead of typing [site:amazon.com OR site:amazon.co.uk OR site:amazon.ca OR site:amazon.de OR site:amazon.fr], just search for [site:amazon.*].

Google’s site: operator also works for directories. For example, you can find last year’s posts about Gmail by searching for [site:googlesystem.blogspot.com/2012 gmail].

You can even enter URLs that include parameters and leave out the parameters. Here’s a way to search the Google Maps help center: [site:support.google.com/maps/bin/answer.py inurl:”hl=en” 3d]. I’ve used the inurl: operator to restrict the results to English pages, but it’s not necessary to do that.