{"id":40,"date":"2024-08-03T20:32:00","date_gmt":"2024-08-03T17:32:00","guid":{"rendered":"https:\/\/casp.ru\/?p=40"},"modified":"2024-08-03T20:32:15","modified_gmt":"2024-08-03T17:32:15","slug":"openssl-ca","status":"publish","type":"post","link":"https:\/\/casp.ru\/?p=40","title":{"rendered":"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0433\u043e \u0446\u0435\u043d\u0442\u0440\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 openssl ca"},"content":{"rendered":"\n\u041d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0446\u0435\u043d\u0442\u0440 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (CA) \u0434\u043b\u044f \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u0431\u0435\u0437 \u0444\u0430\u043d\u0430\u0442\u0438\u0437\u043c\u0430 \u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e. \u0412 \u0438\u0434\u0435\u0430\u043b\u0435 \u0432\u0441\u0435 \u044d\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u0434\u0435\u0440\u0436\u0430\u0442\u044c \u043d\u0430 \u043c\u0430\u0448\u0438\u043d\u0435, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430. \u041c\u0430\u0448\u0438\u043d\u0430 \u043d\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043a \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442, \u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0434\u0435\u0442 \u0447\u0435\u0440\u0435\u0437 \u0444\u043b\u0435\u0448\u043a\u0443. \u00a0\u0412 \u0438\u0434\u0435\u0430\u043b\u0435 \ud83d\ude42\n\n\u041f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0430:\n<pre class=\\\"lang:sh decode:true\\\">export OPENSSL_CONF=${HOME}\/ssl\/CASP\/ca.conf\nexport HOME=${HOME}\/ssl\/CASP\nexport TMPDIR=${HOME}\/temp<\/pre>\n\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u043d\u0443\u0436\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b:\n<pre class=\\\"lang:sh decode:true\\\">touch -f ~\/.rnd ~\/oid_list.txt ~\/certdb.txt\necho \\\"01\\\" &gt; ~\/.certserial\necho \\\"01\\\" &gt; ~\/.crlserial\n\nmkdir -p ~\/bin ~\/archive ~\/store ~\/tmp\n<\/pre>\n\u0434\u0430\u043b\u0435\u0435 \u0437\u0430\u043f\u043e\u043b\u043d\u044f\u0435\u043c \u043a\u043e\u043d\u0444\u0438\u0433. \u041f\u043e \u0441\u0443\u0442\u0438 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b \u0434\u043b\u044f \u043f\u0440\u0430\u0432\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0432\u0441\u0435\u0433\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0442\u0440\u043e\u043a. \u0412 \u043d\u0430\u0447\u0430\u043b\u0435 HOME &#8212; \u043f\u0443\u0442\u044c \u043a \u043f\u0430\u043f\u043a\u0435 \u0441 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c\u0438, \u0438 \u0432 \u0441\u0430\u043c\u043e\u043c \u043d\u0438\u0437\u0443 \u0441\u0435\u043a\u0446\u0438\u044f org1_dn\n<pre class=\\\"minimize:true lang:ini decode:true \\\">HOME = \/home\/SSLCAUSER\/ssl\/PROJECTNAME\nTMPDIR = ${ENV::HOME}\/tmp\n\nMCA_WEBSITE = ca\n\nMCA_KEYLEN = 2048\nMCA_KEYAGE = 365\n\nSSLSAN = email:copy\n\n\n[ ca ]\n\ndefault_ca = org1\n\n\n[ org1 ]\n\nRANDFILE = ${ENV::HOME}\/.rnd\ncertificate = ${ENV::HOME}\/ca.crt\nprivate_key = ${ENV::HOME}\/ca.key\n\nnew_certs_dir = ${ENV::HOME}\/archive\n\noid_file = ${ENV::HOME}\/oid_list.txt\ndatabase = ${ENV::HOME}\/certdb.txt\nserial = ${ENV::HOME}\/.certserial\ncrlnumber = ${ENV::HOME}\/.crlserial\n\ndefault_days = ${ENV::MCA_KEYAGE}\ndefault_crl_days = 31\ndefault_md = sha256\nunique_subject = no\n\npreserve = no\nemail_in_dn = no\n#name_opt\n#cert_opt\ncopy_extensions = copy\nx509_extensions = x509_client\ncrl_extensions = org1_CRLext\npolicy = org1_policy\n\n\n[ req ]\noid_file = ${org1::oid_file}\ndefault_bits = ${ENV::MCA_KEYLEN}\nRANDFILE = ${org1::RANDFILE}\ndefault_md = ${org1::default_md}\nstring_mask = nombstr\n\n#prompt = no\n#utf8 = yes\n\nx509_extensions = x509_client\nreq_extensions = x509_client_req\ndistinguished_name = org1_dn\nattributes = org1_attr\n\n\n[ x509_base ]\n#basicConstraints = critical, CA:FALSE, pathlen:0\n#keyUsage = critical, digitalSignature, dataEncipherment\n#extendedKeyUsage = serverAuth, emailProtection\nsubjectKeyIdentifier = hash\nsubjectAltName = ${ENV::SSLSAN}\nauthorityKeyIdentifier = keyid:always,issuer:always\nissuerAltName = issuer:copy\nauthorityInfoAccess = caIssuers;URI:https:\/\/${MCA_WEBSITE}\/ca.cer\ncrlDistributionPoints = URI:https:\/\/${MCA_WEBSITE}\/ca.crl\n\n\n[ x509_ca ]\nbasicConstraints = critical, CA:TRUE, pathlen:0\nkeyUsage = critical, digitalSignature, keyCertSign, cRLSign\n#extendedKeyUsage =\nsubjectKeyIdentifier = ${x509_base::subjectKeyIdentifier}\nsubjectAltName = ${x509_base::subjectAltName}\nauthorityKeyIdentifier = ${x509_base::authorityKeyIdentifier}\nissuerAltName = ${x509_base::issuerAltName}\nauthorityInfoAccess = ${x509_base::authorityInfoAccess}\ncrlDistributionPoints = ${x509_base::crlDistributionPoints}\n\n\n[ x509_server ]\nbasicConstraints = critical, CA:FALSE\nkeyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment\nextendedKeyUsage = serverAuth, clientAuth, emailProtection\nsubjectKeyIdentifier = ${x509_base::subjectKeyIdentifier}\nauthorityKeyIdentifier = ${x509_base::authorityKeyIdentifier}\nissuerAltName = ${x509_base::issuerAltName}\nauthorityInfoAccess = ${x509_base::authorityInfoAccess}\ncrlDistributionPoints = ${x509_base::crlDistributionPoints}\n\n[ x509_server_req ]\nbasicConstraints = ${x509_server::basicConstraints}\nkeyUsage = ${x509_server::keyUsage}\nextendedKeyUsage = ${x509_server::extendedKeyUsage}\nsubjectKeyIdentifier = ${x509_server::subjectKeyIdentifier}\nsubjectAltName = ${x509_base::subjectAltName}\n\n[ x509_client ]\nbasicConstraints = critical, CA:FALSE\nkeyUsage = critical, digitalSignature, nonRepudiation, dataEncipherment\nextendedKeyUsage = clientAuth, emailProtection, codeSigning\nsubjectKeyIdentifier = ${x509_base::subjectKeyIdentifier}\nauthorityKeyIdentifier = ${x509_base::authorityKeyIdentifier}\nissuerAltName = ${x509_base::issuerAltName}\nauthorityInfoAccess = ${x509_base::authorityInfoAccess}\ncrlDistributionPoints = ${x509_base::crlDistributionPoints}\n\n[ x509_client_req ]\nbasicConstraints = ${x509_client::basicConstraints}\nkeyUsage = ${x509_client::keyUsage}\nextendedKeyUsage = ${x509_client::extendedKeyUsage}\nsubjectKeyIdentifier = ${x509_client::subjectKeyIdentifier}\nsubjectAltName = ${x509_base::subjectAltName}\n\n[ org1_CRLext ]\nauthorityKeyIdentifier=${x509_base::authorityKeyIdentifier}\nauthorityInfoAccess = ${x509_base::authorityInfoAccess}\ncrlDistributionPoints = ${x509_base::crlDistributionPoints}\n\n[ org1_policy ]\ncountryName             = supplied\nstateOrProvinceName     = optional\nlocalityName            = supplied\norganizationName        = optional\norganizationalUnitName  = optional\ncommonName              = supplied\nemailAddress            = supplied\nsubjectAltName          = optional\n\n[ org1_dn ]\ncountryName = Country Name (2 letter code, mandatory)\ncountryName_default = RU\ncountryName_min = 2\ncountryName_max = 2\n\nstateOrProvinceName = State or province name (optional)\n\nlocalityName = Locality Name (eg, city, mandatory)\nlocalityName_default = RU\n\norganizationName = Organization name (optional)\norganizationName_default = CASP corp.\n\norganizationalUnitName = Organizational Unit Name (eg, section)\norganizationalUnitName_default = Casp.ru DevOps commandos\n\ncommonName = Common Name (eg, YOUR name, or a server address)\ncommonName_default = fqdn_in_alt_names\ncommonName_max = 64\n\nemailAddress = Email Address (mandatory)\nemailAddress_default = admin@casp.ru\nemailAddress_max = 40\n\n\n[ org1_attr ]\n#challengePassword = A challenge password\n#challengePassword_min = 4\n#challengePassword_max = 20\n<\/pre>\n\u0414\u0430\u043b\u0435\u0435 \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438 \u043a\u043b\u044e\u0447. \u041f\u0430\u0440\u043e\u043b\u044c \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u043c.\n<pre class=\\\"lang:sh decode:true\\\">openssl req -newkey rsa:2048 -x509 -extensions x509_ca -keyout ~\/ca.key -out ~\/store\/ca-$(date +%Y%m%d).crt -days 3600\nln -fs store\/ca-$(date +%Y%m%d).crt ~\/ca.crt\n<\/pre>\n\u0424\u0430\u0439\u043b ca.crt &#8212; \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0438\u043c\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0435\u0441\u044c, \u0432 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0438\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u0438 \u0432 \u0441\u0430\u043c\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u043c\u043e\u0436\u0435\u043c \u043d\u0430\u0447\u0430\u0442\u044c \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u043d\u0430\u0448\u0438\u0445 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0434\u043e\u043c\u0435\u043d\u043e\u0432.\n<pre class=\\\"lang:sh decode:true \\\">cert=kibana\n\nSSLSAN=\\\"email:admin@casp.ru,DNS:kibana,DNS:kibana.companydomain.local,DNS:$cert\\\"\n\nopenssl req -new -reqexts x509_server_req -keyout ~\/store\/$cert.key -out ~\/store\/$cert.csr -nodes\nopenssl ca -extensions x509_server -in ~\/store\/$cert.csr -out ~\/store\/$cert.crt\n\n<\/pre>\n\u0412\u0441\u0435 \u0433\u043e\u0442\u043e\u0432\u043e. \u0427\u0442\u043e\u0431\u044b \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0435\u0440\u0435\u043d\u0435\u0441\u0442\u0438 \u044d\u0442\u0438 \u0434\u0432\u0430 \u0444\u0430\u0439\u043b\u0430 \u043d\u0430 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u0432\u0443\u043c\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c\u0438. \u041f\u0435\u0440\u0432\u0430\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c, \u0432 \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u043f\u0430\u043f\u043a\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, \u0432\u0442\u043e\u0440\u0430\u044f &#8212; \u043d\u0430 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043a\u0443\u0434\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442. \u0412\u0442\u043e\u0440\u0430\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u043d\u0430 \u0432\u0445\u043e\u0434 \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u0432\u044b\u0432\u043e\u0434 \u043f\u0435\u0440\u0432\u043e\u0439.\n<pre class=\\\"lang:sh decode:true\\\">(cd store; tar cvz $cert.crt $cert.key |base64 -w180)\n\ncd \/path\/webserver\/ssldir; base64 -d | tar xvz<\/pre>\n\u0427\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 pfx &#8212; \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435:\n<pre class=\\\"\\\">openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt<\/pre>\n\u0414\u0430\u043b\u0435\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u0435\u0433\u043e \u0432 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0432 nginx.\n<pre class=\\\"lang:sh decode:true \\\">listen 10.20.30.40:443 ssl;\n\nssl on;\nssl_protocols TLSv1 TLSv1.1 TLSv1.2; # SSLv3 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u044c CVE-2014-3566\nssl_certificate_key \/etc\/nginx\/ssl\/wiki.key;\nssl_certificate \/etc\/nginx\/ssl\/wiki.crt;\n<\/pre>\n\u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u043d\u0443\u0436\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043d\u0430\u0448 ca.crt \u0432 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0446\u0435\u043d\u0442\u0440\u044b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n\u0412 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043e\u0442 \u0440\u0443\u0442\u0430:\n<pre class=\\\"lang:sh decode:true\\\">cat ca.\u0441rt &gt; \/etc\/pki\/ca-trust\/source\/anchors\/myca.pem\nupdate-ca-trust\n<\/pre>\n\u0412 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 &#8212; \u0442\u0430\u043a \u0436\u0435 \u043f\u0440\u043e\u0441\u0442\u043e. \u0414\u043b\u044f \u043f\u0440\u0438\u043c\u0435\u0440\u0430 \u0432 \u0445\u0440\u043e\u043c\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c \u0443\u0440\u043b\u00a0chrome:\/\/settings\/certificates, \u0434\u0430\u043b\u0435\u0435 \\&#187;\u0426\u0435\u043d\u0442\u0440\u044b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438\\&#187; &#8212; \u0418\u043c\u043f\u043e\u0440\u0442.\n\n\u0415\u0441\u043b\u0438 \u0432\u0441\u0435 \u0441\u0434\u0435\u043b\u0430\u043d\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e, \u043f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043c\u044b \u0443\u0432\u0438\u0434\u0438\u043c \u0437\u0435\u043b\u0435\u043d\u044b\u0439 \u0437\u0430\u043c\u043e\u0447\u0435\u043a \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442! \u0423\u0432\u0438\u0434\u0435\u0442\u044c \u043c\u044b \u0434\u043e\u043b\u0436\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435:\n\nopenssl ca\n\n<img class=\\\"alignnone wp-image-285 size-full\\\" src=\\\"\/content\/uploads\/2017\/01\/greenssl-2-e1484136574535.png\\\" alt=\\\"openssl ca\\\" width=\\\"623\\\" height=\\\"35\\\" \/>\n\n\u0418 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u043d\u0438\u043a\u0430\u043a\u043e\u0439 \u0440\u0443\u0433\u0430\u043d\u0438 \u043e \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0435 \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 \u043a\u043e\u043d\u0441\u043e\u043b\u044c\u043d\u044b\u043c\u0438 wget \u0438\u043b\u0438 curl:\n<pre class=\\\"lang:sh decode:true \\\">curl https:\/\/kibana -I\nHTTP\/1.1 200 OK\nServer: nginx\n...\n...<\/pre>\n\u0412\u043e\u0442 \u0442\u0430\u043a \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0446\u0435\u043d\u0442\u0440 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f.\n","protected":false},"excerpt":{"rendered":"<p>\u041d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0446\u0435\u043d\u0442\u0440 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (CA) \u0434\u043b\u044f \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u0431\u0435\u0437 \u0444\u0430\u043d\u0430\u0442\u0438\u0437\u043c\u0430 \u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e. \u0412 \u0438\u0434\u0435\u0430\u043b\u0435 \u0432\u0441\u0435 \u044d\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u0434\u0435\u0440\u0436\u0430\u0442\u044c \u043d\u0430 \u043c\u0430\u0448\u0438\u043d\u0435, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043d\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430. \u041c\u0430\u0448\u0438\u043d\u0430 \u043d\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043a \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442, \u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0434\u0435\u0442 \u0447\u0435\u0440\u0435\u0437 \u0444\u043b\u0435\u0448\u043a\u0443.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-40","post","type-post","status-publish","format-standard","hentry","category-1","entry"],"_links":{"self":[{"href":"https:\/\/casp.ru\/index.php?rest_route=\/wp\/v2\/posts\/40","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/casp.ru\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/casp.ru\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/casp.ru\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/casp.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=40"}],"version-history":[{"count":1,"href":"https:\/\/casp.ru\/index.php?rest_route=\/wp\/v2\/posts\/40\/revisions"}],"predecessor-version":[{"id":41,"href":"https:\/\/casp.ru\/index.php?rest_route=\/wp\/v2\/posts\/40\/revisions\/41"}],"wp:attachment":[{"href":"https:\/\/casp.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=40"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/casp.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=40"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/casp.ru\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=40"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}