{"id":15806,"date":"2026-06-04T17:21:11","date_gmt":"2026-06-04T14:21:11","guid":{"rendered":"https:\/\/www.ihs.com.tr\/blog\/?p=15806"},"modified":"2026-06-04T17:21:11","modified_gmt":"2026-06-04T14:21:11","slug":"public-key-infrastructure-pki-mimarisi-ve-bilesenleri","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/","title":{"rendered":"&#8220;Public Key Infrastructure&#8221; (PKI) Mimarisi ve Bile\u015fenleri"},"content":{"rendered":"<p>Dijitalle\u015fen d\u00fcnyada, \u00e7evrimi\u00e7i etkile\u015fimlerin g\u00fcvenli\u011fi her zamankinden daha kritik hale gelmi\u015ftir. Kimlik h\u0131rs\u0131zl\u0131\u011f\u0131, veri ihlalleri ve siber sald\u0131r\u0131lar gibi tehditler, bireylerin ve kurumlar\u0131n dijital varl\u0131klar\u0131n\u0131 koruma ihtiyac\u0131n\u0131 art\u0131rmaktad\u0131r. \u0130\u015fte bu noktada A\u00e7\u0131k Anahtar Altyap\u0131s\u0131, yani Public Key Infrastructure (PKI), dijital kimlikleri do\u011frulamak, ileti\u015fimi \u015fifrelemek ve verilerin b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc sa\u011flamak i\u00e7in temel bir \u00e7er\u00e7eve sunar. PKI, internet \u00fczerinden yap\u0131lan i\u015flemlerin, e-ticaretten bankac\u0131l\u0131\u011fa, g\u00fcvenli e-postadan uzaktan eri\u015fime kadar geni\u015f bir yelpazede g\u00fcvenle ger\u00e7ekle\u015ftirilmesini sa\u011flayan teknolojiler, politikalar ve prosed\u00fcrler b\u00fct\u00fcn\u00fcd\u00fcr.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_77 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7erik Tablosu<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a21c9f25e3c3\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\" id=\"ez-toc-cssicon-toggle-item-6a21c9f25e3c3\" aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Acik-Anahtar-Altyapisinin-PKI-Temelleri\" >A\u00e7\u0131k Anahtar Altyap\u0131s\u0131n\u0131n (PKI) Temelleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#PKI-Nedir-ve-Neden-Gereklidir\" >PKI Nedir ve Neden Gereklidir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Asimetrik-Kriptografinin-Rolu-Acik-ve-Ozel-Anahtarlar\" >Asimetrik Kriptografinin Rol\u00fc: A\u00e7\u0131k ve \u00d6zel Anahtarlar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Dijital-Dunyada-Guven-Kimlik-Dogrulama-ve-Butunluk-Ihtiyaci\" >Dijital D\u00fcnyada G\u00fcven, Kimlik Do\u011frulama ve B\u00fct\u00fcnl\u00fck \u0130htiyac\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#PKI-Mimarisi-ve-Temel-Bilesenleri\" >PKI Mimarisi ve Temel Bile\u015fenleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Otoritesi-Certificate-Authority-%E2%80%93-CA\" >Sertifika Otoritesi (Certificate Authority &#8211; CA)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Kayit-Otoritesi-Registration-Authority-%E2%80%93-RA\" >Kay\u0131t Otoritesi (Registration Authority &#8211; RA)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Deposu-Certificate-Repository\" >Sertifika Deposu (Certificate Repository)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Dogrulama-Otoritesi-Validation-Authority-%E2%80%93-VA\" >Sertifika Do\u011frulama Otoritesi (Validation Authority &#8211; VA)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Saklama-Alani-Certificate-Store\" >Sertifika Saklama Alan\u0131 (Certificate Store)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Son-Varliklar-End-Entities-Kullanicilar-Sunucular-ve-Cihazlar\" >Son Varl\u0131klar (End Entities): Kullan\u0131c\u0131lar, Sunucular ve Cihazlar<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Dijital-Sertifikalar-PKInin-Kalbi\" >Dijital Sertifikalar: PKI&#8217;nin Kalbi<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Dijital-Sertifika-Nedir\" >Dijital Sertifika Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#X509-Sertifika-Standardi-ve-Yapisi\" >X.509 Sertifika Standard\u0131 ve Yap\u0131s\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Alanlarinin-Detayli-Incelenmesi\" >Sertifika Alanlar\u0131n\u0131n Detayl\u0131 \u0130ncelenmesi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Turleri-ve-Kullanim-Alanlari\" >Sertifika T\u00fcrleri ve Kullan\u0131m Alanlar\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Yasam-Dongusu-Yonetimi\" >Sertifika Ya\u015fam D\u00f6ng\u00fcs\u00fc Y\u00f6netimi<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Anahtar-Cifti-Olusturma-Key-Pair-Generation\" >Anahtar \u00c7ifti Olu\u015fturma (Key Pair Generation)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Imza-Istegi-Certificate-Signing-Request-%E2%80%93-CSR-Olusturma\" >Sertifika \u0130mza \u0130ste\u011fi (Certificate Signing Request &#8211; CSR) Olu\u015fturma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Yayimlama-ve-Dagitim\" >Sertifika Yay\u0131mlama ve Da\u011f\u0131t\u0131m<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Yenileme-Renewal\" >Sertifika Yenileme (Renewal)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Iptali-ve-Gecersiz-Kilma-Revocation\" >Sertifika \u0130ptali ve Ge\u00e7ersiz K\u0131lma (Revocation)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#PKI-Guven-Modelleri-ve-Hiyerarsisi\" >PKI G\u00fcven Modelleri ve Hiyerar\u015fisi<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Guven-Zinciri-Chain-of-Trust-Kavrami\" >G\u00fcven Zinciri (Chain of Trust) Kavram\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Kok-Sertifika-Otoriteleri-Root-CAs-ve-Guven-Capasi-Trust-Anchor\" >K\u00f6k Sertifika Otoriteleri (Root CAs) ve G\u00fcven \u00c7apas\u0131 (Trust Anchor)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Ara-Sertifika-Otoriteleri-Intermediate-CAs\" >Ara Sertifika Otoriteleri (Intermediate CAs)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Tek-Kok-Hiyerarsisi-Single-Root-Hierarchy\" >Tek K\u00f6k Hiyerar\u015fisi (Single Root Hierarchy)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Capraz-Sertifikasyon-ve-Kopru-Modelleri-Cross-Certification-Bridge-Models\" >\u00c7apraz Sertifikasyon ve K\u00f6pr\u00fc Modelleri (Cross-Certification &#038; Bridge Models)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#PKInin-Pratik-Uygulama-Senaryolari\" >PKI&#8217;nin Pratik Uygulama Senaryolar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Guvenli-Web-Iletisimi-HTTPS\" >G\u00fcvenli Web \u0130leti\u015fimi (HTTPS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sanal-Ozel-Aglar-VPN-ve-Uzaktan-Erisim-Guvenligi\" >Sanal \u00d6zel A\u011flar (VPN) ve Uzaktan Eri\u015fim G\u00fcvenli\u011fi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#E-posta-Sifreleme-ve-Dijital-Imzalama\" >E-posta \u015eifreleme ve Dijital \u0130mzalama<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Kablosuz-Ag-Guvenligi-8021X-EAP-TLS\" >Kablosuz A\u011f G\u00fcvenli\u011fi (802.1X EAP-TLS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Yazilim-ve-Suruculerin-Guvenligi-Code-Signing\" >Yaz\u0131l\u0131m ve S\u00fcr\u00fcc\u00fclerin G\u00fcvenli\u011fi (Code Signing)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Elektronik-Belge-Yonetimi-ve-E-Imza\" >Elektronik Belge Y\u00f6netimi ve E-\u0130mza<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-36\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#PKI-Guvenligi-ve-En-Iyi-Uygulamalar\" >PKI G\u00fcvenli\u011fi ve En \u0130yi Uygulamalar<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-37\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#CA-Ozel-Anahtarinin-Korunmasi-Donanim-Guvenlik-Modulleri-HSM\" >CA \u00d6zel Anahtar\u0131n\u0131n Korunmas\u0131: Donan\u0131m G\u00fcvenlik Mod\u00fclleri (HSM)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-38\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Politikasi-Certificate-Policy-%E2%80%93-CP\" >Sertifika Politikas\u0131 (Certificate Policy &#8211; CP)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-39\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Sertifika-Uygulama-Esaslari-Certification-Practice-Statement-%E2%80%93-CPS\" >Sertifika Uygulama Esaslar\u0131 (Certification Practice Statement &#8211; CPS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-40\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Fiziksel-ve-Operasyonel-Guvenlik-Onlemleri\" >Fiziksel ve Operasyonel G\u00fcvenlik \u00d6nlemleri<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-41\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Duzenli-Denetim-ve-Izlemenin-Onemi\" >D\u00fczenli Denetim ve \u0130zlemenin \u00d6nemi<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-42\" href=\"https:\/\/www.ihs.com.tr\/blog\/public-key-infrastructure-pki-mimarisi-ve-bilesenleri\/#Kurumsal-PKI-ve-Dijital-Sertifika-Cozumleri-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\" >Kurumsal PKI ve Dijital Sertifika \u00c7\u00f6z\u00fcmleri \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Acik-Anahtar-Altyapisinin-PKI-Temelleri\"><\/span>A\u00e7\u0131k Anahtar Altyap\u0131s\u0131n\u0131n (PKI) Temelleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A\u00e7\u0131k Anahtar Altyap\u0131s\u0131 (PKI), dijital d\u00fcnyada g\u00fcvenli\u011fi sa\u011flamak amac\u0131yla olu\u015fturulmu\u015f kapsaml\u0131 bir sistemdir. Bu sistem, temel olarak asimetrik kriptografi y\u00f6ntemlerini kullanarak dijital sertifikalar arac\u0131l\u0131\u011f\u0131yla kimlik do\u011frulama, veri \u015fifreleme, b\u00fct\u00fcnl\u00fck ve ink\u00e2r edilemezlik gibi temel g\u00fcvenlik prensiplerini hayata ge\u00e7irir. PKI olmadan, \u00e7evrimi\u00e7i ortamda kiminle ileti\u015fim kurdu\u011fumuzdan veya bir web sitesinin ger\u00e7ekten iddia etti\u011fi kurum olup olmad\u0131\u011f\u0131ndan emin olamazd\u0131k.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"PKI-Nedir-ve-Neden-Gereklidir\"><\/span>PKI Nedir ve Neden Gereklidir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PKI, dijital sertifikalar\u0131 olu\u015fturmak, y\u00f6netmek, da\u011f\u0131tmak, kullanmak, saklamak ve iptal etmek i\u00e7in gereken donan\u0131m, yaz\u0131l\u0131m, politika, standartlar ve insan kaynaklar\u0131n\u0131n bir araya geldi\u011fi bir altyap\u0131d\u0131r. \u0130nternet gibi g\u00fcvenli olmayan bir a\u011f \u00fczerinde g\u00fcvenli ileti\u015fim kurma ihtiyac\u0131ndan do\u011fmu\u015ftur. \u00d6rne\u011fin, bir e-ticaret sitesine kredi kart\u0131 bilgilerinizi girdi\u011finizde, bu bilgilerin do\u011fru yere gitti\u011finden ve \u00fc\u00e7\u00fcnc\u00fc \u015fah\u0131slar taraf\u0131ndan ele ge\u00e7irilmedi\u011finden emin olman\u0131z\u0131 sa\u011flayan temel teknoloji PKI&#8217;dir. Bu altyap\u0131, dijital kimliklerin g\u00fcvenilir bir \u015fekilde do\u011frulanmas\u0131n\u0131 ve y\u00f6netilmesini m\u00fcmk\u00fcn k\u0131lar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Asimetrik-Kriptografinin-Rolu-Acik-ve-Ozel-Anahtarlar\"><\/span>Asimetrik Kriptografinin Rol\u00fc: A\u00e7\u0131k ve \u00d6zel Anahtarlar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PKI&#8217;nin kalbinde asimetrik kriptografi (veya a\u00e7\u0131k anahtar kriptografisi) yatar. Bu y\u00f6ntemde, matematiksel olarak birbirine ba\u011fl\u0131 bir \u00e7ift anahtar kullan\u0131l\u0131r: bir a\u00e7\u0131k anahtar (public key) ve bir \u00f6zel anahtar (private key). A\u00e7\u0131k anahtar, ad\u0131ndan da anla\u015f\u0131laca\u011f\u0131 gibi, herkesle g\u00fcvenle payla\u015f\u0131labilir. \u00d6zel anahtar ise sahibi taraf\u0131ndan mutlak bir gizlilikle korunmal\u0131d\u0131r. Bu ikilinin temel i\u015flevi \u015fudur: A\u00e7\u0131k anahtar ile \u015fifrelenen bir veri, yaln\u0131zca ilgili \u00f6zel anahtar ile \u00e7\u00f6z\u00fclebilir. Tersine, \u00f6zel anahtar ile imzalanan bir veri, ilgili a\u00e7\u0131k anahtar ile do\u011frulanabilir. Bu mekanizma, hem veri gizlili\u011fini hem de dijital imzalar arac\u0131l\u0131\u011f\u0131yla kimlik do\u011frulu\u011funu sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dijital-Dunyada-Guven-Kimlik-Dogrulama-ve-Butunluk-Ihtiyaci\"><\/span>Dijital D\u00fcnyada G\u00fcven, Kimlik Do\u011frulama ve B\u00fct\u00fcnl\u00fck \u0130htiyac\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Fiziksel d\u00fcnyada kimli\u011fimizi do\u011frulamak i\u00e7in pasaport, kimlik kart\u0131 gibi belgeler kullan\u0131r\u0131z. Dijital d\u00fcnyada ise bu i\u015flevi dijital sertifikalar ve PKI \u00fcstlenir. G\u00fcven, herhangi bir dijital i\u015flemin temel ta\u015f\u0131d\u0131r. PKI, bu g\u00fcveni \u00fc\u00e7 temel ilkeyi sa\u011flayarak olu\u015fturur: <b>Kimlik Do\u011frulama (Authentication)<\/b>, ileti\u015fim kuran taraflar\u0131n kimliklerinin do\u011frulanmas\u0131n\u0131 sa\u011flar. <b>B\u00fct\u00fcnl\u00fck (Integrity)<\/b>, g\u00f6nderilen verinin transfer s\u0131ras\u0131nda de\u011fi\u015ftirilmedi\u011fini garanti eder. <b>\u0130nk\u00e2r Edilemezlik (Non-repudiation)<\/b>, bir i\u015flemi ger\u00e7ekle\u015ftiren ki\u015finin daha sonra bu i\u015flemi yapt\u0131\u011f\u0131n\u0131 ink\u00e2r etmesini engeller.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PKI-Mimarisi-ve-Temel-Bilesenleri\"><\/span>PKI Mimarisi ve Temel Bile\u015fenleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>PKI, dijital g\u00fcvenli\u011fin omurgas\u0131n\u0131 olu\u015fturan karma\u015f\u0131k ancak son derece organize bir yap\u0131d\u0131r. Bu mimari, farkl\u0131 g\u00f6revlere sahip \u00e7e\u015fitli bile\u015fenlerin uyum i\u00e7inde \u00e7al\u0131\u015fmas\u0131yla i\u015flev g\u00f6r\u00fcr. Her bir bile\u015fen, dijital sertifikalar\u0131n ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fcn belirli bir a\u015famas\u0131ndan sorumludur ve sistemin b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc korumak i\u00e7in kritik bir rol oynar. G\u00fc\u00e7l\u00fc bir <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">hosting<\/a> altyap\u0131s\u0131 \u00fczerinde \u00e7al\u0131\u015fan bu bile\u015fenler, sistemin sorunsuz i\u015flemesini sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Otoritesi-Certificate-Authority-%E2%80%93-CA\"><\/span>Sertifika Otoritesi (Certificate Authority &#8211; CA)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika Otoritesi (CA), PKI hiyerar\u015fisinin en tepesinde yer alan ve en g\u00fcvenilir bile\u015fenidir. CA&#8217;n\u0131n temel g\u00f6revi, dijital sertifikalar\u0131 yay\u0131mlamak, imzalamak ve y\u00f6netmektir. Bir CA, bir ki\u015fi veya kurulu\u015fun kimli\u011fini do\u011frulad\u0131ktan sonra, bu kimli\u011fi a\u00e7\u0131k anahtarlar\u0131na ba\u011flayan bir dijital sertifika olu\u015fturur. CA, kendi \u00f6zel anahtar\u0131yla bu sertifikay\u0131 imzalayarak sertifikan\u0131n ge\u00e7erlili\u011fini ve g\u00fcvenilirli\u011fini garanti eder. Comodo, DigiCert gibi k\u00fcresel CA&#8217;lar, bu g\u00fcvenin temel sa\u011flay\u0131c\u0131lar\u0131d\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kayit-Otoritesi-Registration-Authority-%E2%80%93-RA\"><\/span>Kay\u0131t Otoritesi (Registration Authority &#8211; RA)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kay\u0131t Otoritesi (RA), CA ad\u0131na sertifika ba\u015fvurular\u0131n\u0131 do\u011frulayan birimdir. Her ne kadar sertifikalar\u0131 imzalama yetkisi olmasa da, RA, ba\u015fvuru sahibinin kimli\u011fini (\u00f6rne\u011fin bir birey, bir sunucu veya bir kurulu\u015f) do\u011frulama s\u00fcrecini y\u00fcr\u00fct\u00fcr. Bu do\u011frulama ad\u0131mlar\u0131n\u0131 tamamlad\u0131ktan sonra, ba\u015fvuruyu onay i\u00e7in CA&#8217;ya iletir. Bu i\u015f b\u00f6l\u00fcm\u00fc, CA&#8217;n\u0131n \u00fczerindeki y\u00fck\u00fc azalt\u0131r ve kimlik do\u011frulama s\u00fcre\u00e7lerinin daha verimli ve g\u00fcvenli bir \u015fekilde y\u00fcr\u00fct\u00fclmesini sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Deposu-Certificate-Repository\"><\/span>Sertifika Deposu (Certificate Repository)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika deposu, yay\u0131mlanm\u0131\u015f olan dijital sertifikalar\u0131n ve sertifika iptal listelerinin (CRL) sakland\u0131\u011f\u0131 halka a\u00e7\u0131k bir veritaban\u0131d\u0131r. Bu depo, kullan\u0131c\u0131lar\u0131n ve sistemlerin ihtiya\u00e7 duyduklar\u0131 sertifikalara ve onlar\u0131n ge\u00e7erlilik durumlar\u0131na kolayca eri\u015febilmelerini sa\u011flar. Genellikle LDAP (Lightweight Directory Access Protocol) veya standart web sunucular\u0131 arac\u0131l\u0131\u011f\u0131yla eri\u015filebilir durumdad\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Dogrulama-Otoritesi-Validation-Authority-%E2%80%93-VA\"><\/span>Sertifika Do\u011frulama Otoritesi (Validation Authority &#8211; VA)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika Do\u011frulama Otoritesi (VA), bir dijital sertifikan\u0131n ge\u00e7erlili\u011fini sorgulayan istemcilere anl\u0131k yan\u0131tlar veren bir bile\u015fendir. Genellikle OCSP (Online Certificate Status Protocol) hizmeti sunarak \u00e7al\u0131\u015f\u0131r. Bir istemci, bir sertifikan\u0131n hala ge\u00e7erli olup olmad\u0131\u011f\u0131n\u0131, iptal edilip edilmedi\u011fini veya s\u00fcresinin dolup dolmad\u0131\u011f\u0131n\u0131 \u00f6\u011frenmek istedi\u011finde, VA&#8217;ya bir istek g\u00f6nderir. VA, bu iste\u011fe &#8220;ge\u00e7erli&#8221;, &#8220;iptal edilmi\u015f&#8221; veya &#8220;bilinmiyor&#8221; \u015feklinde anl\u0131k bir durum bilgisiyle yan\u0131t verir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Saklama-Alani-Certificate-Store\"><\/span>Sertifika Saklama Alan\u0131 (Certificate Store)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika saklama alan\u0131, son kullan\u0131c\u0131lar\u0131n bilgisayarlar\u0131nda veya cihazlar\u0131nda bulunan ve g\u00fcvendikleri k\u00f6k sertifikalar\u0131, ara sertifikalar\u0131 ve kendi ki\u015fisel sertifikalar\u0131n\u0131 bar\u0131nd\u0131ran bir sistem alan\u0131d\u0131r. \u00d6rne\u011fin, web taray\u0131c\u0131lar\u0131 (Chrome, Firefox) veya i\u015fletim sistemleri (Windows, macOS), g\u00fcvenilir CA&#8217;lar\u0131n k\u00f6k sertifikalar\u0131n\u0131 i\u00e7eren kendi sertifika saklama alanlar\u0131na sahiptir. Bir web sitesini ziyaret etti\u011finizde, taray\u0131c\u0131n\u0131z bu depoyu kullanarak sitenin sertifikas\u0131n\u0131n g\u00fcvenilir bir CA taraf\u0131ndan imzalan\u0131p imzalanmad\u0131\u011f\u0131n\u0131 kontrol eder.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Son-Varliklar-End-Entities-Kullanicilar-Sunucular-ve-Cihazlar\"><\/span>Son Varl\u0131klar (End Entities): Kullan\u0131c\u0131lar, Sunucular ve Cihazlar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Son varl\u0131klar, PKI i\u00e7inde sertifika talep eden ve kullanan t\u00fcm kullan\u0131c\u0131lar\u0131, cihazlar\u0131 ve uygulamalar\u0131 ifade eder. Bu varl\u0131klar; web sunucular\u0131, e-posta istemcileri, VPN a\u011f ge\u00e7itleri, ak\u0131ll\u0131 kartlar, bireysel kullan\u0131c\u0131lar veya IoT cihazlar\u0131 olabilir. Her son varl\u0131k, kimli\u011fini do\u011frulamak ve g\u00fcvenli ileti\u015fim kurmak i\u00e7in kendisine atanm\u0131\u015f bir dijital sertifika ve \u00f6zel anahtar \u00e7iftine sahiptir. \u00d6rne\u011fin, bir web sitesi i\u00e7in al\u0131nan <a href=\"https:\/\/www.ihs.com.tr\/ssl\/\" target=\"_blank\">SSL sertifikas\u0131<\/a>, o web sunucusunu bir son varl\u0131k haline getirir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Dijital-Sertifikalar-PKInin-Kalbi\"><\/span>Dijital Sertifikalar: PKI&#8217;nin Kalbi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A\u00e7\u0131k Anahtar Altyap\u0131s\u0131&#8217;n\u0131n i\u015flevselli\u011fi, temel yap\u0131 ta\u015f\u0131 olan dijital sertifikalara dayan\u0131r. Bu sertifikalar, dijital d\u00fcnyadaki kimlik kartlar\u0131 gibidir; bir varl\u0131\u011f\u0131n kimli\u011fini do\u011frular ve bu kimli\u011fi bir a\u00e7\u0131k anahtarla g\u00fcvenli bir \u015fekilde ili\u015fkilendirir. Bir Sertifika Otoritesi (CA) taraf\u0131ndan imzalanarak g\u00fcvence alt\u0131na al\u0131nan bu elektronik belgeler, g\u00fcvenli ileti\u015fimin temelini olu\u015fturur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dijital-Sertifika-Nedir\"><\/span>Dijital Sertifika Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Dijital sertifika, bir a\u00e7\u0131k anahtar\u0131, sahibinin kimlik bilgileri (\u00f6rne\u011fin, bir ki\u015finin ad\u0131, bir kurulu\u015fun ad\u0131 veya bir sunucunun alan ad\u0131) ile ba\u011flayan ve bu bilgilerin g\u00fcvenilir bir CA taraf\u0131ndan do\u011fruland\u0131\u011f\u0131n\u0131 teyit eden elektronik bir belgedir. Bu sayede, bir a\u00e7\u0131k anahtar\u0131n ger\u00e7ekten iddia etti\u011fi varl\u0131\u011fa ait oldu\u011fundan emin olabiliriz. Sertifikalar, verilerin \u015fifrelenmesi, dijital imzalar\u0131n olu\u015fturulmas\u0131 ve kimlik do\u011frulamas\u0131 gibi i\u015flemler i\u00e7in kullan\u0131l\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"X509-Sertifika-Standardi-ve-Yapisi\"><\/span>X.509 Sertifika Standard\u0131 ve Yap\u0131s\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcn\u00fcm\u00fczde kullan\u0131lan dijital sertifikalar\u0131n b\u00fcy\u00fck \u00e7o\u011funlu\u011fu, Uluslararas\u0131 Telekom\u00fcnikasyon Birli\u011fi (ITU-T) taraf\u0131ndan geli\u015ftirilen X.509 standard\u0131na uygundur. Bu standart, bir sertifikan\u0131n i\u00e7ermesi gereken alanlar\u0131 ve bu alanlar\u0131n format\u0131n\u0131 tan\u0131mlar. X.509 sertifikas\u0131, temel olarak a\u015fa\u011f\u0131daki gibi standart bir yap\u0131ya sahiptir:<\/p>\n<ul>\n<li><b>S\u00fcr\u00fcm:<\/b> Sertifikan\u0131n X.509 s\u00fcr\u00fcm\u00fcn\u00fc belirtir (\u00f6rn. S\u00fcr\u00fcm 3).<\/li>\n<li><b>Seri Numaras\u0131:<\/b> Sertifikay\u0131 yay\u0131mlayan CA taraf\u0131ndan atanan benzersiz bir numarad\u0131r.<\/li>\n<li><b>\u0130mza Algoritmas\u0131:<\/b> Sertifikay\u0131 imzalamak i\u00e7in kullan\u0131lan algoritmay\u0131 belirtir.<\/li>\n<li><b>Yay\u0131nc\u0131 (Issuer):<\/b> Sertifikay\u0131 yay\u0131mlayan CA&#8217;n\u0131n kimlik bilgisidir.<\/li>\n<li><b>Ge\u00e7erlilik S\u00fcresi:<\/b> Sertifikan\u0131n ge\u00e7erli oldu\u011fu ba\u015flang\u0131\u00e7 ve biti\u015f tarihlerini i\u00e7erir.<\/li>\n<li><b>Konu (Subject):<\/b> Sertifika sahibinin kimlik bilgilerini i\u00e7erir (\u00f6rn. ki\u015fi, sunucu, kurulu\u015f).<\/li>\n<li><b>Konunun A\u00e7\u0131k Anahtar Bilgisi:<\/b> Sertifika sahibinin a\u00e7\u0131k anahtar\u0131n\u0131 ve bu anahtar\u0131n algoritmas\u0131n\u0131 i\u00e7erir.<\/li>\n<li><b>CA&#8217;n\u0131n Dijital \u0130mzas\u0131:<\/b> CA&#8217;n\u0131n kendi \u00f6zel anahtar\u0131 ile olu\u015fturdu\u011fu ve sertifikan\u0131n b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc garanti eden imzad\u0131r.<\/li>\n<li><b>Uzant\u0131lar (Extensions):<\/b> S\u00fcr\u00fcm 3 ile eklenen ve sertifikaya ek i\u015flevler katan alanlard\u0131r.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Alanlarinin-Detayli-Incelenmesi\"><\/span>Sertifika Alanlar\u0131n\u0131n Detayl\u0131 \u0130ncelenmesi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>X.509 sertifikas\u0131n\u0131n yap\u0131s\u0131ndaki her alan, sertifikan\u0131n i\u015flevi ve g\u00fcvenilirli\u011fi a\u00e7\u0131s\u0131ndan kritik bir \u00f6neme sahiptir.<\/p>\n<h4>Konu (Subject) ve Yay\u0131nc\u0131 (Issuer) Bilgileri<\/h4>\n<p><b>Yay\u0131nc\u0131 (Issuer)<\/b> alan\u0131, sertifikay\u0131 kimin imzalad\u0131\u011f\u0131n\u0131, yani hangi Sertifika Otoritesi&#8217;nin (CA) bu sertifikaya kefil oldu\u011funu belirtir. <b>Konu (Subject)<\/b> alan\u0131 ise sertifikan\u0131n kime veya neye ait oldu\u011funu tan\u0131mlar. \u00d6rne\u011fin bir <a href=\"https:\/\/www.ihs.com.tr\/domain\/alan-adi-domain-tescili.html\" target=\"_blank\">alan ad\u0131<\/a> i\u00e7in al\u0131nan SSL sertifikas\u0131nda &#8220;Konu&#8221; alan\u0131, o web sitesinin ad\u0131n\u0131 (\u00f6rn. CN=www.example.com) i\u00e7erir. Bu iki alan, g\u00fcven zincirinin temelini olu\u015fturur.<\/p>\n<h4>Seri Numaras\u0131 ve Ge\u00e7erlilik S\u00fcresi<\/h4>\n<p><b>Seri Numaras\u0131<\/b>, CA taraf\u0131ndan verilen her sertifika i\u00e7in benzersiz bir tan\u0131mlay\u0131c\u0131d\u0131r ve sertifikan\u0131n takibini, \u00f6zellikle iptal durumlar\u0131nda, kolayla\u015ft\u0131r\u0131r. <b>Ge\u00e7erlilik S\u00fcresi<\/b> ise sertifikan\u0131n ne zaman kullan\u0131lmaya ba\u015flanaca\u011f\u0131n\u0131 (&#8220;Not Before&#8221;) ve ne zaman sona erece\u011fini (&#8220;Not After&#8221;) belirten iki tarih i\u00e7erir. S\u00fcresi dolan bir sertifika art\u0131k g\u00fcvenli kabul edilmez.<\/p>\n<h4>A\u00e7\u0131k Anahtar (Public Key) ve \u0130mza Algoritmas\u0131<\/h4>\n<p>Bu b\u00f6l\u00fcm, sertifika sahibinin <b>A\u00e7\u0131k Anahtar\u0131n\u0131<\/b> ve bu anahtar\u0131n kullan\u0131ld\u0131\u011f\u0131 kriptografik algoritmay\u0131 (\u00f6rn. RSA, ECDSA) i\u00e7erir. <b>\u0130mza Algoritmas\u0131<\/b> ise CA&#8217;n\u0131n sertifikay\u0131 imzalamak i\u00e7in kulland\u0131\u011f\u0131 algoritmay\u0131 (\u00f6rn. SHA-256 with RSA) belirtir. Bu bilgiler, g\u00fcvenli bir \u015fifreleme ve do\u011frulama s\u00fcreci i\u00e7in esast\u0131r.<\/p>\n<h4>Anahtar Kullan\u0131m\u0131 (Key Usage) ve Geni\u015fletilmi\u015f Anahtar Kullan\u0131m\u0131 (Extended Key Usage)<\/h4>\n<p><b>Anahtar Kullan\u0131m\u0131 (Key Usage)<\/b> uzant\u0131s\u0131, sertifikadaki anahtar\u0131n hangi ama\u00e7larla kullan\u0131labilece\u011fini tan\u0131mlar. \u00d6rne\u011fin, &#8220;Digital Signature&#8221; (dijital imza), &#8220;Key Encipherment&#8221; (anahtar \u015fifreleme) veya &#8220;Certificate Signing&#8221; (sertifika imzalama) gibi ama\u00e7lar belirtilebilir. <b>Geni\u015fletilmi\u015f Anahtar Kullan\u0131m\u0131 (Extended Key Usage)<\/b> ise daha spesifik ama\u00e7lar\u0131 tan\u0131mlar. \u00d6rne\u011fin, &#8220;Server Authentication&#8221; (sunucu kimlik do\u011frulamas\u0131 i\u00e7in SSL\/TLS), &#8220;Client Authentication&#8221; (istemci kimlik do\u011frulamas\u0131) veya &#8220;Code Signing&#8221; (kod imzalama) gibi.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Turleri-ve-Kullanim-Alanlari\"><\/span>Sertifika T\u00fcrleri ve Kullan\u0131m Alanlar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PKI, farkl\u0131 g\u00fcvenlik ihtiya\u00e7lar\u0131na y\u00f6nelik \u00e7e\u015fitli sertifika t\u00fcrleri sunar. Her sertifika t\u00fcr\u00fc, belirli bir kullan\u0131m senaryosu i\u00e7in tasarlanm\u0131\u015ft\u0131r.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>Sertifika T\u00fcr\u00fc<\/th>\n<th>Do\u011frulama Seviyesi<\/th>\n<th>G\u00f6rsel G\u00f6sterge<\/th>\n<th>Kullan\u0131m Alan\u0131<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><b>Domain Validation (DV) SSL<\/b><\/td>\n<td>D\u00fc\u015f\u00fck (Sadece alan ad\u0131 sahipli\u011fi do\u011frulan\u0131r)<\/td>\n<td>Asma kilit simgesi<\/td>\n<td>Bloglar, ki\u015fisel siteler, test ortamlar\u0131<\/td>\n<\/tr>\n<tr>\n<td><b>Organization Validation (OV) SSL<\/b><\/td>\n<td>Orta (Kurulu\u015f bilgileri do\u011frulan\u0131r)<\/td>\n<td>Asma kilit simgesi ve sertifika detaylar\u0131nda \u015firket bilgisi<\/td>\n<td>Kurumsal web siteleri, e-ticaret siteleri<\/td>\n<\/tr>\n<tr>\n<td><b>Extended Validation (EV) SSL<\/b><\/td>\n<td>Y\u00fcksek (Kapsaml\u0131 kurumsal kimlik do\u011frulamas\u0131)<\/td>\n<td>(Eskiden) Ye\u015fil adres \u00e7ubu\u011fu, \u015fimdi OV ile benzer<\/td>\n<td>Bankalar, b\u00fcy\u00fck e-ticaret platformlar\u0131, finans kurulu\u015flar\u0131<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h4>SSL\/TLS Sertifikalar\u0131 (DV, OV, EV)<\/h4>\n<p>Web siteleri ile kullan\u0131c\u0131lar aras\u0131ndaki ileti\u015fimi \u015fifrelemek ve sitenin kimli\u011fini do\u011frulamak i\u00e7in kullan\u0131l\u0131r. <b>Domain Validation (DV)<\/b> en temel seviyedir ve sadece alan ad\u0131 sahipli\u011fini do\u011frular. <b>Organization Validation (OV)<\/b>, alan ad\u0131n\u0131n yan\u0131 s\u0131ra ba\u015fvuran kurulu\u015fun kimli\u011fini de do\u011frular. <b>Extended Validation (EV)<\/b> ise en kat\u0131 do\u011frulama s\u00fcrecine sahiptir ve en y\u00fcksek d\u00fczeyde g\u00fcven sa\u011flar.<\/p>\n<h4>Kod \u0130mzalama Sertifikalar\u0131 (Code Signing)<\/h4>\n<p>Yaz\u0131l\u0131m geli\u015ftiricileri taraf\u0131ndan, olu\u015fturduklar\u0131 uygulamalar\u0131n ve s\u00fcr\u00fcc\u00fclerin kimli\u011fini do\u011frulamak ve kodun yay\u0131mland\u0131ktan sonra de\u011fi\u015ftirilmedi\u011fini garanti etmek i\u00e7in kullan\u0131l\u0131r. Kullan\u0131c\u0131lar bir yaz\u0131l\u0131m indirdi\u011finde, bu imza sayesinde yaz\u0131l\u0131m\u0131n me\u015fru bir kaynaktan geldi\u011finden ve zararl\u0131 yaz\u0131l\u0131m i\u00e7ermedi\u011finden emin olabilirler.<\/p>\n<h4>E-posta \u0130mzalama Sertifikalar\u0131 (S\/MIME)<\/h4>\n<p>S\/MIME (Secure\/Multipurpose Internet Mail Extensions) sertifikalar\u0131, e-postalar\u0131n kim taraf\u0131ndan g\u00f6nderildi\u011fini do\u011frulamak (dijital imza) ve e-posta i\u00e7eri\u011fini \u015fifreleyerek gizlili\u011fi sa\u011flamak i\u00e7in kullan\u0131l\u0131r. Bu sayede e-posta sahtecili\u011fi (phishing) ve veri s\u0131z\u0131nt\u0131lar\u0131n\u0131n \u00f6n\u00fcne ge\u00e7ilir.<\/p>\n<h4>\u0130stemci Kimlik Do\u011frulama Sertifikalar\u0131 (Client Authentication)<\/h4>\n<p>Kullan\u0131c\u0131lar\u0131n veya cihazlar\u0131n bir a\u011fa veya sunucuya eri\u015fim sa\u011flarken kimliklerini do\u011frulamak i\u00e7in kullan\u0131l\u0131r. Parola tabanl\u0131 kimlik do\u011frulamaya g\u00f6re \u00e7ok daha g\u00fcvenli bir alternatiftir ve \u00f6zellikle kurumsal a\u011flarda, VPN ba\u011flant\u0131lar\u0131nda ve g\u00fcvenli web uygulamalar\u0131nda tercih edilir.<\/p>\n<h4>Belge \u0130mzalama Sertifikalar\u0131 (Document Signing)<\/h4>\n<p>PDF, Word gibi elektronik belgelerin yasal ge\u00e7erlili\u011fe sahip bir \u015fekilde imzalanmas\u0131n\u0131 sa\u011flar. Belge imzalama sertifikalar\u0131, belgenin kim taraf\u0131ndan imzaland\u0131\u011f\u0131n\u0131 do\u011frular, belgenin imzaland\u0131ktan sonra de\u011fi\u015ftirilmedi\u011fini garanti eder ve imzan\u0131n ink\u00e2r edilememesini sa\u011flar.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Sertifika-Yasam-Dongusu-Yonetimi\"><\/span>Sertifika Ya\u015fam D\u00f6ng\u00fcs\u00fc Y\u00f6netimi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Dijital sertifikalar, statik belgeler de\u011fildir; olu\u015fturulduklar\u0131 andan ge\u00e7erliliklerini yitirdikleri ana kadar y\u00f6netilmesi gereken aktif bir ya\u015fam d\u00f6ng\u00fcs\u00fcne sahiptirler. Sertifika Ya\u015fam D\u00f6ng\u00fcs\u00fc Y\u00f6netimi, bir sertifikan\u0131n t\u00fcm evrelerini (olu\u015fturma, da\u011f\u0131t\u0131m, kullan\u0131m, yenileme ve iptal) kapsayan s\u00fcre\u00e7lerin ve politikalar\u0131n b\u00fct\u00fcn\u00fcd\u00fcr. Bu y\u00f6netim, PKI&#8217;nin g\u00fcvenilirli\u011fini ve etkinli\u011fini s\u00fcrd\u00fcrmek i\u00e7in hayati \u00f6nem ta\u015f\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Anahtar-Cifti-Olusturma-Key-Pair-Generation\"><\/span>Anahtar \u00c7ifti Olu\u015fturma (Key Pair Generation)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fcn ilk ad\u0131m\u0131, asimetrik bir anahtar \u00e7iftinin (a\u00e7\u0131k ve \u00f6zel anahtar) olu\u015fturulmas\u0131d\u0131r. Bu i\u015flem genellikle sertifikay\u0131 talep edecek olan son varl\u0131k (kullan\u0131c\u0131 veya sunucu) taraf\u0131ndan kendi sisteminde ger\u00e7ekle\u015ftirilir. \u00d6zel anahtar\u0131n bu a\u015famada olu\u015fturulup sistemden hi\u00e7 ayr\u0131lmamas\u0131, g\u00fcvenli\u011fin temelini olu\u015fturur. \u00d6zel anahtar mutlak bir gizlilikle korunmal\u0131, a\u00e7\u0131k anahtar ise sertifika talebiyle birlikte Sertifika Otoritesi&#8217;ne (CA) g\u00f6nderilmek \u00fczere haz\u0131rlan\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Imza-Istegi-Certificate-Signing-Request-%E2%80%93-CSR-Olusturma\"><\/span>Sertifika \u0130mza \u0130ste\u011fi (Certificate Signing Request &#8211; CSR) Olu\u015fturma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Anahtar \u00e7ifti olu\u015fturulduktan sonra, sertifika talep eden varl\u0131k bir Sertifika \u0130mza \u0130ste\u011fi (CSR) dosyas\u0131 olu\u015fturur. CSR, sertifikada yer alacak kimlik bilgilerini (\u00f6rne\u011fin, alan ad\u0131, kurulu\u015f ad\u0131, \u00fclke) ve sertifika sahibinin a\u00e7\u0131k anahtar\u0131n\u0131 i\u00e7erir. Bu istek, talep sahibinin \u00f6zel anahtar\u0131 ile imzalanarak b\u00fct\u00fcnl\u00fc\u011f\u00fc sa\u011flan\u0131r. CSR, daha sonra kimlik do\u011frulama ve sertifika yay\u0131mlama i\u015flemleri i\u00e7in CA&#8217;ya g\u00f6nderilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Yayimlama-ve-Dagitim\"><\/span>Sertifika Yay\u0131mlama ve Da\u011f\u0131t\u0131m<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CA, ald\u0131\u011f\u0131 CSR&#8217;\u0131 ve ba\u015fvuru sahibinin kimlik bilgilerini kendi politikalar\u0131na g\u00f6re do\u011frular. Do\u011frulama ba\u015far\u0131l\u0131 olursa, CA kendi \u00f6zel anahtar\u0131n\u0131 kullanarak sertifikay\u0131 imzalar ve yay\u0131mlar. Yay\u0131mlanan bu sertifika, talep sahibine g\u00f6nderilir. Sertifika sahibi, ald\u0131\u011f\u0131 bu sertifikay\u0131 ilgili sisteme (\u00f6rne\u011fin, bir web <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/\" target=\"_blank\">sunucu<\/a> veya e-posta istemcisi) kurarak kullan\u0131ma haz\u0131r hale getirir. CA ayr\u0131ca sertifikay\u0131, genel eri\u015fime a\u00e7\u0131k olan bir sertifika deposuna da ekleyebilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Yenileme-Renewal\"><\/span>Sertifika Yenileme (Renewal)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Dijital sertifikalar\u0131n belirli bir ge\u00e7erlilik s\u00fcresi vard\u0131r (genellikle bir y\u0131l). Bu s\u00fcrenin sonunda sertifika ge\u00e7ersiz hale gelir ve art\u0131k g\u00fcvenli kabul edilmez. G\u00fcvenli\u011fin ve hizmet s\u00fcreklili\u011finin kesintiye u\u011framamas\u0131 i\u00e7in sertifikan\u0131n s\u00fcresi dolmadan \u00f6nce yenilenmesi gerekir. Yenileme s\u00fcreci, genellikle yeni bir anahtar \u00e7ifti olu\u015fturmay\u0131, yeni bir CSR haz\u0131rlamay\u0131 ve CA&#8217;ya ba\u015fvurarak yeni bir sertifika almay\u0131 i\u00e7erir. Baz\u0131 durumlarda, mevcut anahtar \u00e7ifti tekrar kullan\u0131labilir, ancak g\u00fcvenlik a\u00e7\u0131s\u0131ndan yeni bir anahtar \u00e7ifti olu\u015fturmak en iyi uygulamad\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Iptali-ve-Gecersiz-Kilma-Revocation\"><\/span>Sertifika \u0130ptali ve Ge\u00e7ersiz K\u0131lma (Revocation)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bir sertifikan\u0131n ge\u00e7erlilik s\u00fcresi dolmadan \u00f6nce \u00e7e\u015fitli nedenlerle ge\u00e7ersiz k\u0131l\u0131nmas\u0131 gerekebilir. Bu duruma &#8220;iptal&#8221; veya &#8220;ge\u00e7ersiz k\u0131lma&#8221; (revocation) denir. \u0130ptal nedenleri aras\u0131nda \u00f6zel anahtar\u0131n \u00e7al\u0131nmas\u0131 veya if\u015fa olmas\u0131, sertifikadaki bilgilerin de\u011fi\u015fmesi (\u00f6rne\u011fin, <a href=\"https:\/\/www.ihs.com.tr\/domain\/whois-domain-sorgulama.html\" target=\"_blank\">domain<\/a> ad\u0131n\u0131n de\u011fi\u015fmesi) veya sertifika sahibinin art\u0131k g\u00fcvenilir olmamas\u0131 say\u0131labilir. Bir sertifikan\u0131n iptal edildi\u011fini duyurmak i\u00e7in \u00e7e\u015fitli mekanizmalar kullan\u0131l\u0131r.<\/p>\n<h4>Sertifika \u0130ptal Listesi (Certificate Revocation List &#8211; CRL)<\/h4>\n<p>CRL, bir CA taraf\u0131ndan yay\u0131mlanan ve ge\u00e7erlilik s\u00fcresi dolmadan \u00f6nce iptal edilmi\u015f t\u00fcm sertifikalar\u0131n seri numaralar\u0131n\u0131 i\u00e7eren, dijital olarak imzalanm\u0131\u015f bir listedir. \u0130stemciler (\u00f6rne\u011fin, web taray\u0131c\u0131lar\u0131), bir sertifikan\u0131n ge\u00e7erlili\u011fini kontrol etmek i\u00e7in periyodik olarak bu listeyi indirir ve sertifikan\u0131n seri numaras\u0131n\u0131n listede olup olmad\u0131\u011f\u0131n\u0131 kontrol eder. Ancak CRL&#8217;ler b\u00fcy\u00fck boyutlara ula\u015fabilir ve g\u00fcncellemeler aras\u0131nda gecikmeler ya\u015fanabilir.<\/p>\n<h4>\u00c7evrimi\u00e7i Sertifika Durum Protokol\u00fc (Online Certificate Status Protocol &#8211; OCSP)<\/h4>\n<p>OCSP, CRL&#8217;ye daha modern ve anl\u0131k bir alternatif sunar. Bir istemci, bir sertifikan\u0131n durumunu \u00f6\u011frenmek istedi\u011finde, sertifikan\u0131n seri numaras\u0131n\u0131 i\u00e7eren bir iste\u011fi do\u011frudan CA&#8217;n\u0131n OCSP sunucusuna (veya VA&#8217;ya) g\u00f6nderir. Sunucu, sertifikan\u0131n durumu hakk\u0131nda &#8220;ge\u00e7erli&#8221; (good), &#8220;iptal edilmi\u015f&#8221; (revoked) veya &#8220;bilinmiyor&#8221; (unknown) \u015feklinde anl\u0131k bir yan\u0131t d\u00f6ner. Bu y\u00f6ntem, CRL&#8217;e g\u00f6re daha h\u0131zl\u0131 ve g\u00fcncel bilgi sa\u011flar.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>\u00d6zellik<\/th>\n<th>Sertifika \u0130ptal Listesi (CRL)<\/th>\n<th>\u00c7evrimi\u00e7i Sertifika Durum Protokol\u00fc (OCSP)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><b>\u00c7al\u0131\u015fma Mant\u0131\u011f\u0131<\/b><\/td>\n<td>T\u00fcm iptal edilmi\u015f sertifikalar\u0131n listesini periyodik olarak indirir.<\/td>\n<td>Tek bir sertifikan\u0131n durumunu anl\u0131k olarak sorgular.<\/td>\n<\/tr>\n<tr>\n<td><b>H\u0131z<\/b><\/td>\n<td>Daha yava\u015f, \u00f6zellikle b\u00fcy\u00fck listelerde.<\/td>\n<td>Daha h\u0131zl\u0131 ve anl\u0131k yan\u0131t verir.<\/td>\n<\/tr>\n<tr>\n<td><b>G\u00fcncellik<\/b><\/td>\n<td>Sadece belirli aral\u0131klarla g\u00fcncellenir.<\/td>\n<td>Her zaman en g\u00fcncel bilgiyi sa\u011flar.<\/td>\n<\/tr>\n<tr>\n<td><b>A\u011f Y\u00fck\u00fc<\/b><\/td>\n<td>B\u00fcy\u00fck dosyalar\u0131n indirilmesi nedeniyle daha y\u00fcksek bant geni\u015fli\u011fi gerektirir.<\/td>\n<td>K\u00fc\u00e7\u00fck ve spesifik istekler nedeniyle daha az bant geni\u015fli\u011fi kullan\u0131r.<\/td>\n<\/tr>\n<tr>\n<td><b>Gizlilik<\/b><\/td>\n<td>Kullan\u0131c\u0131n\u0131n hangi siteyi ziyaret etti\u011fi CA taraf\u0131ndan bilinmez.<\/td>\n<td>CA, hangi istemcinin hangi sertifikay\u0131 sorgulad\u0131\u011f\u0131n\u0131 g\u00f6rebilir.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h4>OCSP Stapling Mekanizmas\u0131<\/h4>\n<p>OCSP&#8217;nin potansiyel bir gizlilik sorununu (CA&#8217;n\u0131n hangi sitelerin ziyaret edildi\u011fini g\u00f6rmesi) ve performans y\u00fck\u00fcn\u00fc (her istemcinin CA&#8217;ya ayr\u0131 istek g\u00f6ndermesi) \u00e7\u00f6zmek i\u00e7in geli\u015ftirilmi\u015ftir. OCSP Stapling&#8217;de, web sunucusu d\u00fczenli aral\u0131klarla kendi sertifikas\u0131n\u0131n OCSP durumunu CA&#8217;dan al\u0131p imzal\u0131 bir \u015fekilde \u00f6nbelle\u011fe al\u0131r. Bir kullan\u0131c\u0131 siteye ba\u011fland\u0131\u011f\u0131nda, web sunucusu sertifikas\u0131yla birlikte bu zaman damgal\u0131 OCSP yan\u0131t\u0131n\u0131 da istemciye &#8220;z\u0131mbalar&#8221; (staple). Bu sayede, istemcinin ayr\u0131ca CA&#8217;ya bir istek g\u00f6ndermesine gerek kalmaz, bu da hem gizlili\u011fi korur hem de ba\u011flant\u0131 h\u0131z\u0131n\u0131 art\u0131r\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PKI-Guven-Modelleri-ve-Hiyerarsisi\"><\/span>PKI G\u00fcven Modelleri ve Hiyerar\u015fisi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A\u00e7\u0131k Anahtar Altyap\u0131s\u0131&#8217;n\u0131n temel amac\u0131 dijital g\u00fcven olu\u015fturmakt\u0131r. Bu g\u00fcven, tek bir sertifikan\u0131n ge\u00e7erlili\u011finden ziyade, sertifikalar\u0131n bir hiyerar\u015fi i\u00e7inde birbirine nas\u0131l ba\u011fland\u0131\u011f\u0131n\u0131 ve do\u011fruland\u0131\u011f\u0131n\u0131 tan\u0131mlayan g\u00fcven modellerine dayan\u0131r. Bu modeller, bir sertifikan\u0131n neden g\u00fcvenilir kabul edilmesi gerekti\u011fini a\u00e7\u0131klayan mant\u0131ksal \u00e7er\u00e7eveler sunar. G\u00fcvenin ba\u015flang\u0131\u00e7 noktas\u0131 olan &#8220;g\u00fcven \u00e7apas\u0131&#8221;ndan son kullan\u0131c\u0131 sertifikas\u0131na kadar uzanan bu yap\u0131, PKI&#8217;nin bel kemi\u011fidir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guven-Zinciri-Chain-of-Trust-Kavrami\"><\/span>G\u00fcven Zinciri (Chain of Trust) Kavram\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcven Zinciri, bir son varl\u0131k sertifikas\u0131n\u0131n ge\u00e7erlili\u011fini, g\u00fcvenilir bir k\u00f6k sertifikaya kadar takip ederek do\u011frulama s\u00fcrecidir. Bir web taray\u0131c\u0131s\u0131 bir sitenin SSL sertifikas\u0131n\u0131 ald\u0131\u011f\u0131nda, bu sertifikan\u0131n kim taraf\u0131ndan imzaland\u0131\u011f\u0131na bakar. Genellikle bu imzalay\u0131c\u0131, bir &#8220;Ara Sertifika Otoritesi&#8221;dir (Intermediate CA). Taray\u0131c\u0131, bu ara CA&#8217;n\u0131n sertifikas\u0131n\u0131n da g\u00fcvenilir olup olmad\u0131\u011f\u0131n\u0131 kontrol eder. Bu s\u00fcre\u00e7, taray\u0131c\u0131n\u0131n kendi i\u00e7inde zaten g\u00fcvendi\u011fi bir &#8220;K\u00f6k Sertifika Otoritesi&#8221; (Root CA) taraf\u0131ndan imzalanm\u0131\u015f bir sertifikaya ula\u015fana kadar devam eder. E\u011fer zincir kesintisiz bir \u015fekilde g\u00fcvenilir bir k\u00f6ke ba\u011flan\u0131yorsa, son varl\u0131k sertifikas\u0131 da g\u00fcvenilir kabul edilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kok-Sertifika-Otoriteleri-Root-CAs-ve-Guven-Capasi-Trust-Anchor\"><\/span>K\u00f6k Sertifika Otoriteleri (Root CAs) ve G\u00fcven \u00c7apas\u0131 (Trust Anchor)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>K\u00f6k Sertifika Otoritesi (Root CA), PKI hiyerar\u015fisinin en tepesinde yer al\u0131r. K\u00f6k CA, kendi sertifikas\u0131n\u0131 kendisi imzalar (self-signed certificate) ve bu sertifika, g\u00fcven zincirinin ba\u015flang\u0131\u00e7 noktas\u0131n\u0131 olu\u015fturur. Bu nedenle K\u00f6k CA&#8217;ya &#8220;G\u00fcven \u00c7apas\u0131&#8221; (Trust Anchor) denir. B\u00fcy\u00fck i\u015fletim sistemleri (Windows, macOS, Android) ve web taray\u0131c\u0131lar\u0131 (Chrome, Firefox), g\u00fcvenilir kabul ettikleri K\u00f6k CA&#8217;lar\u0131n sertifikalar\u0131n\u0131 kendi &#8220;k\u00f6k sertifika depolar\u0131nda&#8221; \u00f6nceden y\u00fcklenmi\u015f olarak sunarlar. Bir sertifika zinciri bu depodaki bir k\u00f6ke ba\u011flanabiliyorsa, g\u00fcvenilir olarak kabul edilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ara-Sertifika-Otoriteleri-Intermediate-CAs\"><\/span>Ara Sertifika Otoriteleri (Intermediate CAs)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ara Sertifika Otoriteleri (Intermediate CAs), K\u00f6k CA ile son varl\u0131k sertifikalar\u0131 aras\u0131nda bir katman olu\u015fturur. K\u00f6k CA&#8217;n\u0131n \u00f6zel anahtar\u0131 son derece de\u011ferlidir ve g\u00fcvenli\u011fin en \u00fcst d\u00fczeyde sa\u011flanmas\u0131 i\u00e7in \u00e7ok nadiren kullan\u0131l\u0131r. Bu nedenle K\u00f6k CA, yetkisinin bir k\u0131sm\u0131n\u0131 Ara CA&#8217;lara devreder. Ara CA&#8217;lar, K\u00f6k CA taraf\u0131ndan imzalanm\u0131\u015f sertifikalara sahiptir ve son varl\u0131klar i\u00e7in (web siteleri, kullan\u0131c\u0131lar vb.) sertifika imzalama yetkisine sahiptirler. Bu hiyerar\u015fik yap\u0131, K\u00f6k CA&#8217;n\u0131n \u00f6zel anahtar\u0131n\u0131n g\u00fcvenli\u011fini art\u0131r\u0131r. Bir zincirde birden fazla Ara CA olabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tek-Kok-Hiyerarsisi-Single-Root-Hierarchy\"><\/span>Tek K\u00f6k Hiyerar\u015fisi (Single Root Hierarchy)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>En yayg\u0131n PKI g\u00fcven modelidir. Bu modelde, t\u00fcm g\u00fcven tek bir K\u00f6k CA&#8217;dan kaynaklan\u0131r. Bu K\u00f6k CA&#8217;n\u0131n alt\u0131nda bir veya daha fazla katmanda Ara CA&#8217;lar bulunur ve bu Ara CA&#8217;lar son varl\u0131k sertifikalar\u0131n\u0131 yay\u0131mlar. Yap\u0131s\u0131 bir a\u011fa\u00e7 gibidir; en tepede k\u00f6k, dallarda ara otoriteler ve yapraklarda son varl\u0131klar yer al\u0131r. Y\u00f6netimi basit ve anla\u015f\u0131l\u0131rd\u0131r. Bir sertifikan\u0131n do\u011frulanmas\u0131, zincirin bu tek k\u00f6ke kadar takip edilmesiyle kolayca ger\u00e7ekle\u015ftirilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Capraz-Sertifikasyon-ve-Kopru-Modelleri-Cross-Certification-Bridge-Models\"><\/span>\u00c7apraz Sertifikasyon ve K\u00f6pr\u00fc Modelleri (Cross-Certification &#038; Bridge Models)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Farkl\u0131 PKI hiyerar\u015filerine sahip iki ayr\u0131 kurulu\u015fun (\u00f6rne\u011fin, iki farkl\u0131 \u015firket veya devlet kurumu) birbirlerinin sertifikalar\u0131na g\u00fcvenmesi gerekti\u011finde bu modeller kullan\u0131l\u0131r. <b>\u00c7apraz Sertifikasyon<\/b> modelinde, bir hiyerar\u015fideki CA, di\u011fer hiyerar\u015fideki bir CA i\u00e7in bir sertifika imzalayarak aralar\u0131nda bir g\u00fcven ili\u015fkisi kurar. Bu sayede, bir hiyerar\u015fideki kullan\u0131c\u0131lar di\u011fer hiyerar\u015fideki sertifikalara g\u00fcvenebilir. <b>K\u00f6pr\u00fc CA Modeli<\/b> ise daha \u00f6l\u00e7eklenebilir bir \u00e7\u00f6z\u00fcmd\u00fcr. Birden fazla PKI hiyerar\u015fisi, merkezi bir &#8220;K\u00f6pr\u00fc CA&#8221; \u00fczerinden birbirine ba\u011flan\u0131r. Her hiyerar\u015fi sadece K\u00f6pr\u00fc CA&#8217;ya g\u00fcvenir ve bu sayede dolayl\u0131 olarak di\u011fer t\u00fcm hiyerar\u015filere de g\u00fcvenmi\u015f olur.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PKInin-Pratik-Uygulama-Senaryolari\"><\/span>PKI&#8217;nin Pratik Uygulama Senaryolar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A\u00e7\u0131k Anahtar Altyap\u0131s\u0131, teorik bir kavram olman\u0131n \u00e7ok \u00f6tesinde, g\u00fcnl\u00fck dijital ya\u015fam\u0131m\u0131z\u0131n ayr\u0131lmaz bir par\u00e7as\u0131d\u0131r. \u00c7evrimi\u00e7i g\u00fcvenli\u011fi sa\u011flamak i\u00e7in arka planda sessizce \u00e7al\u0131\u015fan PKI, say\u0131s\u0131z teknoloji ve hizmetin temelini olu\u015fturur. \u0130\u015fte PKI&#8217;nin en yayg\u0131n pratik uygulama senaryolar\u0131ndan baz\u0131lar\u0131.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guvenli-Web-Iletisimi-HTTPS\"><\/span>G\u00fcvenli Web \u0130leti\u015fimi (HTTPS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PKI&#8217;nin en bilinen kullan\u0131m alan\u0131, web siteleri ile kullan\u0131c\u0131 taray\u0131c\u0131lar\u0131 aras\u0131ndaki ileti\u015fimi g\u00fcvence alt\u0131na alan HTTPS (G\u00fcvenli Hiper Metin Aktar\u0131m Protokol\u00fc)&#8217;dir. Bir web sitesi, SSL\/TLS sertifikas\u0131 kullanarak kimli\u011fini kan\u0131tlar ve sunucu ile taray\u0131c\u0131 aras\u0131nda \u015fifreli bir oturum ba\u015flat\u0131r. Bu sayede, kredi kart\u0131 bilgileri, parolalar ve di\u011fer ki\u015fisel veriler gibi hassas bilgiler, \u00fc\u00e7\u00fcnc\u00fc \u015fah\u0131slar\u0131n eline ge\u00e7meden g\u00fcvenli bir \u015fekilde iletilir. \u00d6zellikle <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/wordpress-hosting.html\" target=\"_blank\">wordpress hosting<\/a> gibi platformlarda e-ticaret siteleri kuranlar i\u00e7in HTTPS kullan\u0131m\u0131 zorunludur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sanal-Ozel-Aglar-VPN-ve-Uzaktan-Erisim-Guvenligi\"><\/span>Sanal \u00d6zel A\u011flar (VPN) ve Uzaktan Eri\u015fim G\u00fcvenli\u011fi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kurumsal a\u011flara uzaktan g\u00fcvenli eri\u015fim sa\u011flamak i\u00e7in kullan\u0131lan Sanal \u00d6zel A\u011flar (VPN), genellikle PKI&#8217;dan yararlan\u0131r. Kullan\u0131c\u0131lar veya cihazlar, kurumsal a\u011fa ba\u011flanmadan \u00f6nce kimliklerini bir istemci sertifikas\u0131 ile do\u011frularlar. Bu, sadece yetkili ki\u015filerin ve cihazlar\u0131n a\u011f kaynaklar\u0131na eri\u015fmesini sa\u011flar. Sertifika tabanl\u0131 kimlik do\u011frulama, geleneksel kullan\u0131c\u0131 ad\u0131 ve parola y\u00f6ntemlerine g\u00f6re \u00e7ok daha g\u00fc\u00e7l\u00fc bir g\u00fcvenlik katman\u0131 sunar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"E-posta-Sifreleme-ve-Dijital-Imzalama\"><\/span>E-posta \u015eifreleme ve Dijital \u0130mzalama<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>S\/MIME (Secure\/Multipurpose Internet Mail Extensions) gibi standartlar, e-posta ileti\u015fimini g\u00fcvence alt\u0131na almak i\u00e7in PKI kullan\u0131r. Kullan\u0131c\u0131lar, e-postalar\u0131n\u0131 dijital olarak imzalayarak g\u00f6ndericinin kimli\u011fini do\u011frulayabilir ve al\u0131c\u0131n\u0131n mesaj\u0131n de\u011fi\u015ftirilmedi\u011finden emin olmas\u0131n\u0131 sa\u011flayabilirler. Ayr\u0131ca, al\u0131c\u0131n\u0131n a\u00e7\u0131k anahtar\u0131n\u0131 kullanarak e-posta i\u00e7eri\u011fini \u015fifreleyebilirler. Bu sayede, e-posta yaln\u0131zca hedeflenen al\u0131c\u0131 taraf\u0131ndan okunabilir ve gizlilik korunur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kablosuz-Ag-Guvenligi-8021X-EAP-TLS\"><\/span>Kablosuz A\u011f G\u00fcvenli\u011fi (802.1X EAP-TLS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kurumsal Wi-Fi a\u011flar\u0131nda, a\u011fa ba\u011flanan cihazlar\u0131n kimli\u011fini do\u011frulamak i\u00e7in genellikle 802.1X standard\u0131 kullan\u0131l\u0131r. Bu standard\u0131n en g\u00fcvenli kimlik do\u011frulama y\u00f6ntemlerinden biri olan EAP-TLS, PKI tabanl\u0131d\u0131r. Her cihaz (\u00f6rne\u011fin, bir diz\u00fcst\u00fc bilgisayar veya ak\u0131ll\u0131 telefon), a\u011fa eri\u015fim talebinde bulunurken bir istemci sertifikas\u0131 sunar. A\u011f\u0131n kimlik do\u011frulama sunucusu (genellikle RADIUS), bu sertifikay\u0131 do\u011frulayarak cihaza eri\u015fim izni verir. Bu y\u00f6ntem, yetkisiz cihazlar\u0131n a\u011fa s\u0131zmas\u0131n\u0131 engeller.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Yazilim-ve-Suruculerin-Guvenligi-Code-Signing\"><\/span>Yaz\u0131l\u0131m ve S\u00fcr\u00fcc\u00fclerin G\u00fcvenli\u011fi (Code Signing)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Yaz\u0131l\u0131m geli\u015ftiricileri ve donan\u0131m \u00fcreticileri, yay\u0131nlad\u0131klar\u0131 uygulamalar\u0131, g\u00fcncellemeleri ve s\u00fcr\u00fcc\u00fcleri kod imzalama sertifikalar\u0131 (Code Signing) ile dijital olarak imzalarlar. Bu imza, son kullan\u0131c\u0131lara yaz\u0131l\u0131m\u0131n me\u015fru bir kaynaktan geldi\u011fini ve indirildikten veya kurulduktan sonra \u00fczerinde oynanmad\u0131\u011f\u0131n\u0131 garanti eder. \u0130\u015fletim sistemleri, imzas\u0131z veya g\u00fcvenilmeyen bir imza ta\u015f\u0131yan yaz\u0131l\u0131mlar\u0131 \u00e7al\u0131\u015ft\u0131r\u0131rken kullan\u0131c\u0131y\u0131 uyararak zararl\u0131 yaz\u0131l\u0131mlara kar\u015f\u0131 koruma sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Elektronik-Belge-Yonetimi-ve-E-Imza\"><\/span>Elektronik Belge Y\u00f6netimi ve E-\u0130mza<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PKI, elektronik belgelerin yasal ge\u00e7erlili\u011fe sahip olmas\u0131n\u0131 sa\u011flayan e-imza uygulamalar\u0131n\u0131n temelini olu\u015fturur. S\u00f6zle\u015fmeler, faturalar, resmi belgeler ve raporlar, belge imzalama sertifikalar\u0131 kullan\u0131larak dijital olarak imzalanabilir. Bu imza, belgenin b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc (de\u011fi\u015ftirilmedi\u011fini), kimlik do\u011frulu\u011funu (kimin imzalad\u0131\u011f\u0131n\u0131) ve ink\u00e2r edilemezli\u011fini (imzalayan\u0131n sonradan reddedememesini) yasal olarak kan\u0131tlar. Bu teknoloji, ka\u011f\u0131t tabanl\u0131 s\u00fcre\u00e7leri dijitalle\u015ftirerek verimlili\u011fi art\u0131r\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PKI-Guvenligi-ve-En-Iyi-Uygulamalar\"><\/span>PKI G\u00fcvenli\u011fi ve En \u0130yi Uygulamalar<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Bir A\u00e7\u0131k Anahtar Altyap\u0131s\u0131&#8217;n\u0131n kendisi g\u00fcvenli\u011fi sa\u011flamak i\u00e7in tasarlanm\u0131\u015f olsa da, altyap\u0131n\u0131n kendi bile\u015fenlerinin de en \u00fcst d\u00fczeyde korunmas\u0131 gerekir. PKI&#8217;nin b\u00fct\u00fcnl\u00fc\u011f\u00fc, en zay\u0131f halkas\u0131 kadar g\u00fc\u00e7l\u00fcd\u00fcr. Bu nedenle, PKI&#8217;nin g\u00fcvenli\u011fini sa\u011flamak i\u00e7in kat\u0131 politikalar, teknolojik \u00f6nlemler ve en iyi uygulamalar benimsenmelidir. Bu, \u00f6zellikle hassas verileri bar\u0131nd\u0131ran g\u00fc\u00e7l\u00fc bir <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vds-sunucu.html\" target=\"_blank\">VDS<\/a> \u00fczerinde \u00e7al\u0131\u015fan sistemler i\u00e7in kritik \u00f6neme sahiptir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"CA-Ozel-Anahtarinin-Korunmasi-Donanim-Guvenlik-Modulleri-HSM\"><\/span>CA \u00d6zel Anahtar\u0131n\u0131n Korunmas\u0131: Donan\u0131m G\u00fcvenlik Mod\u00fclleri (HSM)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PKI&#8217;nin en de\u011ferli varl\u0131\u011f\u0131, K\u00f6k Sertifika Otoritesi&#8217;nin (Root CA) ve Ara Sertifika Otoriteleri&#8217;nin (Intermediate CA) \u00f6zel anahtarlar\u0131d\u0131r. Bu anahtarlar\u0131n ele ge\u00e7irilmesi, t\u00fcm PKI hiyerar\u015fisinin \u00e7\u00f6kmesine ve sahte sertifikalar\u0131n yay\u0131mlanmas\u0131na yol a\u00e7abilir. Bu nedenle, bu kritik anahtarlar\u0131n Donan\u0131m G\u00fcvenlik Mod\u00fclleri (Hardware Security Modules &#8211; HSM) ad\u0131 verilen \u00f6zel, kurcalamaya dayan\u0131kl\u0131 cihazlarda saklanmas\u0131 ve kullan\u0131lmas\u0131 standart bir en iyi uygulamad\u0131r. HSM&#8217;ler, anahtarlar\u0131n cihaz d\u0131\u015f\u0131na \u00e7\u0131kar\u0131lmas\u0131n\u0131 imkans\u0131z hale getirir ve kriptografik i\u015flemleri g\u00fcvenli bir ortamda ger\u00e7ekle\u015ftirir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Politikasi-Certificate-Policy-%E2%80%93-CP\"><\/span>Sertifika Politikas\u0131 (Certificate Policy &#8211; CP)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika Politikas\u0131 (CP), bir PKI&#8217;nin genel kurallar\u0131n\u0131 ve y\u00f6nergelerini tan\u0131mlayan \u00fcst d\u00fczey bir belgedir. Bu politika, sertifikalar\u0131n hangi ama\u00e7larla kullan\u0131labilece\u011fini, kimlerin sertifika talep edebilece\u011fini, kimlik do\u011frulama i\u00e7in gereken prosed\u00fcrleri ve yasal sorumluluklar\u0131 belirtir. CP, PKI&#8217;nin belirli bir topluluk veya uygulama i\u00e7in ne d\u00fczeyde bir g\u00fcvence sa\u011flad\u0131\u011f\u0131n\u0131 ortaya koyar ve t\u00fcm payda\u015flar i\u00e7in bir referans noktas\u0131 g\u00f6revi g\u00f6r\u00fcr. \u00d6rne\u011fin, bir <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vps-server.html\" target=\"_blank\">VPS<\/a> sunucusuna sertifika verilirken hangi g\u00fcvenlik kontrollerinin uygulanaca\u011f\u0131 bu belgede tan\u0131mlanabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Uygulama-Esaslari-Certification-Practice-Statement-%E2%80%93-CPS\"><\/span>Sertifika Uygulama Esaslar\u0131 (Certification Practice Statement &#8211; CPS)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika Uygulama Esaslar\u0131 (CPS), Sertifika Politikas\u0131&#8217;nda (CP) belirtilen kurallar\u0131n bir Sertifika Otoritesi (CA) taraf\u0131ndan teknik ve operasyonel olarak nas\u0131l uyguland\u0131\u011f\u0131n\u0131 detayland\u0131ran bir belgedir. CPS, bir CA&#8217;n\u0131n sertifika ya\u015fam d\u00f6ng\u00fcs\u00fc y\u00f6netimi s\u00fcre\u00e7lerini (anahtar olu\u015fturma, CSR do\u011frulama, sertifika yay\u0131mlama, iptal vb.) nas\u0131l y\u00fcr\u00fctt\u00fc\u011f\u00fcn\u00fc ad\u0131m ad\u0131m a\u00e7\u0131klar. Bu belge, CA&#8217;n\u0131n \u015feffafl\u0131\u011f\u0131n\u0131 ve hesap verebilirli\u011fini art\u0131r\u0131r ve denet\u00e7ilerin CA&#8217;n\u0131n CP&#8217;ye uygun \u00e7al\u0131\u015f\u0131p \u00e7al\u0131\u015fmad\u0131\u011f\u0131n\u0131 de\u011ferlendirmesine olanak tan\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Fiziksel-ve-Operasyonel-Guvenlik-Onlemleri\"><\/span>Fiziksel ve Operasyonel G\u00fcvenlik \u00d6nlemleri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PKI altyap\u0131s\u0131n\u0131 bar\u0131nd\u0131ran veri merkezlerinin ve operasyonel birimlerin fiziksel g\u00fcvenli\u011fi de siber g\u00fcvenlik kadar \u00f6nemlidir. CA ve RA bile\u015fenlerini bar\u0131nd\u0131ran sunuculara yetkisiz eri\u015fim engellenmelidir. Bu, biyometrik eri\u015fim kontrolleri, g\u00fcvenlik kameralar\u0131, \u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulama ve g\u00fcvenli odalar gibi \u00f6nlemleri i\u00e7erir. Operasyonel olarak ise, &#8220;g\u00f6revler ayr\u0131l\u0131\u011f\u0131&#8221; ilkesi benimsenmeli, yani kritik bir i\u015flemi tek bir ki\u015finin tek ba\u015f\u0131na tamamlayamamas\u0131 sa\u011flanmal\u0131d\u0131r. \u00d6rne\u011fin, bir K\u00f6k CA anahtar\u0131n\u0131n etkinle\u015ftirilmesi i\u00e7in birden fazla yetkili personelin bir araya gelmesi gerekebilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Duzenli-Denetim-ve-Izlemenin-Onemi\"><\/span>D\u00fczenli Denetim ve \u0130zlemenin \u00d6nemi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PKI altyap\u0131s\u0131n\u0131n sa\u011fl\u0131\u011f\u0131 ve g\u00fcvenli\u011fi, s\u00fcrekli izleme ve d\u00fczenli denetimlerle garanti alt\u0131na al\u0131nmal\u0131d\u0131r. T\u00fcm PKI bile\u015fenlerinde \u00fcretilen sistem g\u00fcnl\u00fckleri (loglar) merkezi olarak toplanmal\u0131, anormal aktiviteler veya g\u00fcvenlik ihlali giri\u015fimleri i\u00e7in s\u00fcrekli olarak izlenmelidir. Ayr\u0131ca, PKI altyap\u0131s\u0131, WebTrust veya ETSI gibi standartlara uygunlu\u011funu do\u011frulamak i\u00e7in d\u00fczenli olarak ba\u011f\u0131ms\u0131z \u00fc\u00e7\u00fcnc\u00fc taraf denet\u00e7iler taraf\u0131ndan denetlenmelidir. Bu denetimler, PKI&#8217;nin g\u00fcvenilirli\u011fini ve end\u00fcstri standartlar\u0131na uygunlu\u011funu kan\u0131tlar.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Kurumsal-PKI-ve-Dijital-Sertifika-Cozumleri-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\"><\/span>Kurumsal PKI ve Dijital Sertifika \u00c7\u00f6z\u00fcmleri \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A\u00e7\u0131k Anahtar Altyap\u0131s\u0131 (PKI) ve dijital sertifikalar, g\u00fcn\u00fcm\u00fcz\u00fcn dijital ekonomisinde g\u00fcvenli\u011fin temelini olu\u015fturur. Web sitenizin g\u00fcvenli\u011finden e-posta ileti\u015fiminize, kurumsal a\u011flar\u0131n\u0131zdan yaz\u0131l\u0131m da\u011f\u0131t\u0131m\u0131na kadar her alanda dijital kimliklerin do\u011frulanmas\u0131 ve verilerin korunmas\u0131 kritik bir zorunluluktur. Bu karma\u015f\u0131k ve hayati altyap\u0131y\u0131 y\u00f6netmek, uzmanl\u0131k, g\u00fcvenilirlik ve kesintisiz destek gerektirir. \u0130HS Telekom, y\u0131llara dayanan tecr\u00fcbesi ve g\u00fc\u00e7l\u00fc altyap\u0131s\u0131 ile kurumsal PKI ve dijital sertifika ihtiya\u00e7lar\u0131n\u0131z i\u00e7in g\u00fcvenilir bir i\u015f orta\u011f\u0131d\u0131r. Global Sertifika Otoriteleri ile olan i\u015f ortakl\u0131klar\u0131m\u0131z sayesinde, i\u015fletmenizin ihtiya\u00e7lar\u0131na en uygun SSL\/TLS, kod imzalama, e-posta ve belge imzalama sertifikalar\u0131n\u0131 rekabet\u00e7i fiyatlarla sunuyoruz. S\u00fcrekli de\u011fi\u015fen siber g\u00fcvenlik tehditlerine kar\u015f\u0131 en g\u00fcncel ve g\u00fcvenilir \u00e7\u00f6z\u00fcmleri \u0130HS Telekom g\u00fcvencesiyle elde edebilir, dijital varl\u0131klar\u0131n\u0131z\u0131 en \u00fcst d\u00fczeyde koruma alt\u0131na alabilirsiniz.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dijitalle\u015fen d\u00fcnyada, \u00e7evrimi\u00e7i etkile\u015fimlerin g\u00fcvenli\u011fi her zamankinden daha kritik hale gelmi\u015ftir. Kimlik h\u0131rs\u0131zl\u0131\u011f\u0131, veri ihlalleri ve siber sald\u0131r\u0131lar gibi tehditler, bireylerin ve&hellip;<\/p>\n","protected":false},"author":3,"featured_media":15807,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[400],"tags":[],"class_list":["post-15806","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ssl-sertifikasi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=15806"}],"version-history":[{"count":1,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15806\/revisions"}],"predecessor-version":[{"id":15808,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15806\/revisions\/15808"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/15807"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=15806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=15806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=15806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}