Re: [PS3 ] 使用3.55-Kmeaw連線PSN

看板Modchip作者cassine (Savannah)時間13年前 (2011/02/12 13:07)推噓5(5推 0噓 2→)

留言7則, 6人參與討論串2/6 (看更多)

SSL 簽證的部份已經搞定了，剩下 DNS解析的部份。需要 Linux環境（cygwin或原生 Linux）跟OpenSSL 套件。在cygwin裡面建議安裝apt-cyg 工具，就可以利用類似Debian/Ubuntu/Cydia 裡面的apt 指令直接安裝套件，不用再跳出來執行setup.exe 。以下指令中 $是提示字元。指令： $ wget http://apt-cyg.googlecode.com/svn/trunk/apt-cyg $ chmod +x apt-cyg $ mv apt-cyg /usr/bin 然後安裝OpenSSL 指令： $ apt-cyg install openssl 靜待執行結束 Step 1-1. 生出最高層認證中心 Root CA 指令：（以cygwin為例， Linux的路徑是/etc/ssl） $ cd /usr/ssl //進入 ssl程式工作目錄 $ openssl rand -out /usr/ssl/private/.rand 1024 //製作亂數檔 $ vi /usr/ssl/openssl.cnf //進入編輯器 //找到 dir = ./demoCA //改成 dir = /usr/ssl 不會用vi的人可以用其他編輯器，但請存成Unix換行格式 Step 1-2. 生出最高層認證中心的私鑰(rootca.key) 指令： $ openssl genrsa -des3 -out rootca.key 2048 //產生最高層的私鑰 Generating RSA private key, 2048 bit long modulus ............................................................................. ..............+++ ............................................................................. ...+++ e is 65537 (0x10001) Enter pass phrase for rootca.key: //設定密碼 Verifying - Enter pass phrase for rootca.key: //重新確認密碼 Step 1-3. 填寫憑證申請書(rootca.req) $ openssl req -new -key rootca.key -out rootca.req Enter pass phrase for rootca.key: //輸入剛剛設定的密碼 You are about to be asked to enter information that will be incorporated \\ into your certificate request. What you are about to enter is what is called a Distinguished Name or \\ a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:TW //輸入基本資料 State or Province Name (full name) [Some-State]:Taiwan R.O.C Locality Name (eg, city) []:Taipei Organization Name (eg, company) [Internet Widgits Pty Ltd]:NTU Organizational Unit Name (eg, section) []:ptt Common Name (eg, YOUR name) []:Modchip Email Address []:Modchip.bbs@ptt.cc Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: //直接按Enter 跳過 An optional company name []: //直接按Enter 跳過 Step 1-4. 把憑證(rootca.crt)簽出來指令： $ openssl x509 -req -days 7305 -sha1 -extfile /usr/ssl/openssl.cnf \\ -extensions v3_ca -signkey rootca.key -in rootca.req -out rootca.crt Signature ok subject=/C=TW/ST=Taiwan R.O.C/L=Taipei/O=NTU/OU=ptt/CN=Modichip/ emailAddress=Modchoip.bbs@ptt.cc Getting Private key Enter pass phrase for rootca.key: //輸入最高層密碼 Step 2-1.製作 PSN伺服器的私鑰(auth.np.ac.playstation.net.key) 指令： $ openssl genrsa -out auth.np.ac.playstation.net.key 2048 Generating RSA private key, 2048 bit long modulus ............................................................................. .......................+++ ........................................................................+++ e is 65537 (0x10001) Step 2-2. 填寫 PSN伺服器的憑證申請書(auth.np.ac.playstation.net.req) 指令： $ openssl req -new -key auth.np.ac.playstation.net.key -out \\ auth.np.ac.playstation.net.req You are about to be asked to enter information that will be \\ incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or \\ a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:TW State or Province Name (full name) [Some-State]:Taiwan R.O.C Locality Name (eg, city) []:Taipei Organization Name (eg, company) [Internet Widgits Pty Ltd]:NTU Organizational Unit Name (eg, section) []:ptt Common Name (eg, YOUR name) []:Modchip Email Address []:Modchip.bbs@ptt.cc Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: //直接按Enter跳過 An optional company name []: //一樣按Enter跳過 Step 2-3. 用最高層認證中心簽憑證給(auth.np.ac.playstation.net) $ openssl x509 -req -days 3650 -sha1 -extfile /usr/ssl/openssl.cnf \\ -extensions v3_req -CA rootca.crt -CAkey rootca.key -CAserial \\ rootca.srl -CAcreateserial -in auth.np.ac.playstation.net.req -out \\ auth.np.ac.playstation.net.crt Signature ok subject=/C=TW/ST=Taiwan R.O.C/L=Taipei/O=NTU/OU=ptt/CN=Modchip/\\ emailAddress=Modchip.bbs@ptt.cc Getting CA Private Key Enter pass phrase for rootca.key: //輸入最高層密碼這樣就可以得到rootca.crt跟auth.np.ac.playstation.net.crt，應該就是原文所提到，自己製作的CA SSL憑證。 ****** 參考資訊：http://www.tc.umn.edu/~brams006/selfsign.html -- ○ ____ _ _ _ _ ____ _ _ ____ _____ ____ 。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \ ｏ _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧ (____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★ ｏ -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 140.120.31.133

推

satou20444

02/12 13:19, , 1^F

02/12 13:19, 1^F

推

ilwu

02/12 13:41, , 2^F

02/12 13:41, 2^F

→

cassine

02/12 13:58, , 3^F

02/12 13:58, 3^F