Update the self-signed certificate config

self-signed certificate
2024-11-24 14:48:11 +08:00 · 2024-08-27 18:36:53 +08:00 · 2024-08-27 18:36:53 +08:00 · 9b3303faa0
commit 9b3303faa0
parent 26adb4235d
9 changed files with 250 additions and 94 deletions
--- a/自签证书傻瓜式批处理包/config_childCA.txt
+++ b/自签证书傻瓜式批处理包/config_childCA.txt
@ -1,51 +1,162 @@
 [ req ]			
-default_bits				= 2048
+default_bits		 = 	2048
 			
-prompt					= no
-distinguished_name			= req_distinguished_name
-req_extensions				= v3_req
+prompt		 = 	no
+distinguished_name		  = 	req_distinguished_name
+req_extensions		  = 	v3_req
 			
 [ req_distinguished_name ]			
-countryName				= CN
-organizationName			= FuckGFW Foundation
-commonName				= PixivCA
+countryName		 = 	CN
+organizationName		 = 	C15412
+commonName		 = 	C15412
 			
 [ alternate_names ]			
-DNS.01 = *.pixiv.net
-DNS.02 = pixiv.net
-DNS.03 = *.secure.pixiv.net
-DNS.04 = pixivision.net
-DNS.05 = *.pixivision.net
-DNS.06 = pixiv.me
-DNS.07 = *.pixiv.me
-DNS.08 = pximg.net
-DNS.09 = *.pximg.net
-DNS.10 = pixivsketch.net
-DNS.11 = *.pixivsketch.net
-DNS.12 = public-api.secure.pixiv.net
-DNS.13 = wikipedia.org
-DNS.14 = *.wikipedia.org
-DNS.15 = m.wikipedia.org
-DNS.16 = *.m.wikipedia.org
-DNS.17 = google.com
-DNS.18 = *.google.com
-DNS.19 = steamcommunity.com
-DNS.20 = *.steamcommunity.com
-DNS.21 = steampowered.com
-DNS.22 = *.steampowered.com
-DNS.23 = archiveofourown.org
-DNS.24 = *.archiveofourown.org
-DNS.25 = nyaa.si
-DNS.26 = *.nyaa.si
-DNS.27 = wikimedia.org
-DNS.28 = upload.wikimedia.org
-DNS.29 = exhentai.org
-DNS.30 = e-hentai.org
-DNS.31 = forums.e-hentai.org
+DNS.0001	 = 	*.pixiv.net	
+DNS.0002	 = 	pixiv.net	
+DNS.0003	 = 	*.secure.pixiv.net	
+DNS.0004	 = 	pixivision.net	
+DNS.0005	 = 	*.pixivision.net	
+DNS.0006	 = 	pixiv.me	
+DNS.0007	 = 	*.pixiv.me	
+DNS.0008	 = 	pximg.net	
+DNS.0009	 = 	*.pximg.net	
+DNS.0010	 = 	pixivsketch.net	
+DNS.0011	 = 	*.pixivsketch.net	
+DNS.0012	 = 	public-api.secure.pixiv.net	
+DNS.0013	 = 	wikipedia.org	
+DNS.0014	 = 	*.wikipedia.org	
+DNS.0015	 = 	m.wikipedia.org	
+DNS.0016	 = 	*.m.wikipedia.org	
+DNS.0017	 = 	google.com	
+DNS.0018	 = 	*.google.com	
+DNS.0019	 = 	archiveofourown.org	
+DNS.0020	 = 	*.archiveofourown.org	
+DNS.0021	 = 	nyaa.si	
+DNS.0022	 = 	*.nyaa.si	
+DNS.0023	 = 	wikimedia.org	
+DNS.0024	 = 	upload.wikimedia.org	
+DNS.0025	 = 	exhentai.org	
+DNS.0026	 = 	e-hentai.org	
+DNS.0027	 = 	*.e-hentai.org	
+DNS.0028	 = 	ehgt.org	
+DNS.0029	 = 	discordapp.com	
+DNS.0030	 = 	*.discordapp.com	
+DNS.0031	 = 	discordapp.net	
+DNS.0032	 = 	*.discordapp.net	
+DNS.0033	 = 	discord.com	
+DNS.0034	 = 	*.discord.com	
+DNS.0035	 = 	discord.gg	
+DNS.0036	 = 	*.discord.gg	
+DNS.0037	 = 	ext-twitch.tv	
+DNS.0038	 = 	*.ext-twitch.tv	
+DNS.0039	 = 	twitch.tv	
+DNS.0040	 = 	*.twitch.tv	
+DNS.0041	 = 	ubi.com	
+DNS.0042	 = 	*.ubi.com	
+DNS.0043	 = 	mega.co.nz	
+DNS.0044	 = 	*.mega.co.nz	
+DNS.0045	 = 	mega.nz	
+DNS.0046	 = 	*.mega.nz	
+DNS.0047	 = 	mega.io	
+DNS.0048	 = 	*.mega.io	
+DNS.0049	 = 	steamcommunity.com	
+DNS.0050	 = 	*.steamcommunity.com	
+DNS.0051	 = 	steampowered.com	
+DNS.0052	 = 	*.steampowered.com	
+DNS.0053	 = 	*.steamstatic.com	
+DNS.0054	 = 	*.akamai.steamstatic.com	
+DNS.0055	 = 	akamaihd.net	
+DNS.0056	 = 	*.akamaihd.net	
+DNS.0057	 = 	*.akamaized.net	
+DNS.0058	 = 	*.akamaiedge.net	
+DNS.0059	 = 	dlsite.com	
+DNS.0060	 = 	*.dlsite.com	
+DNS.0061	 = 	*.dlsite.jp	
+DNS.0062	 = 	*.origin.com	
+DNS.0063	 = 	*.ea.com	
+DNS.0064	 = 	githubusercontent.com	
+DNS.0065	 = 	*.githubusercontent.com	
+DNS.0066	 = 	github.com	
+DNS.0067	 = 	*.github.com	
+DNS.0068	 = 	c15412.*	
+DNS.0069	 = 	127.*.*.*	
+DNS.0070	 = 	patreon.com	
+DNS.0071	 = 	*.patreon.com	
+DNS.0072	 = 	patreonusercontent.com	
+DNS.0073	 = 	*.patreonusercontent.com	
+DNS.0074	 = 	fanbox.cc	
+DNS.0075	 = 	downloads.fanbox.cc	
+DNS.0076	 = 	*.fanbox.cc	
+DNS.0077	 = 	*.ggpht.com	
+DNS.0078	 = 	githubassets.com	
+DNS.0079	 = 	*.githubassets.com	
+DNS.0080	 = 	127.0.0.1	
+DNS.0081	 = 	doh.sb	
+DNS.0082	 = 	dns.sb	
+DNS.0083	 = 	*.dns.sb	
+DNS.0084	 = 	*.googlevideo.com	
+DNS.0085	 = 	*.freenom.com	
+DNS.0086	 = 	*.steam-chat.com	
+DNS.0087	 = 	steam-chat.com	
+DNS.0088	 = 	*.twitter.com	
+DNS.0089	 = 	twitter.com	
+DNS.0090	 = 	twimg.com	
+DNS.0091	 = 	*.twimg.com	
+DNS.0092	 = 	t.co	
+DNS.0093	 = 	apkpure.com	
+DNS.0094	 = 	*.apkpure.com	
+DNS.0095	 = 	nhentai.net	
+DNS.0096	 = 	*.nhentai.net	
+DNS.0097	 = 	*.SharePoint.com	
+DNS.0098	 = 	iwara.tv	
+DNS.0099	 = 	*.iwara.tv	
+DNS.0100	 = 	paypal.com	
+DNS.0101	 = 	*.paypal.com	
+DNS.0102	 = 	paypalobjects.com	
+DNS.0103	 = 	*.paypalobjects.com	
+DNS.0104	 = 	*.cloudflare.steamstatic.com	
+DNS.0105	 = 	Instagram.com	
+DNS.0106	 = 	*.Instagram.com	
+DNS.0107	 = 	*.*.Instagram.com	
+DNS.0108	 = 	*.*.*.Instagram.com	
+DNS.0109	 = 	*.ig.me	
+DNS.0110	 = 	ig.me	
+DNS.0111	 = 	*.instagr.am	
+DNS.0112	 = 	instagr.am	
+DNS.0113	 = 	*.cdninstagram.com	
+DNS.0114	 = 	guangdongvideo.com	
+DNS.0115	 = 	*.guangdongvideo.com	
+DNS.0116	 = 	fc2.com	
+DNS.0117	 = 	*.live.fc2.com	
+DNS.0118	 = 	*.fc2.com	
+DNS.0119	 = 	*.google.ru
+DNS.0120	 = 	*.bilivideo.cn
+DNS.0121	 = 	*.bilivideo.com
+DNS.0122	 = 	*.steamserver.net
+DNS.0123	 = 	*.exhentai.org	
+DNS.0124	 = 	wixmp.com	
+DNS.0125	 = 	*.wixmp.com	
+DNS.0126	 = 	ci-en.jp	
+DNS.0127	 = 	*.ci-en.jp	
+DNS.0128	 = 	reddit.com	
+DNS.0129	 = 	*.reddit.com	
+DNS.0130	 = 	redd.it	
+DNS.0131	 = 	*.redd.it	
+DNS.0132	 = 	redditstatic.com	
+DNS.0133	 = 	*.redditstatic.com	
+DNS.0134	 = 	redditmedia.com	
+DNS.0135	 = 	*.redditmedia.com	
+DNS.0136	 = 	*.thumbs.redditmedia.com	
+DNS.0137	 = 	wallhaven.cc	
+DNS.0138	 = 	*.wallhaven.cc	
+DNS.0139	 = 	x.com	
+DNS.0140	 = 	*.x.com
+			
+			
 			
 [ v3_req ]			
-keyUsage				= digitalSignature
-extendedKeyUsage			= serverAuth,clientAuth
-basicConstraints			= CA:false
-subjectAltName				= @alternate_names
-subjectKeyIdentifier			= hash
+keyUsage		 = 	digitalSignature
+extendedKeyUsage		 = 	"serverAuth,clientAuth"
+basicConstraints		 = 	CA:false
+subjectAltName		 = 	@alternate_names
+subjectKeyIdentifier		 = 	hash
--- a/自签证书傻瓜式批处理包/config_rootCA.txt
+++ b/自签证书傻瓜式批处理包/config_rootCA.txt
@ -1,17 +1,30 @@
-[ req ]
-default_bits			= 2048
+[	req	]
+default_bits			=	2048

-prompt				= no
-distinguished_name		= req_distinguished_name
-v3_extensions			= v3_ext
+prompt				=	no
+distinguished_name		=	req_distinguished_name
+x509_extensions	= v3_ca
+v3_extensions			=	v3_ext

-[ req_distinguished_name ]
-countryName			= CN
-organizationName		= FuckGFW Foundation
-commonName			= Pixiv.net
+[	req_distinguished_name	]
+countryName		=	CN
+organizationName		=	NginxReverseProxy
+commonName			=	Pixiv.net

-[ v3_ext ]
-keyUsage			= keyCertSign,cRLSign
-basicConstraints		= CA:true
-subjectKeyIdentifier		= hash
-authorityKeyIdentifier		= keyid,issuer
+[	v3_ext	]
+keyUsage			=	keyCertSign,cRLSign
+basicConstraints		=	critical,CA:true
+subjectKeyIdentifier		=	hash
+authorityKeyIdentifier		=	keyid,issuer
+
+[ v3_ca ]
+basicConstraints = critical,CA:TRUE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+
+[ v3_req ]
+keyUsage		 = 	digitalSignature
+extendedKeyUsage		 = 	"serverAuth,clientAuth"
+basicConstraints		 = 	CA:TRUE
+subjectAltName		 = 	@alternate_names
+subjectKeyIdentifier		 = 	hash
--- a/自签证书傻瓜式批处理包/config_signCA.txt
+++ b/自签证书傻瓜式批处理包/config_signCA.txt
@ -1,24 +1,24 @@
-[ ca ]
-default_ca		= myca
+[	ca	]
+default_ca		=	myca

-[ myca ]
-serial			= ./crtserial.srl
-database		= ./index.txt
-new_certs_dir		= ./
-certificate		= ./rootCA.crt
-private_key		= ./rootCA.key
-default_md		= sha256
-default_days		= 365
-unique_subject		= no
-policy			= my_policy
-copy_extensions		= copy
+[	myca	]
+serial			=	./crtserial.srl
+database		=	./index.txt
+new_certs_dir		=	./
+certificate		=	./rootCA.crt
+private_key		=	./rootCA.key
+default_md		=	sha256
+default_days		=	3650
+unique_subject		=	no
+policy			=	my_policy
+copy_extensions		=	copy


-[ my_policy ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
+[	my_policy	]
+countryName		=	optional
+stateOrProvinceName	=	optional
+localityName		=	optional
+organizationName		=	optional
+organizationalUnitName	=	optional
+commonName		=	supplied
+emailAddress		=	optional
--- a/自签证书傻瓜式批处理包/★使用说明★.txt
+++ b/自签证书傻瓜式批处理包/★使用说明★.txt
@ -2,4 +2,8 @@

 2.第一次使用时直接使用「【限初次使用】一键生成根证书和子证书.bat」并将rootCA.crt安装到系统受信任的根证书列表即可，生成的Pixiv.key和Pixiv.crt可替换软件自带的CA。

-3.需要添加域名时打开「config_childCA.txt」加入，完后使用「【修改config_childCA.txt后使用】重新签发子证书.bat」，将新生成的Pixiv.crt替换Nginx目录原先的文件，在系统host文件添加「127.0.0.1 域名」的字段, 并修改根目录「/conf/pixiv.conf」。
+3.需要添加域名时通过修改「config_childCA.txt」加入
+
+4.修改完后使用「【修改config_childCA.txt后使用】重新签发子证书.bat」，将新生成的「Pixiv.crt」和「pixiv.net.key」替换Nginx证书目录「/conf/ca」原先的文件，在系统host文件添加「127.0.0.1 域名」的字段
+
+5.配置文件更新时仅需进行复制替换「config_childCA.txt」然后进行第4步
--- a/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat
+++ b/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat
@ -1,4 +1,5 @@
 del /f /s /q pixiv.net.csr
 del /f /s /q pixiv.net.crt
-openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt
-openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt
+.\openssl\openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt
+.\openssl\openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt
+pause
--- a/自签证书傻瓜式批处理包/【已安装openssl使用】【修改config_childCA.txt后使用】重新签发子证书.bat
+++ b/自签证书傻瓜式批处理包/【已安装openssl使用】【修改config_childCA.txt后使用】重新签发子证书.bat
@ -0,0 +1,5 @@
+del /f /s /q pixiv.net.csr
+del /f /s /q pixiv.net.crt
+openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt
+openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt
+pause
--- a/自签证书傻瓜式批处理包/【已安装openssl使用】【限初次使用】一键生成根证书和子证书.bat
+++ b/自签证书傻瓜式批处理包/【已安装openssl使用】【限初次使用】一键生成根证书和子证书.bat
@ -0,0 +1,8 @@
+echo 01 > crtserial.srl
+break > index.txt
+openssl genrsa -out pixiv.net.key 2048
+openssl genrsa -out rootCA.key 2048
+openssl req -new -x509 -key rootCA.key -out rootCA.crt -days 3650 -config config_rootCA.txt
+openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt
+openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt
+pause
--- a/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat
+++ b/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat
@ -1,7 +1,8 @@
 echo 01 > crtserial.srl
 break > index.txt
-openssl genrsa -out pixiv.net.key 2048
-openssl genrsa -out rootCA.key 2048
-openssl req -new -x509 -key rootCA.key -out rootCA.crt -days 3650 -config config_rootCA.txt
-openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt
-openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt
+.\openssl\openssl genrsa -out pixiv.net.key 2048
+.\openssl\openssl genrsa -out rootCA.key 2048
+.\openssl\openssl req -new -x509 -key rootCA.key -out rootCA.crt -days 3650 -config config_rootCA.txt
+.\openssl\openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt
+.\openssl\openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt
+pause
--- a/自签证书傻瓜式批处理包/自签证书★使用说明★.txt
+++ b/自签证书傻瓜式批处理包/自签证书★使用说明★.txt
@ -0,0 +1,13 @@
+1、
+配置文件一起的还有一个openssl压缩包，可供未安装openssl的使用，把压缩包里面的openssl文件夹解压到自签证书批处理包的文件夹里面即可
+
+2.第一次使用时直接使用「【限初次使用】一键生成根证书和子证书.bat」并将　rootCA.crt　安装到　系统　受信任的根证书颁发机构　目录下，生成的Pixiv.net.key和Pixiv.net.crt可替换软件自带的CA。
+
+导入根证书具体操作：双击打开rootCA.crt，点击“安装证书”，进入“证书导入向导”，存储位置选择“本地计算机”，单击“下一步”继续，选择“将所有的证书都放入下列存储”，然后点击“浏览”，选择“受信任的根证书颁发机构”，然后点击“确定”，然后点击“下一步”，最后点击“完成”
+
+
+3.需要添加域名时打开「config_childCA.txt」加入，完后使用「【修改config_childCA.txt后使用】重新签发子证书.bat」，将新生成的Pixiv.net.crt和Pixiv.net.key替换Nginx目录原先的文件，在系统host文件添加「127.0.0.1 域名」的字段, 并修改根目录「/conf/pixiv.conf」。
+
+
+生成的子证书存放目录：nginx安装目录/conf/ca
+生成证书时如果需要操作请输入英文字母y然后回车