使用3.55-Kmeaw連線PSN - 改機
By Joe
at 2011-02-12T13:07
at 2011-02-12T13:07
Table of Contents
SSL 簽證的部份已經搞定了,剩下 DNS解析的部份。需要 Linux環境(cygwin或
原生 Linux)跟OpenSSL 套件。
在cygwin裡面建議安裝apt-cyg 工具,就可以利用類似Debian/Ubuntu/Cydia 裡
面的apt 指令直接安裝套件,不用再跳出來執行setup.exe 。以下指令中 $是提
示字元。
指令:
$ wget http://apt-cyg.googlecode.com/svn/trunk/apt-cyg
$ chmod +x apt-cyg
$ mv apt-cyg /usr/bin
然後安裝OpenSSL
指令:
$ apt-cyg install openssl
靜待執行結束
Step 1-1. 生出最高層認證中心 Root CA
指令:(以cygwin為例, Linux的路徑是/etc/ssl)
$ cd /usr/ssl //進入 ssl程式工作目錄
$ openssl rand -out /usr/ssl/private/.rand 1024 //製作亂數檔
$ vi /usr/ssl/openssl.cnf //進入編輯器
//找到 dir = ./demoCA
//改成 dir = /usr/ssl
不會用vi的人可以用其他編輯器,但請存成Unix換行格式
Step 1-2. 生出最高層認證中心的私鑰(rootca.key)
指令:
$ openssl genrsa -des3 -out rootca.key 2048 //產生最高層的私鑰
Generating RSA private key, 2048 bit long modulus
.............................................................................
..............+++
.............................................................................
...+++
e is 65537 (0x10001)
Enter pass phrase for rootca.key: //設定密碼
Verifying - Enter pass phrase for rootca.key: //重新確認密碼
Step 1-3. 填寫憑證申請書(rootca.req)
$ openssl req -new -key rootca.key -out rootca.req
Enter pass phrase for rootca.key: //輸入剛剛設定的密碼
You are about to be asked to enter information that will be incorporated \\
into your certificate request.
What you are about to enter is what is called a Distinguished Name or \\
a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW //輸入基本資料
State or Province Name (full name) [Some-State]:Taiwan R.O.C
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NTU
Organizational Unit Name (eg, section) []:ptt
Common Name (eg, YOUR name) []:Modchip
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //直接按Enter 跳過
An optional company name []: //直接按Enter 跳過
Step 1-4. 把憑證(rootca.crt)簽出來
指令:
$ openssl x509 -req -days 7305 -sha1 -extfile /usr/ssl/openssl.cnf \\
-extensions v3_ca -signkey rootca.key -in rootca.req -out rootca.crt
Signature ok
subject=/C=TW/ST=Taiwan R.O.C/L=Taipei/O=NTU/OU=ptt/CN=Modichip/
[email protected]
Getting Private key
Enter pass phrase for rootca.key: //輸入最高層密碼
Step 2-1.製作 PSN伺服器的私鑰(auth.np.ac.playstation.net.key)
指令:
$ openssl genrsa -out auth.np.ac.playstation.net.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................................
.......................+++
........................................................................+++
e is 65537 (0x10001)
Step 2-2. 填寫 PSN伺服器的憑證申請書(auth.np.ac.playstation.net.req)
指令:
$ openssl req -new -key auth.np.ac.playstation.net.key -out \\
auth.np.ac.playstation.net.req
You are about to be asked to enter information that will be \\
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or \\
a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan R.O.C
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NTU
Organizational Unit Name (eg, section) []:ptt
Common Name (eg, YOUR name) []:Modchip
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //直接按Enter跳過
An optional company name []: //一樣按Enter跳過
Step 2-3. 用最高層認證中心簽憑證給(auth.np.ac.playstation.net)
$ openssl x509 -req -days 3650 -sha1 -extfile /usr/ssl/openssl.cnf \\
-extensions v3_req -CA rootca.crt -CAkey rootca.key -CAserial \\
rootca.srl -CAcreateserial -in auth.np.ac.playstation.net.req -out \\
auth.np.ac.playstation.net.crt
Signature ok
subject=/C=TW/ST=Taiwan R.O.C/L=Taipei/O=NTU/OU=ptt/CN=Modchip/\\
[email protected]
Getting CA Private Key
Enter pass phrase for rootca.key: //輸入最高層密碼
這樣就可以得到rootca.crt跟auth.np.ac.playstation.net.crt,應該就是原文
所提到,自己製作的CA SSL憑證。
******
參考資訊:http://www.tc.umn.edu/~brams006/selfsign.html
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
原生 Linux)跟OpenSSL 套件。
在cygwin裡面建議安裝apt-cyg 工具,就可以利用類似Debian/Ubuntu/Cydia 裡
面的apt 指令直接安裝套件,不用再跳出來執行setup.exe 。以下指令中 $是提
示字元。
指令:
$ wget http://apt-cyg.googlecode.com/svn/trunk/apt-cyg
$ chmod +x apt-cyg
$ mv apt-cyg /usr/bin
然後安裝OpenSSL
指令:
$ apt-cyg install openssl
靜待執行結束
Step 1-1. 生出最高層認證中心 Root CA
指令:(以cygwin為例, Linux的路徑是/etc/ssl)
$ cd /usr/ssl //進入 ssl程式工作目錄
$ openssl rand -out /usr/ssl/private/.rand 1024 //製作亂數檔
$ vi /usr/ssl/openssl.cnf //進入編輯器
//找到 dir = ./demoCA
//改成 dir = /usr/ssl
不會用vi的人可以用其他編輯器,但請存成Unix換行格式
Step 1-2. 生出最高層認證中心的私鑰(rootca.key)
指令:
$ openssl genrsa -des3 -out rootca.key 2048 //產生最高層的私鑰
Generating RSA private key, 2048 bit long modulus
.............................................................................
..............+++
.............................................................................
...+++
e is 65537 (0x10001)
Enter pass phrase for rootca.key: //設定密碼
Verifying - Enter pass phrase for rootca.key: //重新確認密碼
Step 1-3. 填寫憑證申請書(rootca.req)
$ openssl req -new -key rootca.key -out rootca.req
Enter pass phrase for rootca.key: //輸入剛剛設定的密碼
You are about to be asked to enter information that will be incorporated \\
into your certificate request.
What you are about to enter is what is called a Distinguished Name or \\
a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW //輸入基本資料
State or Province Name (full name) [Some-State]:Taiwan R.O.C
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NTU
Organizational Unit Name (eg, section) []:ptt
Common Name (eg, YOUR name) []:Modchip
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //直接按Enter 跳過
An optional company name []: //直接按Enter 跳過
Step 1-4. 把憑證(rootca.crt)簽出來
指令:
$ openssl x509 -req -days 7305 -sha1 -extfile /usr/ssl/openssl.cnf \\
-extensions v3_ca -signkey rootca.key -in rootca.req -out rootca.crt
Signature ok
subject=/C=TW/ST=Taiwan R.O.C/L=Taipei/O=NTU/OU=ptt/CN=Modichip/
[email protected]
Getting Private key
Enter pass phrase for rootca.key: //輸入最高層密碼
Step 2-1.製作 PSN伺服器的私鑰(auth.np.ac.playstation.net.key)
指令:
$ openssl genrsa -out auth.np.ac.playstation.net.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................................
.......................+++
........................................................................+++
e is 65537 (0x10001)
Step 2-2. 填寫 PSN伺服器的憑證申請書(auth.np.ac.playstation.net.req)
指令:
$ openssl req -new -key auth.np.ac.playstation.net.key -out \\
auth.np.ac.playstation.net.req
You are about to be asked to enter information that will be \\
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or \\
a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan R.O.C
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NTU
Organizational Unit Name (eg, section) []:ptt
Common Name (eg, YOUR name) []:Modchip
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //直接按Enter跳過
An optional company name []: //一樣按Enter跳過
Step 2-3. 用最高層認證中心簽憑證給(auth.np.ac.playstation.net)
$ openssl x509 -req -days 3650 -sha1 -extfile /usr/ssl/openssl.cnf \\
-extensions v3_req -CA rootca.crt -CAkey rootca.key -CAserial \\
rootca.srl -CAcreateserial -in auth.np.ac.playstation.net.req -out \\
auth.np.ac.playstation.net.crt
Signature ok
subject=/C=TW/ST=Taiwan R.O.C/L=Taipei/O=NTU/OU=ptt/CN=Modchip/\\
[email protected]
Getting CA Private Key
Enter pass phrase for rootca.key: //輸入最高層密碼
這樣就可以得到rootca.crt跟auth.np.ac.playstation.net.crt,應該就是原文
所提到,自己製作的CA SSL憑證。
******
參考資訊:http://www.tc.umn.edu/~brams006/selfsign.html
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
Tags:
改機
All Comments
By Hedy
at 2011-02-17T06:46
at 2011-02-17T06:46
By Hazel
at 2011-02-21T12:15
at 2011-02-21T12:15
By Bennie
at 2011-02-26T06:12
at 2011-02-26T06:12
By Faithe
at 2011-02-27T01:22
at 2011-02-27T01:22
By Elvira
at 2011-03-01T22:15
at 2011-03-01T22:15
By Michael
at 2011-03-06T06:07
at 2011-03-06T06:07
By Joe
at 2011-03-09T05:53
at 2011-03-09T05:53
Related Posts
如何證明此機未改 (在影片中)
By Adele
at 2011-02-12T12:20
at 2011-02-12T12:20
使用3.55-Kmeaw連線PSN
By Olive
at 2011-02-12T10:26
at 2011-02-12T10:26
刷回官方OFW3.55黑畫面
By Franklin
at 2011-02-12T09:49
at 2011-02-12T09:49
Ak2i無法更新AKAIO 1.8.5
By Elma
at 2011-02-12T09:39
at 2011-02-12T09:39
6.35PRO-A2執行體驗版失敗
By Edwina
at 2011-02-12T08:09
at 2011-02-12T08:09