搞一个steam社区的本地反带,搞了一天
前提装置openssl

server私钥openssl genrsa -out server.key 1024server公钥openssl rsa -in server.key -pubout -out server.pemclient私钥openssl genrsa -out client.key 1024client公钥openssl rsa -in client.key -pubout -out client.pem注册ca,让本人变成注册商,自签证书后导入到可信赖证书ca私钥openssl genrsa -out ca.key 1024自签证书openssl req -config openssl.cnf -key ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca.crt制作服务器私钥,和申请文件私钥openssl genrsa -out server.key 1024私钥申请文件openssl req -config openssl.cnf -new -key server.key -out server.csrecho 00 > serial | copy nul  index.txt用申请文件到ca签发,生成ca_server.crtca签发openssl ca -config openssl.cnf -extensions server_cert -days 3650 -md sha256 -in server.csr -out ca_server.crt零碎曾经有了你的ca机构证书,所以服务器证书就会被认为是正规ca机构签发的最初用server.keyg和ca_server.crt

openssl.cnf

[ ca ]# `man ca`default_ca = CA_default[ CA_default ]# Directory and file locations.dir               = C:/Users/Administrator/Desktop/certs  #这里改成理论目录certs             = $dir/certscrl_dir           = $dir/crlnew_certs_dir     = $dir/newcertsdatabase          = $dir/index.txtserial            = $dir/serialRANDFILE          = $dir/private/.rand# The root key and root certificate.private_key       = $dir/ca.keycertificate       = $dir/ca.crt# For certificate revocation lists.crlnumber         = $dir/crlnumbercrl               = $dir/crl/ca.crl.pemcrl_extensions    = crl_extdefault_crl_days  = 30# SHA-1 is deprecated, so use SHA-2 instead.default_md        = sha256name_opt          = ca_defaultcert_opt          = ca_defaultdefault_days      = 375preserve          = nopolicy            = policy_strict[ policy_strict ]# The root CA should only sign intermediate certificates that match.# See the POLICY FORMAT section of `man ca`.countryName             = matchstateOrProvinceName     = matchorganizationName        = matchorganizationalUnitName  = optionalcommonName              = suppliedemailAddress            = optional[ policy_loose ]# Allow the intermediate CA to sign a more diverse range of certificates.# See the POLICY FORMAT section of the `ca` man page.countryName             = optionalstateOrProvinceName     = optionallocalityName            = optionalorganizationName        = optionalorganizationalUnitName  = optionalcommonName              = suppliedemailAddress            = optional[ req ]# Options for the `req` tool (`man req`).default_bits        = 2048distinguished_name  = req_distinguished_namestring_mask         = utf8only# SHA-1 is deprecated, so use SHA-2 instead.default_md          = sha256# Extension to add when the -x509 option is used.x509_extensions     = v3_careq_extensions = v3_req[ req_distinguished_name ]# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.countryName                     = Country Name (2 letter code)stateOrProvinceName             = State or Province NamelocalityName                    = Locality Name0.organizationName              = Organization NameorganizationalUnitName          = Organizational Unit NamecommonName                      = Common NameemailAddress                    = Email Address# Optionally, specify some defaults.countryName_default             = CNstateOrProvinceName_default     = HeBeilocalityName_default            = BaoDing0.organizationName_default      = ShanYouorganizationalUnitName_default =  ShanYoucommonName_default = ShanYouemailAddress_default           = mail@shanyou.ltd[ v3_req ]# Extensions to add to a certificate requestbasicConstraints = CA:FALSEkeyUsage = nonRepudiation, digitalSignature, keyEnciphermentsubjectAltName = @alt_names[ alt_names ]DNS.1 = steamcommunity.com   #这里批改为你的映射网址(hosts我批改为"我的ip地址 www.word.com")DNS.2 = *.steamcommunity.com[ v3_ca ]# Extensions for a typical CA (`man x509v3_config`).subjectKeyIdentifier = hashauthorityKeyIdentifier = keyid:always,issuerbasicConstraints = critical, CA:truekeyUsage = critical, digitalSignature, cRLSign, keyCertSign[ v3_intermediate_ca ]# Extensions for a typical intermediate CA (`man x509v3_config`).subjectKeyIdentifier = hashauthorityKeyIdentifier = keyid:always,issuerbasicConstraints = critical, CA:true, pathlen:0keyUsage = critical, digitalSignature, cRLSign, keyCertSign[ usr_cert ]# Extensions for client certificates (`man x509v3_config`).basicConstraints = CA:FALSEnsCertType = client, emailnsComment = "OpenSSL Generated Client Certificate"subjectKeyIdentifier = hashauthorityKeyIdentifier = keyid,issuerkeyUsage = critical, nonRepudiation, digitalSignature, keyEnciphermentextendedKeyUsage = clientAuth, emailProtection[ server_cert ]# Extensions for server certificates (`man x509v3_config`).basicConstraints = CA:FALSEnsCertType = servernsComment = "OpenSSL Generated Server Certificate"subjectKeyIdentifier = hashauthorityKeyIdentifier = keyid,issuer:alwayskeyUsage = critical, digitalSignature, keyEnciphermentextendedKeyUsage = serverAuthsubjectAltName = @alt_names[ crl_ext ]# Extension for CRLs (`man x509v3_config`).authorityKeyIdentifier=keyid:always[ ocsp ]# Extension for OCSP signing certificates (`man ocsp`).basicConstraints = CA:FALSEsubjectKeyIdentifier = hashauthorityKeyIdentifier = keyid,issuerkeyUsage = critical, digitalSignatureextendedKeyUsage = critical, OCSPSigning