avatar
童琦杰
Nov 12, 2024Technology

代理服务

创建证书

生成证书文件certificate.crt

bash
openssl req -x509 -newkey rsa:2048 -keyout [certificate.key] -out [certificate.crt] -days 365 -nodes -subj "/CN=*.example.com" -addext "subjectAltName=DNS:*.example.com"

sans.cnf
[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
x509_extensions    = v3_ca
prompt             = no

[ req_distinguished_name ]
C            = US
ST           = California
L            = San Francisco
O            = Example Company
OU           = IT Department
CN           = *.example.com  # Primary common name (CN)

[ req_ext ]
subjectAltName = @alt_names

[ v3_ca ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = *.example.com          # First alternative name
DNS.2 = *.example2.com         # Second alternative name
bash
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout [certificate.key] -out [certificate.crt] -config [sans.cnf]

生成pfx文件certificate.pfx

bash
openssl pkcs12 -export -out [certificate.pfx] -inkey [certificate.key] -in [certificate.crt]

可以将生成的pfx文件导入代理服务

JAVA应用配置代理

增加以下VM参数

bash
-Dhttp.proxyHost=localhost -Dhttp.proxyPort=13000 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=13000

添加证书信任

bash
keytool -importcert -keystore $JAVA_HOME/lib/security/cacerts -file [certificate.crt] -alias [alias] -storepass changeit

iOS设置代理

使用mkcert创建Root certificate authority证书,导入iOS

1.安装mkcert

bash
brew install mkcert

2.创建证书,当前目录下会生成对应的证书文件_wildcard.example.org+1.pem及私钥文件_wildcard.example.org+1-key.pem

bash
mkcert "*.example.org" "example.com"

第一次运行会在"$(mkcert -CAROOT)"目录下创建rootCA.pem, rootCA-key.pem

3.将rootCA证书rootCA.pem文件发到iOS设备,安装证书,同时在Settings > General > About > Certificate Trust Settings里信任该rootCA,如果已安装过则跳过此步骤

4.将_wildcard.example.org+1.pem发送到iOS设备,安装证书

5.使用_wildcard.example.org+1.pem_wildcard.example.org+1-key.pem生成PKCS#12文件_wildcard.example.org+1.pfx

bash
openssl pkcs12 -export -out _wildcard.example.org+1.pfx -inkey _wildcard.example.org+1-key.pem -in _wildcard.example.org+1.pem
© 2015-2022 tongqijie.com 版权所有沪ICP备17000682号