-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathUsing-step-ca.html
More file actions
107 lines (96 loc) · 31.6 KB
/
Using-step-ca.html
File metadata and controls
107 lines (96 loc) · 31.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<!doctype html>
<html lang="zh"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"><meta><title>灵车!开创! Step-CA 日常使用教程 - ThinkAlone</title><link rel="manifest" href="/manifest.json"><meta name="theme-color" content="#4f7489"><meta name="application-name" content="ThinkAlone"><meta name="msapplication-TileImage" content="/favicon.png"><meta name="msapplication-TileColor" content="#4f7489"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-title" content="ThinkAlone"><meta name="apple-mobile-web-app-status-bar-style" content="default"><meta name="description" content="前几天总算抽空把咕了快一年的自建灵车CA的教程写完了:使用 Pico HSM 和 step-ca 自建一个CA建完以后总是要拿来用一用玩一玩的,那么这一篇幅就写一些 Step-CA 的使用教程吧,顺便也给自己留个参考。"><meta property="og:type" content="blog"><meta property="og:title" content="灵车!开创! Step-CA 日常使用教程"><meta property="og:url" content="https://thinkalone.win/Using-step-ca.html"><meta property="og:site_name" content="ThinkAlone"><meta property="og:description" content="前几天总算抽空把咕了快一年的自建灵车CA的教程写完了:使用 Pico HSM 和 step-ca 自建一个CA建完以后总是要拿来用一用玩一玩的,那么这一篇幅就写一些 Step-CA 的使用教程吧,顺便也给自己留个参考。"><meta property="og:locale" content="zh_CN"><meta property="og:image" content="https://thinkalone.win/img/og_image.png"><meta property="article:published_time" content="2026-01-09T04:00:00.000Z"><meta property="article:modified_time" content="2026-01-09T04:00:00.000Z"><meta property="article:author" content="Disappear9"><meta property="article:tag" content="教程"><meta property="article:tag" content="折腾那些事"><meta property="twitter:card" content="summary"><meta property="twitter:image:src" content="https://thinkalone.win/img/og_image.png"><script type="application/ld+json">{"@context":"https://schema.org","@type":"BlogPosting","mainEntityOfPage":{"@type":"WebPage","@id":"https://thinkalone.win/Using-step-ca.html"},"headline":"灵车!开创! Step-CA 日常使用教程","image":["https://thinkalone.win/img/og_image.png"],"datePublished":"2026-01-09T04:00:00.000Z","dateModified":"2026-01-09T04:00:00.000Z","author":{"@type":"Person","name":"Disappear9"},"publisher":{"@type":"Organization","name":"ThinkAlone","logo":{"@type":"ImageObject","url":"https://thinkalone.win/logo.png"}},"description":"前几天总算抽空把咕了快一年的自建灵车CA的教程写完了:使用 Pico HSM 和 step-ca 自建一个CA建完以后总是要拿来用一用玩一玩的,那么这一篇幅就写一些 Step-CA 的使用教程吧,顺便也给自己留个参考。"}</script><link rel="canonical" href="https://thinkalone.win/Using-step-ca.html"><link rel="alternate" href="/atom.xml" title="ThinkAlone" type="application/atom+xml"><link rel="icon" href="/favicon.png"><link rel="stylesheet" href="https://use.fontawesome.com/releases/v6.0.0/css/all.css"><link data-pjax rel="stylesheet" href="https://cdn.jsdelivr.net/npm/highlight.js@11.7.0/styles/monokai.css"><link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Ubuntu:wght@400;600&family=Source+Code+Pro"><link data-pjax rel="stylesheet" href="/css/default.css"><style>body>.footer,body>.navbar,body>.section{opacity:0}</style><!--!--><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/cookieconsent@3.1.1/build/cookieconsent.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/lightgallery@1.10.0/dist/css/lightgallery.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/justifiedGallery@3.8.1/dist/css/justifiedGallery.min.css"><script src="https://www.googletagmanager.com/gtag/js?id=UA-114968614-1" async></script><script>window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-114968614-1');</script><!--!--><style>.pace{-webkit-pointer-events:none;pointer-events:none;-webkit-user-select:none;-moz-user-select:none;user-select:none}.pace-inactive{display:none}.pace .pace-progress{background:#3273dc;position:fixed;z-index:2000;top:0;right:100%;width:100%;height:2px}</style><script src="https://cdn.jsdelivr.net/npm/pace-js@1.2.4/pace.min.js"></script><!-- hexo injector head_end start --><script>
(function () {
function switchTab() {
if (!location.hash) {
return;
}
const id = '#' + CSS.escape(location.hash.substring(1));
const $tabMenu = document.querySelector(`.tabs a[href="${id}"]`);
if (!$tabMenu) {
return;
}
const $tabMenuContainer = $tabMenu.parentElement.parentElement;
Array.from($tabMenuContainer.children).forEach($menu => $menu.classList.remove('is-active'));
Array.from($tabMenuContainer.querySelectorAll('a'))
.map($menu => document.getElementById($menu.getAttribute("href").substring(1)))
.forEach($content => $content.classList.add('is-hidden'));
if ($tabMenu) {
$tabMenu.parentElement.classList.add('is-active');
}
const $activeTab = document.querySelector(id);
if ($activeTab) {
$activeTab.classList.remove('is-hidden');
}
}
switchTab();
window.addEventListener('hashchange', switchTab, false);
})();
</script><!-- hexo injector head_end end --><meta name="generator" content="Hexo 8.1.1"></head><body class="is-2-column"><nav class="navbar navbar-main"><div class="container navbar-container"><div class="navbar-brand justify-content-center"><a class="navbar-item navbar-logo" href="/"><img src="/logo.png" alt="ThinkAlone" height="28"></a></div><div class="navbar-menu"><div class="navbar-start"><a class="navbar-item" href="/">主页</a><a class="navbar-item" href="/archives">归档</a><a class="navbar-item" href="/categories">分类</a><a class="navbar-item" href="/tags">Tags</a><a class="navbar-item" href="/about">关于</a></div><div class="navbar-end"><a class="navbar-item" target="_blank" rel="noopener" title="博客源码" href="https://github.com/Disappear9/disappear9.github.io"><i class="fab fa-github"></i></a><a class="navbar-item is-hidden-tablet catalogue" title="目录" href="javascript:;"><i class="fas fa-list-ul"></i></a><a class="navbar-item search" title="搜索" href="javascript:;"><i class="fas fa-search"></i></a></div></div></div></nav><section class="section"><div class="container"><div class="columns"><div class="column order-2 column-main is-8-tablet is-8-desktop is-8-widescreen"><div class="card"><article class="card-content article" role="article"><div class="article-meta is-size-7 is-uppercase level is-mobile"><div class="level-left"><span class="level-item"><time dateTime="2026-01-09T04:00:00.000Z" title="1/9/2026, 4:00:00 AM">2026-01-09</time>发表</span><span class="level-item"><a class="link-muted" href="/categories/%E6%95%99%E7%A8%8B/">教程</a></span><span class="level-item">4 分钟读完 (大约587个字)</span></div></div><h1 class="title is-3 is-size-4-mobile">灵车!开创! Step-CA 日常使用教程</h1><div class="content"><p>前几天总算抽空把咕了快一年的自建灵车CA的教程写完了:<a href="https://thinkalone.win/build-ca-with-picohsm.html">使用 Pico HSM 和 step-ca 自建一个CA</a><br>建完以后总是要拿来用一用玩一玩的,那么这一篇幅就写一些 Step-CA 的使用教程吧,顺便也给自己留个参考。 </p>
<hr>
<span id="more"></span>
<h3 id="ACME"><a href="#ACME" class="headerlink" title="ACME"></a>ACME</h3><h4 id="修改默认配置"><a href="#修改默认配置" class="headerlink" title="修改默认配置"></a>修改默认配置</h4><p>为了安全 Step-CA 默认签出的证书只有24小时的有效期,这对于我们来说是完全没有必要的,先来把它修改到7天 </p>
<p>编辑<code>step-ca/config/ca.json</code> </p>
<figure class="highlight json"><figcaption><span>ca.json</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"type"</span><span class="punctuation">:</span> <span class="string">"ACME"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"name"</span><span class="punctuation">:</span> <span class="string">"acme"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"claims"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"maxTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"336h"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"minTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"24h"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"defaultTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"168h"</span></span><br><span class="line"> <span class="punctuation">}</span></span><br><span class="line"><span class="punctuation">}</span></span><br></pre></td></tr></table></figure>
<p>开启CRL功能 </p>
<p>编辑 <code>step-ca/config/ca.json</code> </p>
<figure class="highlight json"><figcaption><span>ca.json</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">"insecureAddress"</span><span class="punctuation">:</span> <span class="string">":9001"</span><span class="punctuation">,</span></span><br><span class="line"><span class="attr">"crl"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"enabled"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">true</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"idpURL"</span><span class="punctuation">:</span> <span class="string">"http://ca.lab.d9lab.eu.org/1.0/crl"</span></span><br><span class="line"><span class="punctuation">}</span><span class="punctuation">,</span></span><br></pre></td></tr></table></figure>
<p>创建模板 <code>/etc/step-ca/templates/x509/leaf.tpl</code> </p>
<figure class="highlight json"><figcaption><span>leaf.tpl</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"subject"</span><span class="punctuation">:</span> <span class="punctuation">{</span> <span class="punctuation">{</span> toJson .Subject <span class="punctuation">}</span> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"sans"</span><span class="punctuation">:</span> <span class="punctuation">{</span> <span class="punctuation">{</span> toJson .SANs <span class="punctuation">}</span> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="punctuation">{</span> <span class="punctuation">{</span>- if typeIs <span class="string">"*rsa.PublicKey"</span> .Insecure.CR.PublicKey <span class="punctuation">}</span> <span class="punctuation">}</span></span><br><span class="line"> <span class="attr">"keyUsage"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"keyEncipherment"</span><span class="punctuation">,</span> <span class="string">"digitalSignature"</span><span class="punctuation">]</span><span class="punctuation">,</span></span><br><span class="line"> <span class="punctuation">{</span> <span class="punctuation">{</span>- else <span class="punctuation">}</span> <span class="punctuation">}</span></span><br><span class="line"> <span class="attr">"keyUsage"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"digitalSignature"</span><span class="punctuation">]</span><span class="punctuation">,</span></span><br><span class="line"> <span class="punctuation">{</span> <span class="punctuation">{</span>- end <span class="punctuation">}</span> <span class="punctuation">}</span></span><br><span class="line"> <span class="attr">"extKeyUsage"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"serverAuth"</span><span class="punctuation">,</span> <span class="string">"clientAuth"</span><span class="punctuation">]</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"crlDistributionPoints"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"http://ca.lab.d9lab.eu.org/1.0/crl"</span><span class="punctuation">]</span></span><br><span class="line"><span class="punctuation">}</span></span><br></pre></td></tr></table></figure>
<p>编辑 <code>step-ca/config/ca.json</code><br>设置acme和JWK provisioner使用模板 </p>
<figure class="highlight json"><figcaption><span>ca.json</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br></pre></td><td class="code"><pre><span class="line">......</span><br><span class="line"> <span class="attr">"claims"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"maxTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"336h"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"minTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"24h"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"defaultTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"168h"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"x509"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"templateFile"</span><span class="punctuation">:</span> <span class="string">"/etc/step-ca/templates/x509/leaf.tpl"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"ssh"</span><span class="punctuation">:</span> <span class="punctuation">{</span><span class="punctuation">}</span></span><br><span class="line"> <span class="punctuation">}</span></span><br><span class="line">......</span><br><span class="line"> <span class="attr">"claims"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"enableSSHCA"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">true</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"disableRenewal"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">false</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"allowRenewalAfterExpiry"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">false</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"disableSmallstepExtensions"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">false</span></span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"x509"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"templateFile"</span><span class="punctuation">:</span> <span class="string">"/etc/step-ca/templates/x509/leaf.tpl"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"ssh"</span><span class="punctuation">:</span> <span class="punctuation">{</span><span class="punctuation">}</span></span><br><span class="line"> <span class="punctuation">}</span></span><br><span class="line"></span><br></pre></td></tr></table></figure>
<h4 id="给设备发SSL证书"><a href="#给设备发SSL证书" class="headerlink" title="给设备发SSL证书"></a>给设备发SSL证书</h4><p>其他ACME客户端可以参考:<a target="_blank" rel="noopener" href="https://smallstep.com/docs/tutorials/acme-protocol-acme-clients/#popular-acme-clients">Popular ACME Clients</a><br>这里我们使用<a target="_blank" rel="noopener" href="https://github.com/acmesh-official/acme.sh">acme.sh</a>,主打一个小而美。 </p>
<p>假设我要给我内网的旁路由(OpenWRT)签一个证书 </p>
<p>由于我们的自建CA不在系统的信任根证书列表里,所以如果直接运行acme.sh,curl会报错,我们需要把root_ca.crt复制一份到设备上。 </p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 将root_ca.crt复制到/root/certs/root_ca.crt</span></span><br><span class="line"><span class="comment"># 安装acme.sh</span></span><br><span class="line">$ curl https://get.acme.sh | sh -s email=my@example.com</span><br><span class="line"></span><br><span class="line">$ ~/.acme.sh/acme.sh --issue -d router2.d9lab.eu.org \</span><br><span class="line">--server https://ca.lab.thinkalone.win:4443/acme/acme/directory \</span><br><span class="line">--ca-bundle /root/certs/root_ca.crt \</span><br><span class="line">--webroot /www --days 6 --reloadcmd <span class="string">"service uhttpd reload"</span></span><br></pre></td></tr></table></figure>
<p>然后编辑<code>/etc/config/uhttpd</code></p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">...</span><br><span class="line"><span class="comment">#让uhttpd监听443端口</span></span><br><span class="line"> list listen_https <span class="string">'0.0.0.0:443'</span></span><br><span class="line"> list listen_https <span class="string">'[::]:443'</span></span><br><span class="line">...</span><br><span class="line"><span class="comment">#将cert和key的路径改到上面acme.sh脚本输出的</span></span><br><span class="line"> option cert <span class="string">'/root/.acme.sh/router2.d9lab.eu.org_ecc/router2.d9lab.eu.org.cer'</span></span><br><span class="line"> option key <span class="string">'/root/.acme.sh/router2.d9lab.eu.org_ecc/router2.d9lab.eu.org.key'</span></span><br><span class="line">...</span><br></pre></td></tr></table></figure>
<p>(完)</p>
</div><div class="article-licensing box"><div class="licensing-title"><p>灵车!开创! Step-CA 日常使用教程</p><p><a href="https://thinkalone.win/Using-step-ca.html">https://thinkalone.win/Using-step-ca.html</a></p></div><div class="licensing-meta level is-mobile"><div class="level-left"><div class="level-item is-narrow"><div><h6>作者</h6><p>Disappear9</p></div></div><div class="level-item is-narrow"><div><h6>发布于</h6><p>2026-01-09</p></div></div><div class="level-item is-narrow"><div><h6>更新于</h6><p>2026-01-09</p></div></div><div class="level-item is-narrow"><div><h6>许可协议</h6><p><a class="icons" rel="noopener" target="_blank" title="Creative Commons" href="https://creativecommons.org/"><i class="icon fab fa-creative-commons"></i></a><a class="icons" rel="noopener" target="_blank" title="Attribution" href="https://creativecommons.org/licenses/by/4.0/"><i class="icon fab fa-creative-commons-by"></i></a><a class="icons" rel="noopener" target="_blank" title="Noncommercial" href="https://creativecommons.org/licenses/by-nc/4.0/"><i class="icon fab fa-creative-commons-nc"></i></a></p></div></div></div></div></div><div class="article-tags is-size-7 mb-4"><span class="mr-2">#</span><a class="link-muted mr-2" rel="tag" href="/tags/%E6%95%99%E7%A8%8B/">教程</a><a class="link-muted mr-2" rel="tag" href="/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/">折腾那些事</a></div><!--!--></article></div><!--!--><nav class="post-navigation mt-4 level is-mobile"><div class="level-start"><a class="article-nav-prev level level-item link-muted" href="/Play-with-JavaCard.html"><i class="level-item fas fa-chevron-left"></i><span class="level-item">JavaCard 上手</span></a></div><div class="level-end"><a class="article-nav-next level level-item link-muted" href="/build-ca-with-picohsm.html"><span class="level-item">灵上加灵:使用 Pico HSM 和 step-ca 自建一个CA</span><i class="level-item fas fa-chevron-right"></i></a></div></nav><div class="card" id="comments"><div class="card-content"><h3 class="title is-5">评论</h3><script src="https://giscus.app/client.js" repo="Disappear9/disappear9.github.io" data-repo="Disappear9/disappear9.github.io" data-repo-id="MDEwOlJlcG9zaXRvcnkxMTM0MTc3NTc=" data-category-id="DIC_kwDOBsKeHc4CwEsU" data-category="General" data-mapping="url" data-strict="0" data-reactions-enabled="1" data-emit-metadata="0" data-input-position="top" data-theme="preferred_color_scheme" data-lang="zh-CN" data-loading="lazy" crossorigin="anonymous" async></script></div></div></div><div class="column column-left is-4-tablet is-4-desktop is-4-widescreen order-1 is-sticky"><div class="card widget" data-type="profile"><div class="card-content"><nav class="level"><div class="level-item has-text-centered flex-shrink-1"><div><figure class="image is-128x128 mx-auto mb-2"><img class="avatar is-rounded" src="/avatar.png" alt="Disappear9"></figure><p class="title is-size-4 is-block" style="line-height:inherit;">Disappear9</p><p class="is-size-6 is-block">Disappear9@D9Lab</p><p class="is-size-6 is-flex justify-content-center"><i class="fas fa-map-marker-alt mr-1"></i><span>China</span></p></div></div></nav><nav class="level is-mobile"><div class="level-item has-text-centered is-marginless"><div><p class="heading">文章</p><a href="/archives/"><p class="title">33</p></a></div></div><div class="level-item has-text-centered is-marginless"><div><p class="heading">分类</p><a href="/categories/"><p class="title">6</p></a></div></div><div class="level-item has-text-centered is-marginless"><div><p class="heading">标签</p><a href="/tags/"><p class="title">8</p></a></div></div></nav><div class="level is-mobile is-multiline"><a class="level-item button is-transparent is-marginless" target="_blank" rel="me noopener" title="Github" href="https://github.com/Disappear9"><i class="fab fa-github"></i></a><a class="level-item button is-transparent is-marginless" target="_blank" rel="me noopener" title="Twitter" href="https://twitter.com/Disappear9_"><i class="fab fa-twitter"></i></a><a class="level-item button is-transparent is-marginless" target="_blank" rel="me noopener" title="RSS" href="/atom.xml"><i class="fas fa-rss"></i></a></div></div></div><div class="card widget" id="toc" data-type="toc"><div class="card-content"><div class="menu"><h3 class="menu-label">目录</h3><ul class="menu-list"><li><a class="level is-mobile" href="#ACME"><span class="level-left"><span class="level-item">1</span><span class="level-item">ACME</span></span></a><ul class="menu-list"><li><a class="level is-mobile" href="#修改默认配置"><span class="level-left"><span class="level-item">1.1</span><span class="level-item">修改默认配置</span></span></a></li><li><a class="level is-mobile" href="#给设备发SSL证书"><span class="level-left"><span class="level-item">1.2</span><span class="level-item">给设备发SSL证书</span></span></a></li></ul></li></ul></div></div><style>#toc .menu-list > li > a.is-active + .menu-list { display: block; }#toc .menu-list > li > a + .menu-list { display: none; }</style><script src="/js/toc.js" defer></script></div></div><!--!--></div></div></section><footer class="footer"><div class="container"><div class="level"><div class="level-start"><a class="footer-logo is-block mb-2" href="/"><img src="/logo.png" alt="ThinkAlone" height="28"></a><p class="is-size-7"><span>© 2026 Disappear9</span> Powered by <a href="https://hexo.io/" target="_blank" rel="noopener">Hexo</a> & <a href="https://github.com/ppoffice/hexo-theme-icarus" target="_blank" rel="noopener">Icarus</a></p></div><div class="level-end"><div class="field has-addons"><p class="control"><a class="button is-transparent is-large" target="_blank" rel="noopener" title="Creative Commons" href="https://creativecommons.org/"><i class="fab fa-creative-commons"></i></a></p><p class="control"><a class="button is-transparent is-large" target="_blank" rel="noopener" title="Attribution 4.0 International" href="https://creativecommons.org/licenses/by/4.0/"><i class="fab fa-creative-commons-by"></i></a></p></div></div></div></div></footer><script src="https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/npm/moment@2.22.2/min/moment-with-locales.min.js"></script><script src="https://cdn.jsdelivr.net/npm/clipboard@2.0.4/dist/clipboard.min.js" defer></script><script>moment.locale("zh-cn");</script><script>var IcarusThemeSettings = {
article: {
highlight: {
clipboard: true,
fold: 'unfolded'
}
}
};</script><script data-pjax src="/js/column.js"></script><script src="/js/animation.js"></script><a id="back-to-top" title="回到顶端" href="javascript:;"><i class="fas fa-chevron-up"></i></a><script data-pjax src="/js/back_to_top.js" defer></script><script src="https://cdn.jsdelivr.net/npm/cookieconsent@3.1.1/build/cookieconsent.min.js" defer></script><script>window.addEventListener("load", () => {
window.cookieconsent.initialise({
type: "info",
theme: "edgeless",
static: false,
position: "bottom-left",
content: {
message: "此网站使用Cookie来改善您的体验。",
dismiss: "知道了!",
allow: "允许使用Cookie",
deny: "拒绝",
link: "了解更多",
policy: "Cookie政策",
href: "https://www.cookiesandyou.com/",
},
palette: {
popup: {
background: "#edeff5",
text: "#838391"
},
button: {
background: "#4b81e8"
},
},
});
});</script><script src="https://cdn.jsdelivr.net/npm/lightgallery@1.10.0/dist/js/lightgallery.min.js" defer></script><script src="https://cdn.jsdelivr.net/npm/justifiedGallery@3.8.1/dist/js/jquery.justifiedGallery.min.js" defer></script><script>window.addEventListener("load", () => {
if (typeof $.fn.lightGallery === 'function') {
$('.article').lightGallery({ selector: '.gallery-item' });
}
if (typeof $.fn.justifiedGallery === 'function') {
if ($('.justified-gallery > p > .gallery-item').length) {
$('.justified-gallery > p > .gallery-item').unwrap();
}
$('.justified-gallery').justifiedGallery();
}
});</script><!--!--><script src="https://cdn.jsdelivr.net/npm/pjax@0.2.8/pjax.min.js"></script><script src="/js/pjax.js"></script><!--!--><script data-pjax src="/js/main.js" defer></script><div class="searchbox"><div class="searchbox-container"><div class="searchbox-header"><div class="searchbox-input-container"><input class="searchbox-input" type="text" placeholder="想要查找什么..."></div><a class="searchbox-close" href="javascript:;">×</a></div><div class="searchbox-body"></div></div></div><script data-pjax src="/js/insight.js" defer></script><script data-pjax>document.addEventListener('DOMContentLoaded', function () {
loadInsight({"contentUrl":"/content.json"}, {"hint":"想要查找什么...","untitled":"(无标题)","posts":"文章","pages":"页面","categories":"分类","tags":"标签"});
});</script></body></html>