Afnetworking+nginx+https Server Communication

Abstract 1. Describes the iOS platform for Secure communication with the afnetworking and HTTPS backend interface. 2. Introduce the background self-signed certificate making steps. 3. And the Linux platform Nginx configuration HTTPS protocol interface of the Web site.

IOS afnetworking HTTPS Openssl Nginx

The problem with HTTPS secure communication for afnetworking is that many people who have not had their first experience and have even had one experience will be somewhat uncertain. It's actually very simple:

• A. For the background server configured dynamic certificate if it is issued by the CA agency certification, then the user with afnetworking to access the background interface completely no sense, and HTTP the same way.
• B. But an HTTPS certificate if it is a well-known CA agency certification issued, then there will be a problem, afnetworking default and such background server communication, because the verification pass, and we open 12306 Web site to rob the ticket, the certificate is not issued by the CA, but the Ministry of Railways itself signed a certificate Book. Therefore, for small and medium-sized start-ups or growth companies, the purchase of an HTTPS certificate will also cost a lot. So everyone in the background communication when the general self-signed a certificate to implement the HTTPS interface. A certificate of your own signature can be generated using the following OpenSSL command:

365 -newkey rsa:1024  -out tv.diveinedu.com.crt -keyout tv.diveinedu.com.key

Where:-days 365 is the duration of the specified certificate, in days, from the time the command is run;-newkey rsa:1024 is the RSA asymmetric encryption algorithm that specifies the 1024-bit length of the newly generated certificate;-out Specifies the certificate file name of the output-keyout Specifies the output of the private key file name above this command will enter some setup information after it is run:

CountryName (2LetterCode[AU]: CNStateOrProvinceName (FullName[Some-state]: HunanLocalityName (egCity: ChangshaOrganizationName (egCompany[Internet widgits Pty LTD]: TV. diveinedu. comOrganizationalUnitName (egSection: Marketcommon name (e.g. server fqdn or < Span class= "Hljs-tag" >your name) :tv.diveinedu.comEmail Span class= "Hljs-tag" >address :d iveinedu @qq.com             

If you are interested in building a Linux background HTTPS service, you need to upload the certificate and private key to the server or directly to the server, the certificate is configured to the background server, Nginx as an example for the following settings:

• 1. First add an Nginx virtual host configuration file,

sudo touch /etc/nginx/sites-available/tv.diveinedu.com

• 2. Then make this configuration file effective:

sudo ln -sf /etc/nginx/sites-available/tv.diveinedu.com /etc/nginx/sites-enabled/tv.diveinedu.com

• 3. Edit the file:

sudo vim /etc/nginx/sites-enabled/tv.diveinedu.com

• 4. Type I into VIM edit mode, enter this configuration:

server {Listen80;#HTTP默认端口80server_name tv.diveinedu.com;#主机名, matches the host of the HTTP request header domainAccess_log/var/log/nginx/tv.diveinedu.com.log;#访问日志路径Return301https://$server _name$request _uri;#强制把所有http访问跳转到https}server {listen 443; #HTTPS默认端口443 ssl on; #打开SSL安全Socket ssl_certificate/etc/nginx/tv.diveinedu.com.crt; #证书文件路径 ssl_certificate_key/etc/nginx/tv.diveinedu.com.key; #私钥文件路径 server_name tv.diveinedu.com; #主机名, matches the host of the HTTP request header domain access_log/var/log/nginx/tv.diveinedu.com.log;location/{root/var/www/tv.diveinedu.com/; #网站文档根目录 index index.php index.html; #默认首页}}                

• 5. After hitting ESC, exit Vim's edit mode, then type X to enter in Vim to save the exit. Then execute the Nginx config file Syntax check command to check for errors in configuration:

nginx -t

If there is no error, the output is:

file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful

• 6. Then you just need to restart the Nginx server.

service nginx restart

Then go to your domain service provider backstage to resolve your domain name to the server to the IP address can be freely accessible, but the browser access will be automatically organized and display a warning, manually added to the trust.

If the company is rich to provide users with better service and experience, it is best to go to a well-known CA Certification Body to register for a valid certificate for the wonderful! Otherwise the browser (chome) will:

Afnetworking+nginx+https Server Communication