Adhoc Online installation Full environment configuration under iOS (personal company non-enterprise level)

Source: Internet
Author: User
Tags openssl version openssl x509 csr certificate ssl certificate

1, Environment

Client Development: MacOs 10.8.5

Server development: Centos6.3 64-bit

2, software preparation

Apache httpd 2.2.27

OpenSSL 0.9.8za

3, the client prepares

Apple's developer account is broadly divided into the following three categories: Personal, Corporate, business, this one we mainly say personal, the company's IPA online installation. Individual company-level adhoc There is a limitation that an IPA package that is published online can only be installed

Non-jailbroken devices and jailbreak devices that are added to the devices list of Apple accounts (devices that were added after the IPA was released), and the enterprise-level developer account does not have this limitation.

First of all, in Xcode we pack the IPA that needs to be uploaded, the general process is as follows:




This step requires that the server path of the following IPA be written in advance and stored in the corresponding plist.


The corresponding IPA and plist files should be generated after saving, and the client preparation will result in completion. So easy!

4, server ready

a) Installing OpenSSL

Unzip the OpenSSL package downloaded in step 2 and install

Tar zxvf openssl-0.9.8za.tar.gz
CD Openssl-0.9.8za
./config
Make
Make install
#tar ZXVF httpd-2.2.27.tar.gz
CD httpd-2.2.27
./configure--prefix=/usr/local/apache/httpd--enable-ssl=static--with-ssl=/usr/local/ssl
Make
Make install

Install the latest OpenSSL in the/usr/local/ssl, regardless of the OpenSSL version in the system, or remove any errors that may cause other applications.

b) Install Apache httpd

Modifying the/usr/local/apache/httpd/conf/httpd.conf

#Include conf/extra/httpd-ssl.conf get rid of the front #

Execute under/USR/LOCAL/APACHE/HTTPD./bin/apachectl start attempts to start Apache because SSL is turned on so the boot will fail prompt to configure the certificate outside.

c) Generate certificate

Create a new SSL directory in/usr/local/apache/httpd/to save the newly created certificate file. Then CD SSL

(1) Using OpenSSL to select RSA asymmetric algorithm and DES3 symmetric encryption algorithm to make CA certificate:

<span style= "FONT-FAMILY:SIMSUN;FONT-SIZE:14PX;" >openssl genrsa-des3-out My-ca.key 2048</span>
The above will generate a key length 2048-bit key, saved in the My-ca.key file, this file will require you to enter a password, this password is used after the use of this file.

(2) Then sign the certificate using the X509 standard

<span style= "FONT-FAMILY:SIMSUN;FONT-SIZE:14PX;" >openssl req-new-x509-days 3650-key my-ca.key-out my-ca.crt</span>
The above step generates a CA certificate file that is valid for 10 years MY-CA.CRT, this process will let you fill in some basic information, such as National City, company name, website name and so on, because it is self-signed, just fill in the line.

(3) Now that you have the CA certificate, you can use it to issue an SSL certificate for our website. As with the production CA certificate, we need to generate a key pair for the server first

OpenSSL genrsa-des3-out Mars-server.key 2048

(4) After generating the key Mars-server.key, generate the CSR certificate file according to it

OpenSSL Req-new-key mars-server.key-out MARS-SERVER.CSR

When executing the above command, you also need to enter some basic information, it is important to note that the value of common name to be consistent with your domain name, or the subsequent client browser to verify that the domain name is not correct will not pass. Here I am the LAN on the LAN-filled IP, if 10.21.122.22, so if your LAN host's IP has changed, you need to reissue the certificate. It is recommended that you set your host to a fixed IP directly on routing or switching.

(5) A CA certificate is used to sign the server certificate.

<span style= "FONT-FAMILY:SIMSUN;FONT-SIZE:14PX;" >openssl x509-req-in mars-server.csr-out mars-server.crt-sha1-ca my-ca.crt-cakey my-ca.key-cacreateserial-days 3650</span>

Here, the certificates we need are fully made. The next thing you need to do is deploy to Apache.

(6) The process of generating mars-server.key, may set a password for this file, if the direct deployment, then the next time you start Apache to enter this password, but generally we all boot automatically start Apache, manual start More trouble ah, you can convert this file, save the input password step:

<span style= "FONT-FAMILY:SIMSUN;FONT-SIZE:14PX;" >cd/etc/apache2/sslopenssl rsa-in mars-server.key-out mars-server.key.insecure</span>

d) Configuring Certificates in Apache
Create a directory to put the certificate file, such as placed under/etc/apache2/ssl, including 3 files, respectively: My-ca.crt mars-server.crt Mars-server.key.

Modify the/usr/local/apache/httpd/conf/extra/httpd-ssl.conf as follows:

Httpssslengine on
Sslcertificatefile /usr/local/apache/httpd/ssl/mars-server.crt
Sslcertificatekeyfile /usr/local/apache/httpd/sslmars-server.key.insecure
Sslcacertificatefile /usr/local/apache/httpd/ssl/my-ca.crt

Switch to the/USR/LOCAL/APACHE/HTTPD directory to start the server:

./bin/apache/apachectl Start

In the browser to try https://localhost/is not able to access the ~ ~

e) Configure HTTPS download related

After the environment configuration is simple, just want to download the resources to the specified directory, and modify the root directory of HTTPS index.html add two download links, simple index.html as follows, you can freely play:

<! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd ">

move the MY-CA.CRT in the index.html, IPA, plist, and SSL folders created in the above steps to the /usr/local/apache/httpd/htdocs directory, and it will be OK Online installation.

Attention:

1, the first time to visit the site for online installation of the device needs to install the SSL certificate, that is, the above-created MY-CA.CRT can be installed in the IPA, after further study can omit this step.

2, in order to be compatible with ios7.1 above index.html, use HTTPS in items-services://

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.