Apache on Mac turns on HTTPS and installs the app locally

Source: Internet
Author: User
Tags openssl rsa fully qualified domain name

Apache on Mac turns on HTTPS and installs the app locally


Recently the app has entered the closing stage, and the package is more frequent. Many phones are not in the test certificate, so the Enterprise certificate package is used.

Each upload to the external server is very slow, it takes about 15 minutes. Think of your own local Mac to do a server download a bit faster.

So learn the next Apache to open the content of HTTPS, this article records their own learning process.


1-Create your own signature certificate first

In the previous Apache related, already on the Mac opened Apache, in order to install the certificate in the back of the phone convenient, I was in the/library/webserver/documents/directory in which the signing certificate is made.


A-Generate private key, command:sudo openssl genrsa-des3-out app.key 1024x768

B-Generate sign application, order:sudo openssl req-new-key app.key-out APP.CSR

C-Build server private key, command:sudo openssl rsa-in app.key-out server.key

D Generate a certificate to the Web server sign, command:sudo openssl req-new-x509-days 3650-key server.key-out server.crt

(This step is similar to a, it should be noted that common name must be filled in)


Here's my own command log that I handled on Mac 10.10:

zhuruhongdemacbook-pro:~ zhuruhong$ cd/library/webserver/documents/

Zhuruhongdemacbook-pro:documents zhuruhong$ ls

Poweredbymacosx.gif index.html.en PHP

Poweredbymacosxlarge.gif iOS

Zhuruhongdemacbook-pro:documents zhuruhong$ CD ios/

Zhuruhongdemacbook-pro:ios zhuruhong$ ls

Kdaijiadriver_1.0.0_9291.ipa APP.CSR ipa.html Server.key

Kdaijiadriver_enter.plist App.key SERVER.CRT

Zhuruhongdemacbook-pro:ios zhuruhong$

Zhuruhongdemacbook-pro:ios zhuruhong$ sudo openssl genrsa-des3-out app.key 1024x768

Generating RSA private key, 1024x768 bit long modulus

.....++++++

.........++++++

E is 65537 (0x10001)

Enter pass phrase for App.key:[here is the password]

Verifying-enter Pass phrase for App.key:[re-enter password confirmation here]

Zhuruhongdemacbook-pro:ios zhuruhong$

Zhuruhongdemacbook-pro:ios zhuruhong$ sudo openssl req-new-key app.key-out APP.CSR

Enter Pass phrase for App.key:

You is about-to is asked to-enter information that'll be incorporated

into your certificate request.

What's about-to-enter is called a distinguished Name or a DN.

There is quite a few fields but can leave some blank

For some fields there would be a default value,

If you enter '. ', the field would be a left blank.

-----

Country Name (2 letter code) [AU]:CN[This is country, CN China]

State or province name (full name) [Some-state]:hangzhou[This is the province, the city]

Locality Name (eg, city) []:hangzhou[Here are the cities]

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz Ltd[This is the corporation]

Organizational Unit name (eg, section) []:rh[This is the organization name]

Common name (e.g. server FQDN or YOUR name) []:192.168.2.1[This must be filled in correctly, is the domain name of your server, or IP]

email Address []:[email protected][here is my email]


Please enter the following ' extra ' attributes

To is sent with your certificate request

A Challenge Password []:123456[here is the password]

An optional company name []:rh[here is the name]

Zhuruhongdemacbook-pro:ios zhuruhong$

Zhuruhongdemacbook-pro:ios zhuruhong$ sudo openssl rsa-in app.key-out server.key

Enter pass phrase for App.key:[Enter password here]

Writing RSA Key

Zhuruhongdemacbook-pro:ios zhuruhong$

Zhuruhongdemacbook-pro:ios zhuruhong$ sudo openssl req-new-x509-days 3650-key server.key-out server.crt

You is about-to is asked to-enter information that'll be incorporated

into your certificate request.

What's about-to-enter is called a distinguished Name or a DN.

There is quite a few fields but can leave some blank

For some fields there would be a default value,

If you enter '. ', the field would be a left blank.

-----

Country Name (2 letter code) [AU]:CN

State or province name (full name) [Some-state]:hangzhou

Locality Name (eg, city) []:hangzhou

Organization Name (eg, company) [Internet widgits Pty ltd]:hz Ltd

Organizational Unit Name (eg, section) []:rh

Common name (e.g. server FQDN or YOUR name) []:192.168.2.1

Email Address []:[email protected]

Zhuruhongdemacbook-pro:ios zhuruhong$

Zhuruhongdemacbook-pro:ios zhuruhong$ sudo cp server.*/etc/apache2/


Zhuruhongdemacbook-pro:ios zhuruhong$


Zhuruhongdemacbook-pro:apache2 zhuruhong$ sudo apachectl configtest

Syntax OK

Zhuruhongdemacbook-pro:apache2 zhuruhong$ sudo apachectl restart


Zhuruhongdemacbook-pro:apache2 zhuruhong$


2-Configure Apache to turn on SSL


Edit the/etc/apache2/httpd.conf file and remove the # number in front of the following three lines

(/etc/apache2/httpd.conf and/private/etc/apache2/httpd.conf are actually the same content)

LoadModule Ssl_module libexec/apache2/mod_ssl.so

Include /etc/apache2/extra/httpd-ssl.conf

Include/etc/apache2/extra/httpd-vhosts.conf


Edit the/etc/apache2/extra/httpd-ssl.conf file and remove the # number in front of the next two lines

Sslcertificatefile "/ETC/APACHE2/SSL/SERVER.CRT"

Sslcertificatekeyfile "/etc/apache2/ssl/server.key"


Edit the/etc/apache2/extra/httpd-vhosts.conf file and add a paragraph after the namevirtualhost*:80 as follows:

<virtualhost *:443>

Sslengine on

Sslciphersuite all:! Adh:! Export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp:+enull

Sslcertificatefile/etc/apache2/server.crt

Sslcertificatekeyfile/etc/apache2/server.key

ServerName 192.168.2.1

DocumentRoot "/library/webserver/documents"

</VirtualHost>


Among them, SERVER.CRT and Server.key are the signing certificates that were first produced.

My side is placed in the Apache installation directory (/etc/apache2/), the above different configuration of their own attention to the directory.


The configuration is complete here, run the sudo apachectl configtest command, and check the configuration.

You can restart Apache with no problem, and let the configuration take effect.


The problem encountered:

When you check the configuration with the sudo apachectl configtest command, the following prompt appears:

Could not reliably determine the server ' s fully qualified domain name

Because the servername in the httpd.conf file is not configured, it is in the default state.

You only need to enable the ServerName configuration directive in the Apache installation directory/etc/apache2/httpd.conf file.

Plus: ServerName localhost:80

Apache has a similar directive by default in configuration file httpd.conf, but before the instruction, add the # number, comment out the sentence, we just need to imitate the addition of a line, and then restart Apache.


3-Configure IPA download


Static HTML page with the following content:

ipa.html file:

Zhuruhongdemacbook-pro:ios zhuruhong$ Cat ipa.html

<meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>

<meta name= "viewport" content= "Width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, User-scalable=no ">

<ul>

<li>

<a href= "Itms-services://?action=download-manifest&url=https://192.168.2.1/ios/kdaijiadriver_enter.plist ">local-ios Driver 1.0 Experience Edition </a>

</li>

</ul>


plist file:

Zhuruhongdemacbook-pro:ios zhuruhong$ Cat Kdaijiadriver_enter.plist

<?xml version= "1.0" encoding= "UTF-8"?>

<! DOCTYPE plist Public "-//apple//dtd plist 1.0//en" "Http://www.apple.com/DTDs/PropertyList-1.0.dtd" >

<plist version= "1.0" >

<dict>

<key>items</key>

<array>

<dict>

<key>assets</key>

<array>

<dict>

<key>kind</key>

<string>software-package</string>

<key>url</key>

<string>https://192.168.2.1:443/ios/KDaijiaDriver_1.0.0_10020.ipa</string>

</dict>

</array>

<key>metadata</key>

<dict>

<key>bundle-identifier</key>

<string>com.kuaidi.liangjian</string>

<key>bundle-version</key>

<string>1.0</string>

<key>kind</key>

<string>software</string>

<key>title</key>

<string> Fast Driving Driver Side _ Experience version _10020</string>

</dict>

</dict>

</array>

</dict>

</plist>


The following are the relevant file information:

Zhuruhongdemacbook-pro:ios zhuruhong$ pwd

/library/webserver/documents/ios

Zhuruhongdemacbook-pro:ios zhuruhong$ LS-LRT

Total 38112

[Email protected] 1 Zhuruhong wheel 412 6 19:25 ipa.html

-rw-r--r--1 root wheel 963 6 15:49 App.key

-rw-r--r--1 root wheel 757 6 15:51 APP.CSR

-rw-r--r--1 root Wheel 887 6 15:51 Server.key

-rw-r--r--1 root wheel 1294 6 15:51 SERVER.CRT

-rw-r--r--1 Zhuruhong Wheel 19486293 6 17:33 Kdaijiadriver_1.0.0_10020.ipa

[Email protected] 1 Zhuruhong wheel 775 6 17:36 kdaijiadriver_enter.plist


Zhuruhongdemacbook-pro:ios zhuruhong$


Note: Before clicking on the download, you need to click Server.crt and trust to install on the phone.




Apache on Mac turns on HTTPS and installs the app locally

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.