Apache on Mac turns on HTTPS and installs the app locally
Recently the app has entered the closing stage, and the package is more frequent. Many phones are not in the test certificate, so the Enterprise certificate package is used.
Each upload to the external server is very slow, it takes about 15 minutes. Think of your own local Mac to do a server download a bit faster.
So learn the next Apache to open the content of HTTPS, this article records their own learning process.
1-Create your own signature certificate first
In the previous Apache related, already on the Mac opened Apache, in order to install the certificate in the back of the phone convenient, I was in the/library/webserver/documents/directory in which the signing certificate is made.
A-Generate private key, command:sudo openssl genrsa-des3-out app.key 1024x768
B-Generate sign application, order:sudo openssl req-new-key app.key-out APP.CSR
C-Build server private key, command:sudo openssl rsa-in app.key-out server.key
D Generate a certificate to the Web server sign, command:sudo openssl req-new-x509-days 3650-key server.key-out server.crt
(This step is similar to a, it should be noted that common name must be filled in)
Here's my own command log that I handled on Mac 10.10:
zhuruhongdemacbook-pro:~ zhuruhong$ cd/library/webserver/documents/
Zhuruhongdemacbook-pro:documents zhuruhong$ ls
Poweredbymacosx.gif index.html.en PHP
Poweredbymacosxlarge.gif iOS
Zhuruhongdemacbook-pro:documents zhuruhong$ CD ios/
Zhuruhongdemacbook-pro:ios zhuruhong$ ls
Kdaijiadriver_1.0.0_9291.ipa APP.CSR ipa.html Server.key
Kdaijiadriver_enter.plist App.key SERVER.CRT
Zhuruhongdemacbook-pro:ios zhuruhong$
Zhuruhongdemacbook-pro:ios zhuruhong$ sudo openssl genrsa-des3-out app.key 1024x768
Generating RSA private key, 1024x768 bit long modulus
.....++++++
.........++++++
E is 65537 (0x10001)
Enter pass phrase for App.key:[here is the password]
Verifying-enter Pass phrase for App.key:[re-enter password confirmation here]
Zhuruhongdemacbook-pro:ios zhuruhong$
Zhuruhongdemacbook-pro:ios zhuruhong$ sudo openssl req-new-key app.key-out APP.CSR
Enter Pass phrase for App.key:
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [AU]:CN[This is country, CN China]
State or province name (full name) [Some-state]:hangzhou[This is the province, the city]
Locality Name (eg, city) []:hangzhou[Here are the cities]
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz Ltd[This is the corporation]
Organizational Unit name (eg, section) []:rh[This is the organization name]
Common name (e.g. server FQDN or YOUR name) []:192.168.2.1[This must be filled in correctly, is the domain name of your server, or IP]
email Address []:[email protected][here is my email]
Please enter the following ' extra ' attributes
To is sent with your certificate request
A Challenge Password []:123456[here is the password]
An optional company name []:rh[here is the name]
Zhuruhongdemacbook-pro:ios zhuruhong$
Zhuruhongdemacbook-pro:ios zhuruhong$ sudo openssl rsa-in app.key-out server.key
Enter pass phrase for App.key:[Enter password here]
Writing RSA Key
Zhuruhongdemacbook-pro:ios zhuruhong$
Zhuruhongdemacbook-pro:ios zhuruhong$ sudo openssl req-new-x509-days 3650-key server.key-out server.crt
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [AU]:CN
State or province name (full name) [Some-state]:hangzhou
Locality Name (eg, city) []:hangzhou
Organization Name (eg, company) [Internet widgits Pty ltd]:hz Ltd
Organizational Unit Name (eg, section) []:rh
Common name (e.g. server FQDN or YOUR name) []:192.168.2.1
Email Address []:[email protected]
Zhuruhongdemacbook-pro:ios zhuruhong$
Zhuruhongdemacbook-pro:ios zhuruhong$ sudo cp server.*/etc/apache2/
Zhuruhongdemacbook-pro:ios zhuruhong$
Zhuruhongdemacbook-pro:apache2 zhuruhong$ sudo apachectl configtest
Syntax OK
Zhuruhongdemacbook-pro:apache2 zhuruhong$ sudo apachectl restart
Zhuruhongdemacbook-pro:apache2 zhuruhong$
2-Configure Apache to turn on SSL
Edit the/etc/apache2/httpd.conf file and remove the # number in front of the following three lines
(/etc/apache2/httpd.conf and/private/etc/apache2/httpd.conf are actually the same content)
LoadModule Ssl_module libexec/apache2/mod_ssl.so
Include /etc/apache2/extra/httpd-ssl.conf
Include/etc/apache2/extra/httpd-vhosts.conf
Edit the/etc/apache2/extra/httpd-ssl.conf file and remove the # number in front of the next two lines
Sslcertificatefile "/ETC/APACHE2/SSL/SERVER.CRT"
Sslcertificatekeyfile "/etc/apache2/ssl/server.key"
Edit the/etc/apache2/extra/httpd-vhosts.conf file and add a paragraph after the namevirtualhost*:80 as follows:
<virtualhost *:443>
Sslengine on
Sslciphersuite all:! Adh:! Export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp:+enull
Sslcertificatefile/etc/apache2/server.crt
Sslcertificatekeyfile/etc/apache2/server.key
ServerName 192.168.2.1
DocumentRoot "/library/webserver/documents"
</VirtualHost>
Among them, SERVER.CRT and Server.key are the signing certificates that were first produced.
My side is placed in the Apache installation directory (/etc/apache2/), the above different configuration of their own attention to the directory.
The configuration is complete here, run the sudo apachectl configtest command, and check the configuration.
You can restart Apache with no problem, and let the configuration take effect.
The problem encountered:
When you check the configuration with the sudo apachectl configtest command, the following prompt appears:
Could not reliably determine the server ' s fully qualified domain name
Because the servername in the httpd.conf file is not configured, it is in the default state.
You only need to enable the ServerName configuration directive in the Apache installation directory/etc/apache2/httpd.conf file.
Plus: ServerName localhost:80
Apache has a similar directive by default in configuration file httpd.conf, but before the instruction, add the # number, comment out the sentence, we just need to imitate the addition of a line, and then restart Apache.
3-Configure IPA download
Static HTML page with the following content:
ipa.html file:
Zhuruhongdemacbook-pro:ios zhuruhong$ Cat ipa.html
<meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>
<meta name= "viewport" content= "Width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, User-scalable=no ">
<ul>
<li>
<a href= "Itms-services://?action=download-manifest&url=https://192.168.2.1/ios/kdaijiadriver_enter.plist ">local-ios Driver 1.0 Experience Edition </a>
</li>
</ul>
plist file:
Zhuruhongdemacbook-pro:ios zhuruhong$ Cat Kdaijiadriver_enter.plist
<?xml version= "1.0" encoding= "UTF-8"?>
<! DOCTYPE plist Public "-//apple//dtd plist 1.0//en" "Http://www.apple.com/DTDs/PropertyList-1.0.dtd" >
<plist version= "1.0" >
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>https://192.168.2.1:443/ios/KDaijiaDriver_1.0.0_10020.ipa</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>com.kuaidi.liangjian</string>
<key>bundle-version</key>
<string>1.0</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string> Fast Driving Driver Side _ Experience version _10020</string>
</dict>
</dict>
</array>
</dict>
</plist>
The following are the relevant file information:
Zhuruhongdemacbook-pro:ios zhuruhong$ pwd
/library/webserver/documents/ios
Zhuruhongdemacbook-pro:ios zhuruhong$ LS-LRT
Total 38112
[Email protected] 1 Zhuruhong wheel 412 6 19:25 ipa.html
-rw-r--r--1 root wheel 963 6 15:49 App.key
-rw-r--r--1 root wheel 757 6 15:51 APP.CSR
-rw-r--r--1 root Wheel 887 6 15:51 Server.key
-rw-r--r--1 root wheel 1294 6 15:51 SERVER.CRT
-rw-r--r--1 Zhuruhong Wheel 19486293 6 17:33 Kdaijiadriver_1.0.0_10020.ipa
[Email protected] 1 Zhuruhong wheel 775 6 17:36 kdaijiadriver_enter.plist
Zhuruhongdemacbook-pro:ios zhuruhong$
Note: Before clicking on the download, you need to click Server.crt and trust to install on the phone.
Apache on Mac turns on HTTPS and installs the app locally