Apple device Click to download install IPA file a series of things that happen

Because the latest production to support iOS devices, but found that the click. plist file could not be downloaded, prompted to connect to www.xxx.com.

The internet has looked up a lot of information that may be the issue of certificates.

Https://www.ssllabs.com/ssltest/index.html still has a lot to test here.

After a few days ' long struggle, I recorded something

To support the TLS1.1 TLS1.2 OpenSSL version be sure to > 1.0.1

OpenSSL compilation can refer to the official website, it is best to download the latest version

I'm referring to the article deployed here.

Http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html

openssl version     View OpenSSL version openssl dhparam -out dhparam.pem  4096  OPENSSL security to prevent forward vulnerability   This is going to run a long time openssl ciphers -v  ' TLSv1.2 '        View Support Version openssl genrsa --help         Help genrsaopenssl genrsa -des3 -out server.key 2048     generate a key, GoDaddy to generate certificates at least 2048openssl s_client -connect www.google.com:443    The certificate used by the client test openssl req -new -key -subj  "/c=cn/st=beijing/l=beijing/o=fyltd/ou= Itranswarp/cn=www.example.com " server.key -out server.csr                      generate a certificate request openssl x509  -req -days 3650 -in server.csr -signkey server.key -out  server.crt  here is the build certificate.

This is my server automatically generate a certificate script, if you want to go to GoDaddy or other sites to generate certificates, the last one can be commented. Then go to the third party to download it and you can use it directly.

#!/bin/bashdomain= "d.example.com" OpenSSL genrsa-des3-out $DOMAIN. Key 2048#openssl Ecparam-genkey-name Secp160r1-out $DOMAIN. keysubject= "/c=cn/st=beijing/l=beijing/o=fyltd/ou=itranswarp/cn= $DOMAIN" OpenSSL req-new-subj $SUBJECT- Key $DOMAIN. key-out $DOMAIN. Csr-sha256#openssl x509-req-days 3650-in $DOMAIN. Csr-signkey $DOMAIN. Key-out $DOMAIN. Cr T

Nginx If you want to go through Apple be sure to turn on support for TLS:

Here is the reference article

Http://xfeng.me/nginx-enable-tls-sni-support

Http://nginx.org/en/docs/http/configuring_https_servers.html#chains

Nginx SSL Optimization settings:

     ssl on;     ssl_ciphers  " ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256: Ecdhe-rsa-aes256-sha384:ecdhe-rsa-aes128-sha256:ecdhe-rsa-aes256-sha:ecdhe-rsa-aes128-sha:d He-rsa-aes256-sha256:dhe-rsa-aes128-sha256:dhe-rsa-aes256-sha:dhe-rsa-aes128-sha:ecdhe-rsa-des-cbc3-sha: Edh-rsa-des-cbc3-sha:aes256-gcm-sha384:aes128-gcm-sha256:aes256-sha256:aes128-sha256:aes256-sha:aes128-sha:d es-cbc3-sha:high:!anull:!enull:! export:! Des:! md5:! Psk:! RC4 ";       ssl_protocols tlsv1 tlsv1.1 tlsv1.2;       ssl_prefer_server_ciphers on;      ssl_session_ cache shared:ssl:10m;      ssl_dhparam /usr/local/nginx/conf/ssl/ dhparam.pem;      ssl_certificate /usr/local/nginx/conf/ssl/server.crt;       ssl_certificate_key /usr/local/nginx/conf/ssl/server.key; 

Refer to Http://www.oschina.net/translate/strong_ssl_security_on_nginx here

If you need to upgrade TLS1.0 to TLS1.2 then follow the above steps to do it again.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/79/45/wKiom1aM9RGwmtq9AACzWN5l360797.png "title=" j6h1mo@ ' FTJ70 (c}l]srayb.png "alt=" Wkiom1am9rgwmtq9aaczwn5l360797.png "/>650" this.width=650; "src=" http:// S2.51cto.com/wyfs02/m02/79/45/wkiom1am9v7yncwbaacr1ntxwqm572.png "title=" b12lbi3%v06 (SVMDZNE{]0I.png "alt=" Wkiom1am9v7yncwbaacr1ntxwqm572.png "/>

This article is from the "tireless learning ..." Blog, be sure to keep this source http://jonyisme.blog.51cto.com/3690784/1732226

Apple device Click to download install IPA file a series of things that happen