Apple device Click to download install IPA file a series of things that happen

Source: Internet
Author: User
Tags openssl version openssl x509 nginx ssl

Because the latest production to support iOS devices, but found that the click. plist file could not be downloaded, prompted to connect to www.xxx.com.

The internet has looked up a lot of information that may be the issue of certificates.

Https://www.ssllabs.com/ssltest/index.html still has a lot to test here.

After a few days ' long struggle, I recorded something

To support the TLS1.1 TLS1.2 OpenSSL version be sure to > 1.0.1

OpenSSL compilation can refer to the official website, it is best to download the latest version

I'm referring to the article deployed here.

Http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html

openssl version     View OpenSSL version openssl dhparam -out dhparam.pem  4096  OPENSSL security to prevent forward vulnerability   This is going to run a long time openssl ciphers -v  ' TLSv1.2 '        View Support Version openssl genrsa --help         Help genrsaopenssl genrsa -des3 -out server.key 2048     generate a key, GoDaddy to generate certificates at least 2048openssl s_client -connect www.google.com:443    The certificate used by the client test openssl req -new -key -subj  "/c=cn/st=beijing/l=beijing/o=fyltd/ou= Itranswarp/cn=www.example.com " server.key -out server.csr                      generate a certificate request openssl x509  -req -days 3650 -in server.csr -signkey server.key -out  server.crt  here is the build certificate.

This is my server automatically generate a certificate script, if you want to go to GoDaddy or other sites to generate certificates, the last one can be commented. Then go to the third party to download it and you can use it directly.

#!/bin/bashdomain= "d.example.com" OpenSSL genrsa-des3-out $DOMAIN. Key 2048#openssl Ecparam-genkey-name Secp160r1-out $DOMAIN. keysubject= "/c=cn/st=beijing/l=beijing/o=fyltd/ou=itranswarp/cn= $DOMAIN" OpenSSL req-new-subj $SUBJECT- Key $DOMAIN. key-out $DOMAIN. Csr-sha256#openssl x509-req-days 3650-in $DOMAIN. Csr-signkey $DOMAIN. Key-out $DOMAIN. Cr T


Nginx If you want to go through Apple be sure to turn on support for TLS:

Here is the reference article

Http://xfeng.me/nginx-enable-tls-sni-support

Http://nginx.org/en/docs/http/configuring_https_servers.html#chains


Nginx SSL Optimization settings:

     ssl on;     ssl_ciphers  " ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256: Ecdhe-rsa-aes256-sha384:ecdhe-rsa-aes128-sha256:ecdhe-rsa-aes256-sha:ecdhe-rsa-aes128-sha:d He-rsa-aes256-sha256:dhe-rsa-aes128-sha256:dhe-rsa-aes256-sha:dhe-rsa-aes128-sha:ecdhe-rsa-des-cbc3-sha: Edh-rsa-des-cbc3-sha:aes256-gcm-sha384:aes128-gcm-sha256:aes256-sha256:aes128-sha256:aes256-sha:aes128-sha:d es-cbc3-sha:high:!anull:!enull:! export:! Des:! md5:! Psk:! RC4 ";       ssl_protocols tlsv1 tlsv1.1 tlsv1.2;       ssl_prefer_server_ciphers on;      ssl_session_ cache shared:ssl:10m;      ssl_dhparam /usr/local/nginx/conf/ssl/ dhparam.pem;      ssl_certificate /usr/local/nginx/conf/ssl/server.crt;       ssl_certificate_key /usr/local/nginx/conf/ssl/server.key; 

Refer to Http://www.oschina.net/translate/strong_ssl_security_on_nginx here

If you need to upgrade TLS1.0 to TLS1.2 then follow the above steps to do it again.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/79/45/wKiom1aM9RGwmtq9AACzWN5l360797.png "title=" j6h1mo@ ' FTJ70 (c}l]srayb.png "alt=" Wkiom1am9rgwmtq9aaczwn5l360797.png "/>650" this.width=650; "src=" http:// S2.51cto.com/wyfs02/m02/79/45/wkiom1am9v7yncwbaacr1ntxwqm572.png "title=" b12lbi3%v06 (SVMDZNE{]0I.png "alt=" Wkiom1am9v7yncwbaacr1ntxwqm572.png "/>


This article is from the "tireless learning ..." Blog, be sure to keep this source http://jonyisme.blog.51cto.com/3690784/1732226

Apple device Click to download install IPA file a series of things that happen

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.