Use OTA to distribute iOS apps on the LAN, and use ota to distribute ios apps on the LAN.

Use OTA to distribute iOS apps on the LAN, and use ota to distribute ios apps on the LAN.

One of the company's projects has Android and iOS apps. The download and installation of Android are very convenient, but iOS is a little troublesome. Because of the restrictions of the project itself, there are mainly the following obstacles:
1. iOS versions are not distributed through Appstore.
2. For the sake of security, Android and iOS apps can only access the server through vpn, while mobile phones cannot access the Internet after vpn. Therefore, you cannot access HTTPS services related to the Internet. In other words, you cannot use the SSL Certificate web Services of the Internet.
3. iOS versions later than 7.1. Therefore, apple's itms-services protocol must be used for HTTPS.

In view of the above obstacles, we considered building an internal HTTPS service on the LAN and distributing iOS applications through OTA (Over-the-Air.

OTA

OTA is the Over-the-Air. In short, it sends instructions to devices wirelessly, specifically for iOS devices, such as iphone and ipad, so that developers can leave the Appstore, download and install the iOS app from your server. You only need to open a link in the iphone or ipad browser to install the App directly on the main interface. The entire distribution process consists of three parts: the device (iPhone, ipad), the server (profile service, used to send configuration files), and the verification server (including the CA and directory servers ).

OTA distribution implementation

For iOS app distribution, three files must be included on the server to implement OTA-based distribution.

1. the ipa file, that is, the application installation package, can be signed by the developer certificate or enterprise certificate.
2. The plist file is used to describe the installation information of iOS applications. The main installation information includes the name and storage path of the ipa file. You can use Xcode to create a plist file. The specific creation process and plist file will not be described here.
3. a page that provides the itms-services protocol link is also accessed through HTTPS. The itms-services protocol link points to the path of the plist file, for example:

<a href="itms-services://?action=download-manifest&url=https://192.168.0.1/appipa.plist">Install App</a>

With the above three files, the apple device can download and install the plist file by providing an HTTPS server to read the path of the ipa file installed on iOS.

Self-built OpenSSL Certificate

Because HTTPS services can only be provided within the LAN, SSL certificates cannot be issued by the relevant CA, and certificates are not based on domain names, but are based on IP addresses. Therefore, you can only use self-made certificates. Here I use OpenSSL to configure the Tomcat SSL certificate. OpenSSL is generated by openssl.exe under the apacheserver in windows. The procedure is as follows (using command line ):

1. Generate the private key of the server
Openssl genrsa-out server. key 1024

2. Generate a signing application (Common Name must be the Server ip address or domain Name)
Openssl req-new-out server. csr-key server. key-config .. \ conf \ openssl. cnf

3. Generate the CA private key
Open SSL genrsa-out ca. key 1024

4. Use the private key of the CA to generate the self-signed certificate of the CA.
Openssl req-new-x509-days 3650-key ca. key-out ca. crt-config .. \ conf \ openssl. cnf

5. Create demoCA (under the bin directory)
Create the files index.txtand serialin democa. the serialcontent is, index.txt is empty, and the folder newcerts

6. Generate a certificate signed by the website Server
Openssl ca-in server. csr-out server. crt-cert ca. crt-keyfile ca. key-config .. \ conf \ openssl. cnf

Finally, configure the generated server. crt and server. key paths to the openssl. cnf configuration file of the Apache server (See related documents for detailed configuration) and restart the Apache server.

SSLCertificateFile “/Apache22/conf/ssl2rver.crt”
SSLCertificateKeyFile “/Apache22/conf/ssl2rver.key”

Client certificate ca. crt can be provided to iOS devices for installation by downloading or email. However, note that this is a self-Signed SSL Certificate and cannot be trusted, therefore, you need to manually set the trust certificate in the iphone or ipad.

After installing the client certificate, you can access the page that provides the itms-services protocol link through the iphone or ipad browser to download and install the iOS app.

-----------------------------------------------------------

Please pay attention to my website and public account. The article will be published on both my website and public account.

This article first link: https://www.watch-life.net/website-app/ota-ios-app.html

My Website: Watch Xuan

Public Account name: Watch Xuan

Public Account: iwatchlife

You can also scan or long press the following QR code