mac中apache开启https功能，本地发布安装app

标签：发布   ssl   https   ios安装app   

mac中apache开启https功能，本地发布安装app

最近app进入收尾阶段，发包比较频繁。很多手机都不在测试证书中，所以使用的是企业证书打包。

每次上传到外网服务器都很慢，需要15分钟左右。想想还是自己本地mac做个服务器下载比较快一点。

所以学了下apache开启https的内容，本文记录了自己的学习过程。

1-先制作自己的签名证书

在前面的apache相关中，已经在mac上开启了apache，为了后面手机安装证书方便，我是在 /Library/WebServer/Documents/目录中制作签名证书的。

a-生成私钥，命令： sudo openssl genrsa -des3 -out app.key 1024

b-生成签署申请，命令： sudo openssl req -new -key app.key -out app.csr

c-生成服务器的私钥，命令： sudo openssl rsa -in app.key -out server.key

d-生成给网站服务器签署的证书，命令： sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

（这一步和a差不多，需要注意的是Common Name一定要填对）

以下是我自己在mac 10.10上处理的命令记录：

zhuruhongdeMacBook-Pro:~ zhuruhong$ cd /Library/WebServer/Documents/

zhuruhongdeMacBook-Pro:Documents zhuruhong$ ls

PoweredByMacOSX.gif index.html.en php

PoweredByMacOSXLarge.gif ios

zhuruhongdeMacBook-Pro:Documents zhuruhong$ cd ios/

zhuruhongdeMacBook-Pro:ios zhuruhong$ ls

KDaijiaDriver_1.0.0_9291.ipa app.csr ipa.html server.key

KDaijiaDriver_enter.plist app.key server.crt

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl genrsa -des3 -out app.key 1024

Generating RSA private key, 1024 bit long modulus

.....++++++

.........++++++

e is 65537 (0x10001)

Enter pass phrase for app.key:［这里是输入密码］

Verifying - Enter pass phrase for app.key:［这里再次输入密码确认］

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl req -new -key app.key -out app.csr

Enter pass phrase for app.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.‘, the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN［这里是国家，CN中国］

State or Province Name (full name) [Some-State]:hangzhou［这里是省份，城市］

Locality Name (eg, city) []:hangzhou［这里是城市］

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd［这里是公司］

Organizational Unit Name (eg, section) []:rh［这里是组织名称］

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1［这个必须填正确，是你的服务器的域名，或者ip］

Email Address []:zhu410289616@163.com［这里是我的邮箱］

Please enter the following ‘extra‘ attributes

to be sent with your certificate request

A challenge password []:123456［这里是密码］

An optional company name []:rh［这里是名字］

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl rsa -in app.key -out server.key

Enter pass phrase for app.key:［这里输入密码］

writing RSA key

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$  sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.‘, the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:hangzhou

Locality Name (eg, city) []:hangzhou

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd

Organizational Unit Name (eg, section) []:rh

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1

Email Address []:zhu410289616@163.com

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo cp server.* /etc/apache2/

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl configtest

Syntax OK

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl restart

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ 

2-配置apache，开启ssl

编辑/etc/apache2/httpd.conf文件，去掉下面三行前面的＃号

(/etc/apache2/httpd.conf和/private/etc/apache2/httpd.conf其实是同一个内容)

LoadModule ssl_module libexec/apache2/mod_ssl.so

Include /etc/apache2/extra/httpd-ssl.conf

Include /etc/apache2/extra/httpd-vhosts.conf

编辑/etc/apache2/extra/httpd-ssl.conf文件，去掉下面两行前面的＃号

SSLCertificateFile "/etc/apache2/ssl/server.crt"

SSLCertificateKeyFile "/etc/apache2/ssl/server.key"

编辑/etc/apache2/extra/httpd-vhosts.conf文件，在NameVirtualHost*:80后面添加一段如下内容：

<VirtualHost *:443>

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile /etc/apache2/server.crt

    SSLCertificateKeyFile /etc/apache2/server.key

    ServerName 192.168.2.1 

    DocumentRoot "/Library/WebServer/Documents"

</VirtualHost>

其中server.crt和server.key就是最开始制作的签名证书。

我这边是放在apache的安装目录（/etc/apache2/）中的，以上不同的配置各自自己注意目录。

到这里就配置完成了，运行sudo apachectl configtest命令，检查配置。

没有问题就可以重启apache，让配置生效了。

碰到的问题：

用sudo apachectl configtest命令检查配置时，出现下面的提示：

Could not reliably determine the server‘s fully qualified domain name

是因为httpd.conf文件中的ServerName没有配置，处于缺省状态。

只需要在apache安装目录/etc/apache2/httpd.conf文件中启用ServerName配置指令即可。

加上：ServerName localhost:80

apache的配置文件httpd.conf中默认是存在类似的指令的，不过在该指令前添加了＃号，注释掉了该句，我们只需要模仿着增加一行，然后重启apache即可。

3-配置ipa下载

静态html页面，内容如下：

ipa.html文件:

zhuruhongdeMacBook-Pro:ios zhuruhong$ cat ipa.html 

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">

</head>

<ul>

    <li>

        <a href="itms-services://?action=download-manifest&url=https://192.168.2.1/ios/KDaijiaDriver_enter.plist">local-iOS代驾司机1.0体验版</a>

    </li>

</ul>

</html>

plist文件：

zhuruhongdeMacBook-Pro:ios zhuruhong$ cat KDaijiaDriver_enter.plist 

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

 <key>items</key>

 <array>

 <dict>

 <key>assets</key>

 <array>

 <dict>

 <key>kind</key>

 <string>software-package</string>

 <key>url</key>

 <string>https://192.168.2.1:443/ios/KDaijiaDriver_1.0.0_10020.ipa</string>

 </dict>

 </array>

 <key>metadata</key>

 <dict>

 <key>bundle-identifier</key>

 <string>com.kuaidi.liangjian</string>

 <key>bundle-version</key>

 <string>1.0</string>

 <key>kind</key>

 <string>software</string>

 <key>title</key>

 <string>快的代驾司机端_体验版_10020</string>

 </dict>

 </dict>

 </array>

</dict>

</plist>

以下是相关文件信息：

zhuruhongdeMacBook-Pro:ios zhuruhong$ pwd

/Library/WebServer/Documents/ios

zhuruhongdeMacBook-Pro:ios zhuruhong$ ls -lrt

total 38112

-rw-r--r--@ 1 zhuruhong  wheel       412  6 18 19:25 ipa.html

-rw-r--r--  1 root       wheel       963  6 19 15:49 app.key

-rw-r--r--  1 root       wheel       757  6 19 15:51 app.csr

-rw-r--r--  1 root       wheel       887  6 19 15:51 server.key

-rw-r--r--  1 root       wheel      1294  6 19 15:51 server.crt

-rw-r--r--  1 zhuruhong  wheel  19486293  6 19 17:33 KDaijiaDriver_1.0.0_10020.ipa

-rw-r--r--@ 1 zhuruhong  wheel       775  6 19 17:36 KDaijiaDriver_enter.plist

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

注意：在点击下载前，需要点击server.crt，并信任在手机上安装。

mac中apache开启https功能，本地发布安装app

标签：发布   ssl   https   ios安装app   

原文地址：http://blog.csdn.net/zhu410289616/article/details/46566073