mac中apache開啟https功能，本地釋出安裝app

mac中apache開啟https功能，本地釋出安裝app

最近app進入收尾階段，發包比較頻繁。很多手機都不在測試證書中，是以使用的是企業證書打包。

每次上傳到外網伺服器都很慢，需要15分鐘左右。想想還是自己本地mac做個伺服器下載下傳比較快一點。

是以學了下apache開啟https的内容，本文記錄了自己的學習過程。

1-先制作自己的簽名證書

在前面的apache相關中，已經在mac上開啟了apache，為了後面手機安裝證書友善，我是在 /Library/WebServer/Documents/目錄中制作簽名證書的。

a-生成私鑰，指令： sudo openssl genrsa -des3 -out app.key 1024

b-生成簽署申請，指令： sudo openssl req -new -key app.key -out app.csr

c-生成伺服器的私鑰，指令： sudo openssl rsa -in app.key -out server.key

d-生成給網站伺服器簽署的證書，指令： sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

（這一步和a差不多，需要注意的是Common Name一定要填對）

以下是我自己在mac 10.10上處理的指令記錄：

zhuruhongdeMacBook-Pro:~ zhuruhong$ cd /Library/WebServer/Documents/

zhuruhongdeMacBook-Pro:Documents zhuruhong$ ls

PoweredByMacOSX.gif index.html.en php

PoweredByMacOSXLarge.gif ios

zhuruhongdeMacBook-Pro:Documents zhuruhong$ cd ios/

zhuruhongdeMacBook-Pro:ios zhuruhong$ ls

KDaijiaDriver_1.0.0_9291.ipa app.csr ipa.html server.key

KDaijiaDriver_enter.plist app.key server.crt

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl genrsa -des3 -out app.key 1024

Generating RSA private key, 1024 bit long modulus

.....++++++

.........++++++

e is 65537 (0x10001)

Enter pass phrase for app.key:［這裡是輸入密碼］

Verifying - Enter pass phrase for app.key:［這裡再次輸入密碼确認］

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl req -new -key app.key -out app.csr

Enter pass phrase for app.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN［這裡是國家，CN中國］

State or Province Name (full name) [Some-State]:hangzhou［這裡是省份，城市］

Locality Name (eg, city) []:hangzhou［這裡是城市］

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd［這裡是公司］

Organizational Unit Name (eg, section) []:rh［這裡是組織名稱］

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1［這個必須填正确，是你的伺服器的域名，或者ip］

Email Address []:[email protected]［這裡是我的郵箱］

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456［這裡是密碼］

An optional company name []:rh［這裡是名字］

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl rsa -in app.key -out server.key

Enter pass phrase for app.key:［這裡輸入密碼］

writing RSA key

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$  sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:hangzhou

Locality Name (eg, city) []:hangzhou

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd

Organizational Unit Name (eg, section) []:rh

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1

Email Address []:[email protected]

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo cp server.* /etc/apache2/

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl configtest

Syntax OK

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl restart

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ 

2-配置apache，開啟ssl

編輯/etc/apache2/httpd.conf檔案，去掉下面三行前面的＃号

(/etc/apache2/httpd.conf和/private/etc/apache2/httpd.conf其實是同一個内容)

LoadModule ssl_module libexec/apache2/mod_ssl.so

Include /etc/apache2/extra/httpd-ssl.conf

Include /etc/apache2/extra/httpd-vhosts.conf

編輯/etc/apache2/extra/httpd-ssl.conf檔案，去掉下面兩行前面的＃号

SSLCertificateFile "/etc/apache2/ssl/server.crt"

SSLCertificateKeyFile "/etc/apache2/ssl/server.key"

編輯/etc/apache2/extra/httpd-vhosts.conf檔案，在NameVirtualHost*:80後面添加一段如下内容：

<VirtualHost *:443>

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SSLCertificateFile /etc/apache2/server.crt

    SSLCertificateKeyFile /etc/apache2/server.key

    ServerName 192.168.2.1 

    DocumentRoot "/Library/WebServer/Documents"

</VirtualHost>

其中server.crt和server.key就是最開始制作的簽名證書。

我這邊是放在apache的安裝目錄（/etc/apache2/）中的，以上不同的配置各自自己注意目錄。

到這裡就配置完成了，運作sudo apachectl configtest指令，檢查配置。

沒有問題就可以重新開機apache，讓配置生效了。

碰到的問題：

用sudo apachectl configtest指令檢查配置時，出現下面的提示：

Could not reliably determine the server's fully qualified domain name

是因為httpd.conf檔案中的ServerName沒有配置，處于預設狀态。

隻需要在apache安裝目錄/etc/apache2/httpd.conf檔案中啟用ServerName配置指令即可。

加上：ServerName localhost:80

apache的配置檔案httpd.conf中預設是存在類似的指令的，不過在該指令前添加了＃号，注釋掉了該句，我們隻需要模仿着增加一行，然後重新開機apache即可。

3-配置ipa下載下傳

靜态html頁面，内容如下：

ipa.html檔案:

zhuruhongdeMacBook-Pro:ios zhuruhong$ cat ipa.html 

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">

</head>

<ul>

    <li>

        <a href="itms-services://?action=download-manifest&url=https://192.168.2.1/ios/KDaijiaDriver_enter.plist" target="_blank" rel="external nofollow" >local-iOS代駕司機1.0體驗版</a>

    </li>

</ul>

</html>

plist檔案：

zhuruhongdeMacBook-Pro:ios zhuruhong$ cat KDaijiaDriver_enter.plist 

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

 <key>items</key>

 <array>

 <dict>

 <key>assets</key>

 <array>

 <dict>

 <key>kind</key>

 <string>software-package</string>

 <key>url</key>

 <string>https://192.168.2.1:443/ios/KDaijiaDriver_1.0.0_10020.ipa</string>

 </dict>

 </array>

 <key>metadata</key>

 <dict>

 <key>bundle-identifier</key>

 <string>com.kuaidi.liangjian</string>

 <key>bundle-version</key>

 <string>1.0</string>

 <key>kind</key>

 <string>software</string>

 <key>title</key>

 <string>快的代駕司機端_體驗版_10020</string>

 </dict>

 </dict>

 </array>

</dict>

</plist>

以下是相關檔案資訊：

zhuruhongdeMacBook-Pro:ios zhuruhong$ pwd

/Library/WebServer/Documents/ios

zhuruhongdeMacBook-Pro:ios zhuruhong$ ls -lrt

total 38112

-rw-r--r--@ 1 zhuruhong  wheel       412  6 18 19:25 ipa.html

-rw-r--r--  1 root       wheel       963  6 19 15:49 app.key

-rw-r--r--  1 root       wheel       757  6 19 15:51 app.csr

-rw-r--r--  1 root       wheel       887  6 19 15:51 server.key

-rw-r--r--  1 root       wheel      1294  6 19 15:51 server.crt

-rw-r--r--  1 zhuruhong  wheel  19486293  6 19 17:33 KDaijiaDriver_1.0.0_10020.ipa

-rw-r--r--@ 1 zhuruhong  wheel       775  6 19 17:36 KDaijiaDriver_enter.plist

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

注意：在點選下載下傳前，需要點選server.crt，并信任在手機上安裝。