1.服务器 自签名https证书配置
配置方法:
MAC系统自带apache服务器:
1. 终端:
sudo apachectl start
(浏览器输入:http://127.0.0.1,出现It Works!启动成功~)
(服务器地址为:/Library/WebServer/Documents/ )
2.开始OpenSSL 证书
(1.)生成服务器私钥
sudo mkdir /private/etc/apache2/ssl
cd /private/etc/apache2/ssl
sudo openssl genrsa -out server.key 1024
(2.)生成签署申请 :注意Common Name必须是服务器 ip 或域名,其他信息可以随意填写
sudo openssl req -new -key server.key -out server.csr
(3.)生成ca私钥
sudo openssl genrsa -out ca.key 1024
sudo openssl req -new -x509 -days 365 -key ca.key -out ca.crt
(4.)创建demoCA
在 ssl 目录下创建 demoCA 文件夹,在 demoCA ,创建一个 index.txt 和 serial ,index.txt 为空, serial 内容为01,然后在demoCA 文件夹创建一个空文件夹 newcerts然后执行命令:
sudo openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key
3.配置 SSL 服务
(1.)编辑httpd.conf
sudo vim /private/etc/apache2/httpd.conf
去掉一下四行注释,如果缺少编辑添加
LoadModule ssl_module libexec/apache2/mod_ssl.so
Include /private/etc/apache2/extra/httpd-ssl.conf
Include /private/etc/apache2/extra/httpd-vhosts.conf
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
(2.)编辑 httpd-ssl.conf
sudo vim /private/etc/apache2/extra/httpd-ssl.conf
去掉这个两行代码的注释:
SSLCertificateFile "/private/etc/apache2/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/server.key"
把证书路劲改成自己生成的文件路径
SSLCertificateFile "/private/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/ssl/server.key"
(3.)编辑 httpd-vhosts.conf
sudo vim /private/etc/apache2/extra/httpd-vhosts.conf
添加一下代码:
<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /private/etc/apache2/ssl/server.crt
SSLCertificateKeyFile /private/etc/apache2/ssl/server.key
ServerName 11.122.122.12(改为自己的IP地址)
DocumentRoot "/Library/WebServer/Documents/"
<VirtualHost>
(4.) 检查 apachectl 配置,执行一下代码,如果提示Syntax OK,就可以了,如果报错,自己检查一下错误,改一下
sudo apachectl configtest
3.进入服务器目录 --- /Library/WebServer/Documents/
重点:
将plist文件和ipa包一并传到服务器,并把创建的ca.crt证书一并上传上去,手机端需要下载ca.crt证书进行认证才可以
4.简单的编写一个html网址
<a style="display: block;width: 100%;height: 100px;" href="itms-services://?action=download-manifest&url=https://lx.fullinloveyan.com/plist/archive.plist" target="_blank">点击下载</a>
<a style="display: block;width: 100%;height: 100px;" href="https://lx.fullinloveyan.com/plist/ca.crt" target="self">点击证书</a>
重点:
href="itms-services://?action=download-manifest&url=https://lx.fullinloveyan.com/plist/archive.plist" target="_blank"
只对url地址进行修改,href其他地方照搬即可
5.将html手机上打开。点击下载即可
重点:
Plist文件:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>https://lx.fullinloveyan.com/plist/wallet.ipa</string>//服务器对应ipa地址
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>com.jufeng.wallet</string>//ipa包对应bundleid
<key>bundle-version</key>
<string>1.0.1</string>//ipa包对应版本号
<key>kind</key>
<string>software</string>
<key>title</key>
<string>理想钱包</string>//ipa包对应名称
</dict>
</dict>
</array>
</dict>
</plist>
Plist文件及demo下载地址:https://github.com/xuliang0712/Plist
