mac中apache开启https功能，本地发布安装app

mac中apache开启https功能，本地发布安装app

最近app进入收尾阶段，发包比较频繁。很多手机都不在测试证书中，所以使用的是企业证书打包。

每次上传到外网服务器都很慢，需要15分钟左右。想想还是自己本地mac做个服务器下载比较快一点。

所以学了下apache开启https的内容，本文记录了自己的学习过程。

1-先制作自己的签名证书

在前面的apache相关中，已经在mac上开启了apache，为了后面手机安装证书方便，，我是在/Library/WebServer/Documents/目录中制作签名证书的。

a-生成私钥，命令：sudo openssl genrsa -des3 -out app.key 1024

b-生成签署申请，命令：sudo openssl req -new -key app.key -out app.csr

c-生成服务器的私钥，命令：sudo openssl rsa -in app.key -out server.key

d-生成给网站服务器签署的证书，命令：sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

（这一步和a差不多，需要注意的是Common Name一定要填对）

以下是我自己在mac 10.10上处理的命令记录：

zhuruhongdeMacBook-Pro:~ zhuruhong$ cd /Library/WebServer/Documents/

zhuruhongdeMacBook-Pro:Documents zhuruhong$ ls

PoweredByMacOSX.gif index.html.en php

PoweredByMacOSXLarge.gif ios

zhuruhongdeMacBook-Pro:Documents zhuruhong$ cd ios/

zhuruhongdeMacBook-Pro:ios zhuruhong$ ls

KDaijiaDriver_1.0.0_9291.ipa app.csr ipa.html server.key

KDaijiaDriver_enter.plist app.key server.crt

zhuruhongdeMacBook-Pro:ios zhuruhong$

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl genrsa -des3 -out app.key 1024

Generating RSA private key, 1024 bit long modulus

…..++++++

………++++++

e is 65537 (0x10001)

Enter pass phrase for app.key:［这里是输入密码］

Verifying – Enter pass phrase for app.key:［这里再次输入密码确认］

zhuruhongdeMacBook-Pro:ios zhuruhong$

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl req -new -key app.key -out app.csr

Enter pass phrase for app.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:CN［这里是国家，CN中国］

State or Province Name (full name) [Some-State]:hangzhou［这里是省份，城市］

Locality Name (eg, city) []:hangzhou［这里是城市］

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd［这里是公司］

Organizational Unit Name (eg, section) []:rh［这里是组织名称］

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1［这个必须填正确，是你的服务器的域名，或者ip］

Email Address []:zhu410289616@163.com［这里是我的邮箱］

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:123456［这里是密码］

An optional company name []:rh［这里是名字］

zhuruhongdeMacBook-Pro:ios zhuruhong$

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl rsa -in app.key -out server.key

Enter pass phrase for app.key:［这里输入密码］

writing RSA key

zhuruhongdeMacBook-Pro:ios zhuruhong$

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:hangzhou

Locality Name (eg, city) []:hangzhou

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd

Organizational Unit Name (eg, section) []:rh

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1

Email Address []:zhu410289616@163.com

zhuruhongdeMacBook-Pro:ios zhuruhong$

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo cp server.* /etc/apache2/

zhuruhongdeMacBook-Pro:ios zhuruhong$

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl configtest

Syntax OK

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl restart

zhuruhongdeMacBook-Pro:apache2 zhuruhong$

2-配置apache，开启ssl

编辑/etc/apache2/httpd.conf文件，去掉下面三行前面的＃号

(/etc/apache2/httpd.conf和/private/etc/apache2/httpd.conf其实是同一个内容)

LoadModule ssl_module libexec/apache2/mod_ssl.so

Include /etc/apache2/extra/httpd-ssl.conf

Include /etc/apache2/extra/httpd-vhosts.conf

编辑/etc/apache2/extra/httpd-ssl.conf文件，去掉下面两行前面的＃号

SSLCertificateFile "/etc/apache2/ssl/server.crt"

SSLCertificateKeyFile "/etc/apache2/ssl/server.key"

编辑/etc/apache2/extra/httpd-vhosts.conf文件，在NameVirtualHost*:80后面添加一段如下内容：

<VirtualHost *:443>

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /etc/apache2/server.crt

SSLCertificateKeyFile /etc/apache2/server.key

ServerName 192.168.2.1

DocumentRoot "/Library/WebServer/Documents"

</VirtualHost>

其中server.crt和server.key就是最开始制作的签名证书。

我这边是放在apache的安装目录（/etc/apache2/）中的，以上不同的配置各自自己注意目录。

到这里就配置完成了，运行sudo apachectl configtest命令，检查配置。

没有问题就可以重启apache，让配置生效了。

碰到的问题：

用sudo apachectl configtest命令检查配置时，出现下面的提示：

Could not reliably determine the server’s fully qualified domain name

是因为httpd.conf文件中的ServerName没有配置，处于缺省状态。

只需要在apache安装目录/etc/apache2/httpd.conf文件中启用ServerName配置指令即可。

加上：ServerName localhost:80

apache的配置文件httpd.conf中默认是存在类似的指令的，不过在该指令前添加了＃号，注释掉了该句，我们只需要模仿着增加一行，然后重启apache即可。

3-配置ipa下载

静态html页面，内容如下：

ipa.html文件:

zhuruhongdeMacBook-Pro:ios zhuruhong$ cat ipa.html

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">

</head>

<ul>

<li>

成功不是将来才有的，而是从决定去做的那一刻起，持续累积而成。