As we all know. 苹果在iOS7.1中的Adhoc强制使用https链接,这下公司的小伙伴就不能愉快的通过内网下载安装测试包了

经过一番折腾,终于实现了自签署SSL证书让手机通过浏览器在线安装ipa

• 1. 环境

  开发环境:Mac OS X 10.9.4+Xcode6Beta5

  服务器:CentOS 6.5 x64+apache2

• 2. 客户端准备部署文件

  a)先去developer.apple.com申请证书和描述文件(adhoc,过程略去不表)
  b)将工程打包成ipa,如Demo.ipa,准备一个Icon.png和一个Icon@2x.png
  c)建立Demo.plist文件
  

  <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>items</key> <array> <dict> <key>assets</key> <array> <dict> <key>kind</key> <string>software-package</string> <key>url</key> <string>https://www.your-domain.com/ipa/Demo.ipa</string> </dict> <dict> <key>kind</key> <string>full-size-image</string> <key>needs-shine</key> <false/> <key>url</key> <string>https://www.your-domain.com/ipa/Icon@2x.png</string> </dict> <dict> <key>kind</key> <string>display-image</string> <key>needs-shine</key> <false/> <key>url</key> <string>https://www.your-domain.com/ipa/Icon.png</string> </dict> </array> <key>metadata</key> <dict> <key>bundle-identifier</key> <string>com.superyyl.Demo</string> <key>bundle-version</key> <string>1.0</string> <key>kind</key> <string>software</string> <key>title</key> <string>Demo</string> </dict> </dict> </array> </dict> </plist>

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

  <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>items</key> <array> <dict> <key>assets</key> <array> <dict> <key>kind</key> <string>software-package</string> <key>url</key> <string>https://www.your-domain.com/ipa/Demo.ipa</string> </dict> <dict> <key>kind</key> <string>full-size-image</string> <key>needs-shine</key> <false/> <key>url</key> <string>https://www.your-domain.com/ipa/Icon@2x.png</string> </dict> <dict> <key>kind</key> <string>display-image</string> <key>needs-shine</key> <false/> <key>url</key> <string>https://www.your-domain.com/ipa/Icon.png</string> </dict> </array> <key>metadata</key> <dict> <key>bundle-identifier</key> <string>com.superyyl.Demo</string> <key>bundle-version</key> <string>1.0</string> <key>kind</key> <string>software</string> <key>title</key> <string>Demo</string> </dict> </dict> </array> </dict> </plist>

  
  d)上传Demo.ipa,Demo.plist,Icon.png,Icon@2x.png到/var/www/html/ipa目录下备用

• 3.服务端配置

  a)安装openssl
  

  Shell

  #安装openssl yum -y install mod_ssl #确认安装成功 rpm -qa | grep openssl

  1 2 3 4

  #安装openssl yum -y install mod_ssl #确认安装成功 rpm -qa | grep openssl

  
  b)生成证书
  
  Shell

  #建立文件夹 mkdir /etc/httpd/ssl cd /etc/https/ssl #用openssl选择rsa非对称算法和des3对称加密算法来制作CA证书 openssl genrsa -des3 -out my-ca.key 2048 #然后使用x509标准签署证书 openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt #现在有了CA证书了，就可以用它来为我们的网站颁发ssl证书了。同制作CA证书一样，我们需要先为服务器生成密钥对 openssl genrsa -des3 -out mars-server.key 2048 #生成了密钥mars-server.key后，根据它生成csr证书文件 #这里面要注意了Common Name的值要和你的域名一致，否则后面客户端浏览器验证域名不正确会不通过的。 openssl req -new -key mars-server.key -out mars-server.csr #下面就用CA证书来签署服务器证书了 openssl x509 -req -in mars-server.csr -out mars-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650 #开机自动启动apache时免密码 openssl rsa -in mars-server.key -out mars-server.key.insecure

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

  #建立文件夹 mkdir /etc/httpd/ssl cd /etc/https/ssl #用openssl选择rsa非对称算法和des3对称加密算法来制作CA证书 openssl genrsa -des3 -out my-ca.key 2048 #然后使用x509标准签署证书 openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt #现在有了CA证书了，就可以用它来为我们的网站颁发ssl证书了。同制作CA证书一样，我们需要先为服务器生成密钥对 openssl genrsa -des3 -out mars-server.key 2048 #生成了密钥mars-server.key后，根据它生成csr证书文件 #这里面要注意了Common Name的值要和你的域名一致，否则后面客户端浏览器验证域名不正确会不通过的。 openssl req -new -key mars-server.key -out mars-server.csr #下面就用CA证书来签署服务器证书了 openssl x509 -req -in mars-server.csr -out mars-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650 #开机自动启动apache时免密码 openssl rsa -in mars-server.key -out mars-server.key.insecure

  
  c)配置apache
  
  Shell

  vi /etc/httpd/conf.d/ssl.conf #更改以下信息 SSLEngine on SSLCertificateFile /etc/httpd/ssl/mars-server.crt SSLCertificateKeyFile /etc/httpd/ssl/mars-server.key.insecure SSLCACertificateFile /etc/httpd/ssl/my-ca.crt #重启 service httpd restart

  1 2 3 4 5 6 7 8

  vi /etc/httpd/conf.d/ssl.conf #更改以下信息 SSLEngine on SSLCertificateFile /etc/httpd/ssl/mars-server.crt SSLCertificateKeyFile /etc/httpd/ssl/mars-server.key.insecure SSLCACertificateFile /etc/httpd/ssl/my-ca.crt #重启 service httpd restart

  
  d)将生成的my-ca.crt拷贝到/var/www/html/ipa目录下备用

• 4. Let’s Go!

  a)在iOS设备上打开safari访问,https://www.your-domain.com/ipa/my-ca.crt,信任并安装
  b)在iOS设备上打开safari访问,itms-services://?action=download-manifest&url=https://www.your-domain.com/ipa/Demo.plist

• 5. 还有什么?

  a)安装设备的udid需要在描述文件里
  b)做一个网页,引导用户先安装crt,再点击itms-service
  

  <!DOCTYPE html> <html> <head> <title>Install Demo</title> </head> <body> <h1>1. 安装<a href="https://www.your-domain.com/ipa/my-ca.crt">证书</a></h1> <br/> <h1>2. 安装<a href="itms-services://?action=download-manifest&url=https://www.your-domain.com/ipa/Demo.plist">APP</a></h1> </body> </html>

  1 2 3 4 5 6 7 8 9 10 11

  <!DOCTYPE html> <html> <head> <title>Install Demo</title> </head> <body> <h1>1. 安装<a href="https://www.your-domain.com/ipa/my-ca.crt">证书</a></h1> <br/> <h1>2. 安装<a href="itms-services://?action=download-manifest&url=https://www.your-domain.com/ipa/Demo.plist">APP</a></h1> </body> </html>