需要注意的几点:
ca证书和user证书密码必须一致;
默认配置的webserver,如果是直接文件路径则必须是get请求(不能是post请求)
android、ios下载客户端文件前,需要先安装ca公钥证书
步骤:
- 安装并配置erlang、yaws基础环境包
-
制作https需要的证书
- 建立serial文件,输入序列号值,如010000000001,16进制)6字节存储的序列号
[root@mbank demoCA]# vim serial - 建立index.txt文件
[root@mbank demoCA]# vim index.txt - Linux下生成需要修改配置文件:/etc/pki/tls/openssl.cnf
[ CA_default ]
dir = ./cert - 生成2048的CA证书私钥
openssl genrsa -des3 -out ca_private.key 2048 - 生成2048的服务器证书私钥
openssl genrsa -des3 -out server_private.key 2048 - 自签名生成CA根证书,有效期10年,PEM格式
openssl req -new -x509 -days 3650 -key ca_private.key -out ca.crt
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]: BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]: liuweihua.com
Organizational Unit Name (eg, section) []:Inc
Common Name (eg, YOUR name) []:127.0.0.1
Email Address []:weihua1986@gmail.com - 生成服务器的P10(csr)证书请求,PEM格式
openssl req -new -key server_private.key -out server.csr
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]: blog.liuweihua.com
Organizational Unit Name (eg, section) []:Inc
Common Name (eg, YOUR name) []:127.0.0.1
Email Address []:weihua1986@gmail.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []: - 使用本地模拟CA签发服务器公钥证书
openssl ca -days 3650 -in server.csr -out server.crt -cert ca.crt -keyfile ca_private.key
- 建立serial文件,输入序列号值,如010000000001,16进制)6字节存储的序列号
-
编写yaws.conf配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
logdir=log log_wrap_size=51200000 log_resolve_hostname=false <server182.119.167.184> port=443 listen=0.0.0.0 #listen_backlog=400000 docroot=www partial_post_size=102400000 auth_skip_docroot=true <ssl> keyfile=security/https/server_private.key certfile=security/https/server.crt cacertfile=security/https/ca.crt verify=verify_none password=123456 </ssl> </server>
-
编写启动脚本start.sh
1 2
#!/bin/bash yaws--confyaws.conf--idtest--nametest--snametest--daemon
-
编写具体的下载页面和文件
1 2 3
<ahref="itms-services://?action=download-manifest&url=https://127.0.0.1/ipad/test .plist">点击下载</a> <ahref="https://127.0.0.1/android/test.apk">点击下载</a>
-
test.plist内容如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>items</key> <array> <dict> <key>assets</key> <array> <dict> <key>kind</key> <string>software-package</string> <key>url</key> <string>https://127.0.0.1/ipad/test.ipa</string> </dict> </array> <key>metadata</key> <dict> <key>bundle-identifier</key> <string>com.liuweihua.test</string> <key>bundle-version</key> <string>1.0.0</string> <key>kind</key> <string>software</string> <key>title</key> <string>TEST</string> </dict> </dict> </array> </dict> </plist>