mac 使用apache開啟https功能，實現ios局域網內測（一）

 

筆者嘗試了網上各種辦法最后還是找到了方法解決了一系列局域網內測的問題，隨手做個筆記記錄下，親測可行。

一、先生成證書

1、進入apache web 的根目錄處理證書命令

cd /Library/WebServer/Documents/ios 

基於 /Library/WebServer/Documents/ios  根目錄下處理命令：

a-生成私鑰，命令： sudo openssl genrsa -des3 -out app.key 1024

b-生成簽署申請，命令： sudo openssl req -new -key app.key -out app.csr

c-生成服務器的私鑰，命令： sudo openssl rsa -in app.key -out server.key

d-生成給網站服務器簽署的證書，命令： sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

 

網摘一位網友的命令處理記錄：

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl genrsa -des3 -out app.key 1024

Generating RSA private key, 1024 bit long modulus

.....++++++

.........++++++

e is 65537 (0x10001)

Enter pass phrase for app.key:［這里是輸入密碼］

Verifying - Enter pass phrase for app.key:［這里再次輸入密碼確認］

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl req -new -key app.key -out app.csr

Enter pass phrase for app.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN［這里是國家，CN中國］

State or Province Name (full name) [Some-State]:hangzhou［這里是省份，城市］

Locality Name (eg, city) []:hangzhou［這里是城市］

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd［這里是公司］

Organizational Unit Name (eg, section) []:rh［這里是組織名稱］

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1［這個必須填正確，是你的服務器的域名，或者ip］

Email Address []:zhu410289616@163.com［這里是我的郵箱］

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456［這里是密碼］

An optional company name []:rh［這里是名字］

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl rsa -in app.key -out server.key

Enter pass phrase for app.key:［這里輸入密碼］

writing RSA key

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$  sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:hangzhou

Locality Name (eg, city) []:hangzhou

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd

Organizational Unit Name (eg, section) []:rh

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1

Email Address []:zhu410289616@163.com

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo cp server.* /etc/apache2/

 

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

 

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl configtest

Syntax OK

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl restart

 

 2、apache 開啟ssl功能

2.1 編輯/etc/apache2/httpd.conf文件，去掉下面四行前面的＃號

(/etc/apache2/httpd.conf和/private/etc/apache2/httpd.conf其實是同一個內容)

LoadModule ssl_module libexec/apache2/mod_ssl.so

Include /etc/apache2/extra/httpd-ssl.conf

Include /etc/apache2/extra/httpd-vhosts.conf

LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so 

 

這里檢查ServerName 指向的是什么，如果沒有定義，需要加上127.0.0.1:80

 

2.2 編輯/etc/apache2/extra/httpd-ssl.conf文件，去掉下面兩行前面的＃號

SSLCertificateFile "/etc/apache2/ssl/server.crt"   

SSLCertificateKeyFile "/etc/apache2/ssl/server.key"

說明（因為命令 sudo cp server.* /etc/apache2/ 只是拷貝到Apache2目錄下，而httpd-ssl.conf SSLCertificateFile默認指向ssl文件夾的，要不在Apache2下創建ssl文件夾把server.crt和server.key放在ssl，要不修改SSLCertificateFile 和 SSLCertificateKeyFile /etc/apache2/server.crt ，/etc/apache2/ssl/server.key ）

2.3 編輯/etc/apache2/extra/httpd-vhosts.conf文件

<VirtualHost *:80>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
ServerName 192.168.4.247
DocumentRoot "/Library/WebServer/Documents"
</VirtualHost>

說明:可以把原來<VirtualHost *:80></VirtualHost>的內容注釋了，把這個粘貼進去 注意：ServerName 是你服務器的ip（如果是本機最好輸入局域網的ip不要輸入127.0.0.1），SSLCertificateFile 和SSLCertificateKeyFile 與上面2.2 步驟的路徑要對應。

 

到這里就配置完成了，運行sudo apachectl configtest命令，檢查配置。

Syntax OK 代表成功

 

可以重啟服務器  sudo apachectl restart

 

到這里服務器就已經支持ssl了，可以訪問https://ip/ios了

 

 

這里補充一點，更換Apache 的根目錄

1.需要修改 httpd.conf文件

 

2.修改 httpd-vhosts.conf 

 

 

3.修改httpd-ssl.conf

 

重啟Apache 就可以了

如果遇到沒有權限訪問

再修改httpd.conf文件