IOS enterprise app application installation and https certificate generation

In addition to being able to publish on the Appstore, the IOS application can also apply for a corporate certificate and deploy the server to publish and provide downloads. However, after the enterprise certificate is in IOS 7.1, the application download needs to use the trusted https release to download normally. Otherwise, Prompt that an error such as a server could not be found;

First, developers need to package an ipa, and provide a plist file, the plist file can refer to the following:

Plist file (test.plist):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>https://192.168.0.8/test.ipa</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>com.test</string>
<key>bundle-version</key>
<string>1.0</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string>test</string>
</dict>
</dict>
</array>
</dict>
</plist>
Create a new page, assuming index.html, as follows:
<script>
Location.href="itms-services:///?action=download-manifest&url=https://192.168.0.8/test.plist";
</script>

OR

<a href="itms-services:///?action=download-manifest&url=https://192.168.0.8/test.plist">Click to download</a>
 Visit: https://192.168.0.8/test.html (open with safari)

Note: The value of the url in the plist file may not be https, but in the page, the url parameter after the items-services protocol must be https, and must be trusted https, that is, if you apply for a certificate from an authority, directly If you configure it on the server, you can trust it. Otherwise, the certificate generated by the client must be installed with the ca certificate to be trusted. In addition, remember to remind the user that it can only be downloaded in the safari browser. Other browsers do not recognize the itms-services protocol.

If you need to download the LAN, you can only generate the certificate yourself. The steps are as follows:

1.Generate the private key of the server

Openssl genrsa -out server.key 1024

2.Generate a signing application (note that it can be empty except for Common Name, Common Name must be the server’s ip or domain name)

Openssl req -new -key server.key -out server.csr

3.Generate CA private key

Openssl genrsa -out ca.key 1024

4.Use the CA’s private key to generate a self-signed certificate for the CA

Openssl req -new -x509 -days 365 -key ca.key -out ca.crt

5.Create a demoCA in the current directory, which creates the file index.txt and serial, the serial content is 01, the index.txt is empty, and the folder newcerts

Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key

Thus, the generated file has server.crt, server.key, ca.crt

Configure server.crt, server.key to the server, apache, nginx are different, Baidu, a lot of configuration instructions, here will not repeat; in addition, ca.crt into the service root directory, so that users can Access installation

After the server configures the certificate and restarts the service, you can access https://192.168.0.8/test.html at this time, but it is still not fully credited. The client must install ca.crt to download normally. Guide the client to access http. ://192.168.0.8/ca.crt, safari will directly jump to the certificate installation interface. After the certificate is installed, it can be downloaded normally through https://192.168.0.8/test.html.

Leave a Comment

Your email address will not be published.