mac 使用apache开启https功能，实现ios局域网内测（一）

笔者尝试了网上各种办法最后还是找到了方法解决了一系列局域网内测的问题，随手做个笔记记录下，亲测可行。

一、先生成证书

1、进入apache web 的根目录处理证书命令

cd /Library/WebServer/Documents/ios 

基于 /Library/WebServer/Documents/ios  根目录下处理命令：

a-生成私钥，命令： sudo openssl genrsa -des3 -out app.key 1024

b-生成签署申请，命令： sudo openssl req -new -key app.key -out app.csr

c-生成服务器的私钥，命令： sudo openssl rsa -in app.key -out server.key

d-生成给网站服务器签署的证书，命令： sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

网摘一位网友的命令处理记录：

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl genrsa -des3 -out app.key 1024

Generating RSA private key, 1024 bit long modulus

.....++++++

.........++++++

e is 65537 (0x10001)

Enter pass phrase for app.key:［这里是输入密码］

Verifying - Enter pass phrase for app.key:［这里再次输入密码确认］

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl req -new -key app.key -out app.csr

Enter pass phrase for app.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN［这里是国家，CN中国］

State or Province Name (full name) [Some-State]:hangzhou［这里是省份，城市］

Locality Name (eg, city) []:hangzhou［这里是城市］

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd［这里是公司］

Organizational Unit Name (eg, section) []:rh［这里是组织名称］

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1［这个必须填正确，是你的服务器的域名，或者ip］

Email Address []:zhu410289616@163.com［这里是我的邮箱］

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456［这里是密码］

An optional company name []:rh［这里是名字］

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl rsa -in app.key -out server.key

Enter pass phrase for app.key:［这里输入密码］

writing RSA key

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$  sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:hangzhou

Locality Name (eg, city) []:hangzhou

Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd

Organizational Unit Name (eg, section) []:rh

Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1

Email Address []:zhu410289616@163.com

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo cp server.* /etc/apache2/

 

zhuruhongdeMacBook-Pro:ios zhuruhong$ 

 

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl configtest

Syntax OK

zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl restart

 

 2、apache 开启ssl功能

2.1 编辑/etc/apache2/httpd.conf文件，去掉下面四行前面的＃号

(/etc/apache2/httpd.conf和/private/etc/apache2/httpd.conf其实是同一个内容)

LoadModule ssl_module libexec/apache2/mod_ssl.so

Include /etc/apache2/extra/httpd-ssl.conf

Include /etc/apache2/extra/httpd-vhosts.conf

LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so 

 

这里检查ServerName 指向的是什么，如果没有定义，需要加上127.0.0.1:80

 

2.2 编辑/etc/apache2/extra/httpd-ssl.conf文件，去掉下面两行前面的＃号

SSLCertificateFile "/etc/apache2/ssl/server.crt"   

SSLCertificateKeyFile "/etc/apache2/ssl/server.key"

说明（因为命令 sudo cp server.* /etc/apache2/ 只是拷贝到Apache2目录下，而httpd-ssl.conf SSLCertificateFile默认指向ssl文件夹的，要不在Apache2下创建ssl文件夹把server.crt和server.key放在ssl，要不修改SSLCertificateFile 和 SSLCertificateKeyFile /etc/apache2/server.crt ，/etc/apache2/ssl/server.key ）

2.3 编辑/etc/apache2/extra/httpd-vhosts.conf文件

<VirtualHost *:80>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
ServerName 192.168.4.247
DocumentRoot "/Library/WebServer/Documents"
</VirtualHost>

说明:可以把原来<VirtualHost *:80></VirtualHost>的内容注释了，把这个粘贴进去 注意：ServerName 是你服务器的ip（如果是本机最好输入局域网的ip不要输入127.0.0.1），SSLCertificateFile 和SSLCertificateKeyFile 与上面2.2 步骤的路径要对应。

到这里就配置完成了，运行sudo apachectl configtest命令，检查配置。

Syntax OK 代表成功

可以重启服务器  sudo apachectl restart

到这里服务器就已经支持ssl了，可以访问https://ip/ios了

这里补充一点，更换Apache 的根目录

1.需要修改 httpd.conf文件

2.修改 httpd-vhosts.conf 

 

 

3.修改httpd-ssl.conf

重启Apache 就可以了

如果遇到没有权限访问

再修改httpd.conf文件