ios - 无法在 IIS 7 中的 iOS 7 上部署应用程序

Question

我有一个正在运行的 IIS，它有一个页面，其中有一个链接:

<a href="itms-services://?action=download-manifest&url=@Url.Action("DownloadPlist", "Test", null, "https")">Plist</a>

链接到:

[RequireHttps]
public ActionResult DownloadPlist()
{
    return File(Url.Content("~/pathToPlist/file.plist"), "application/xml");
}

a href 中的链接最终是:

itms-services://?action=download-manifest&url=https://myapp/test/downloadplist

我可以使用最后一部分 https://myapp/test/downloadplist 并在我的浏览器中访问它，这会向我显示 XML 文件。但是，当我尝试使用 iPad 使用完整的 itms 链接安装它时，它说:

Cannot connect to myapp

我有一个自签名证书，由 IIS 管理器创建并通过电子邮件发送到我的 iPad。然后可以安装它，但它仍然显示 Not Trusted。我感觉这就是问题所在，但我不是 100% 确定。

Answer 1

如果您使用 IIS 创建证书，这是一个常见问题。问题是机器名与主机名不匹配。这也描述了in Section 3 of this article .

最好的解决方案是创建您自己的 CA。然后将 CA 的证书添加到 iOS 设备并使用您的 CA 签署您自己的证书。参见 Section 5 of this article , 复制如下。

创建您自己的证书颁发机构 (CA) 根目录

certificate and then create certificates based on it.Instead of paying a commercial CA to create SSL certificates on your behalf, you are acting as your own CA. The advantage is that your custom CA certificate only has to be installed once on each device. The devices will then automatically trust any certificates you issue based on your root CA certificate.

创建CA证书

First create a private key file:

openssl genrsa -out myCA.key 2048 Then create the certificate: openssl req -x509 -new -key myCA.key -out myCA.cer -days 730 -subj /CN="My Custom CA"

The certificate file (myCA.cer) created above can be publicly shared and installed on iOS or other OS’s to act like a built in trusted root CA.

The private key file (myCA.key) is only used when creating new SSL certificates.You can create as many certificates as you like based on this CA certificate.

创建 CSR(客户签名请求)

First you would create a private key:

openssl genrsa -out mycert1.key 2048 and then create the CSR: openssl req -new -out mycert1.req -key mycert1.key -subj /CN=www2.mysite.com

Then use the CSR to create the certificate:

openssl x509 -req -in mycert1.req -out mycert1.cer -CAkey myCA.key -CA myCA.cer -days 365 -CAcreateserial -CAserial serial

The certificate created (mycert.cer) can be installed on a web server and accessed from any iOS device that already has the CA certificate installed.