Enterprise app deployment doesn t work on iOS 7 1

Question

We distribute apps via an Enterprise account  using an itms-services    URL  This has always worked fine  but after installing the iOS 7 1 beta on our iPad it refuses to install  Instead we just get the generic Cannot connect to example com message that iOS unhelpfully displays when there is any sort of problem downloading the app   I ve been unable to find anything here on SO  on Google or in the 7 1 release notes to suggest what could be causing the problem

User · Answer

If you happen to have AWS S3 that works like a charm also. Well. Relatively speaking :-)

Create a bucket for your ad hocs in AWS, add an index file (it can just be a blank index.html file) then using a client that can connect to S3 like CyberDuck or Coda (I used Coda - where you'd select Add Site to get a connection window) then set the connections like the attached:

Then build your enterprise ad hoc in XCode and make sure you use https://s3.amazonaws.com/your-bucket-name/your-ad-hoc-folder/your-app.ipa as the Application URL, and upload it to your new S3 bucket directory.

Your itms link should match, i.e. itms-services://?action=download-manifest&url=https://s3.amazonaws.com/your-bucket-name/your-ad-hoc-folder/your-app.plist

And voilá.

This is only for generic AWS URLs - I haven't tried with custom URLs on AWS so you might have to do a few things differently.

I was determined to try to make James Webster's solution above work, but I couldn't get it to work with Plesk.

User · Answer

It is true  going forward you are expected to do all OTA deployments over https going forward with iOS7 1  Shame on Apple for not documenting this   For those of you that are looking for a better in-house solution than relying on dropbox or having to fork out cash for a certificate you can have a solution if you follow the steps outlined in tip  5 here  http   blog httpwatch com 2013 12 12 five-tips-for-using-self-signed-ssl-certificates-with-ios   The gist of it is this    Create your own CA Authority certificate that you can install on the device that is fully trusted  I installed by simply emailing it  Create the key cer pair against the root certificate and install it on your server Make sure your webserver utilizes the key cer pair that matches the CA Authority root certificate At this point you should be able to install your apps as usual over https All of this can be accomplished on OSX using openssl which is already installed by default   This is not the same as just doing a self-signed certificate  in this solution you are also acting as your own private Certificate Authority  If your root certificate that is installed on your Apple device is not marked as Trusted  green  then something is wrong   Do it over   This absolutely works   Update  3 13 2014 - I have provided a small command line utility that simplifies this entire process  You can get it at  https   github com deckarep EasyCert releases

User · Answer

The universal solution is to connect your device to Mac and to observe what s going on during installation  I got an error      Could not load download manifest with underlying error  Error   Domain NSURLErrorDomain Code -1202  Cannot connect to the Store    UserInfo 0x146635d0  NSLocalizedDescription Cannot connect to the   Store  NSLocalizedRecoverySuggestion Would you like to connect to the   server anyway   NSLocalizedFailureReason A secure connection could not   be established   Please check your Date  amp  Time settings     NSErrorFailingURLStringKey https   myserver com app manifest plist    NSUnderlyingError 0x14678880  The certificate for this server is   invalid  You might be connecting to a server that is pretending to be      myserver com    which could put your confidential information at   risk    NSURLErrorFailingURLPeerTrustErrorKey     NSErrorFailingURLKey https   myserver com app manifest plist    There was even the suggestion in that error to check date settings  For some reason the date was 1 January 1970  Setting correct date solved the problem

User · Answer

Our team uses dropbox for ad-hoc distribution which uses https but still our app was failing to install  After much trouble-shooting we realized that the title field is required too  Whenever we sent out a link without this field safari ignored the link and did not prompt the user to install  Sometimes for quick development tests we skipped over the title node in the xml and not populate it  In case this is helpful for anyone having this issue make sure that your  plist contains the following nodes populated                    lt string gt software lt  string gt       lt key gt title lt  key gt        lt string gt Your App Name lt  string gt

User · Answer

As an alternative to using Dropbox for enterprise distribution you can use TestFlight for the distribution of enterprise signed apps   https   www testflightapp com   This is a fantastic service for the hosting and distribution of both ad-hoc development builds AND enterprise builds

User · Answer

Apter tried to change itms-services    action download-manifest amp url http        to itms-services    action download-manifest amp url https         It also cannot worked  The alert is cannot connect to my domain  I find out that also need update the webpage too   The issue isn   t with the main URL being HTTPS but some of the HTML code in a link within the page  You   ll need your developers to update the webpage  I also noticed there isn   t a valid SSL certificate on your staging domain so you   ll need to get one installed or use Dropbox and here is the link maybe helpful for you

User · Answer

Further the previous answers about Dropbox  I implemented the following files tree such as only the PLIST file has to be uploaded to Dropbox    upload the ipa file to your server in http  no change here  upload the provisioning   mobileprovision  file to your server in http  no change here  upload the plist file to your dropbox  no change to do inside the plist file as the URLs are in absolute  use the option  Share the link with Dropbox  which copies the link to your clipboard  This link has to be copied into your html file into the itms-servivces URL s query after changing the part www dropbox com by dl dropboxusercontent com  Note I URL encoded the link as suggested by  Mike but I don t test without to do it  Now the itms-services URL s query should look like this  itms-services    action download-manifest amp url https 3A 2F 2Fdl dropboxusercontent com 2Fs 2FYourShortDropboxLink plist upload the html file to your server in http  Note the html file contains both links to ipa and provisioning files  access to your html file from your device and now the ipa can be installed by OTA like usually    From now  only the ipa file has to be changed to provide next app versions by OTA to your beta testers  Until Apple is yet changing the security rules   I join here after the very simple HTML file I m using    lt  DOCTYPE HTML PUBLIC  -  W3C  DTD HTML 4 01 Transitional  EN       http   www w3 org TR html4 loose dtd  gt   lt html gt   lt head gt   lt title gt iPhone app for test lt  title gt   lt  head gt   lt body gt   lt h1 gt iPhone app for test lt  h1 gt   lt br  gt   lt ul gt       lt li gt  lt a href  http   www yourdomain com with directories provision v last yourprovision adhoc mobileprovision  gt              Install Provisioning File lt  a gt  lt  li gt       lt li gt  lt a href  itms-services    action download-manifest amp url https 3A 2F 2Fdl dropboxusercontent com 2Fs 2FYourShortDropboxLink plist  gt              Install Application lt  a gt  lt  li gt   lt  ul gt   lt  body gt   lt  html gt

User · Answer

I found the issue by connecting the iPad to the computer and viewing the console through the XCode Organizer while trying to install the app  The error turns out to be      Could not load non-https manifest URL  http   example com manifest plist   Turns out that in iOS 7 1  the URL for the manifest plist file has to be HTTPS  where we were using HTTP  Changing the URL to HTTPS resolved the problem   I e   itms-services    action download-manifest amp url http   example com manifest plist   becomes  itms-services    action download-manifest amp url https   example com manifest plist   I would assume you have to have a valid SSL certificate for the domain in question  We already did but I d imagine you ll have issues without it

User · Answer

I had same trouble and did as mentioned above    Put the plist in dropbox  Over the download file button  below an image of the document with mouse right button select the copy link action  This link is already something like https   dl dropboxusercontent com s xyz123 app plist stuff stuff with many params  Remove the parameters  kept only address between https and  plist  Browse for url encode online  selected one of those links  copy  paste  execute  then the resulting text copied and pasted into the html where I have the itms-services link  By the way I have this html in two different locations  one of those is where the ipa is located  Make sure the plist includes absolute references to the ipa file    Both pages worked successfully for installing the app in iphones with ios 7 1  But  now iphones with ios 7 0x can t install the app   I created a new question  upgraded adhoc app deployment doesnt work on ios previous to 7 1  Both issues are tightly related  and also bonded by the lack of official references

User · Answer

After reading this post I had still a problem with downloading my app  Problem was because of self signed SSL certificate   I ve found a solution for this problem  You need to upload your certificate file with extension   crt  on the web and type address of it in your mobile safari  System ask you about adding your certificate to the list of trusted certificates  After this operation you will be able to install your ad-hoc app

User · Answer

ingconti is right    Upload your app plist to dropbox  Get shared link of app plist  like https   www dropbox com s qgknrfngaxazm38 app plist replace www dropbox com with dl dropboxusercontent com in the link  like https   dl dropboxusercontent com s qgknrfngaxazm38 app plist Remove any parameters on the dropbox shareable link such as   dl 0t   as per Carlos Aguirre Tradeco at Enterprise app deployment doesn  39 t work on iOS 7 1 and my own experience   Create a download html file with a link formatted as  lt a href  itms-services    action download-manifest amp url https   dl dropboxusercontent com s qgknrfngaxazm38 app plist  gt INSTALL   lt  a gt  Upload your download html to dropbox Again  get a shared link of download html  like https   www dropbox com s gnoctp7n9g0l3hx download html  and remove any parameters  Replace www dropbox com with dl dropboxusercontent com in the second link as well  like https   dl dropboxusercontent com s gnoctp7n9g0l3hx download html   Now  visit https   dl dropboxusercontent com s gnoctp7n9g0l3hx download html in your device  you can install the app like before   WHAT A WONDERFUL WORLD

User · Answer

Some nice guy handled the issue by using the Class 1 StartSSL certificate and shared Apache config that adds certificate support  will work with any certificate  and code for changing links in existing   plist files automatically  Too long to copy  so here is the link  http   cases azoft com how-to-fix-certificate-is-not-valid-error-on-ios-7

User · Answer

I had the same problem and although I was already using an SSL server  simply changing the links to https wasn t working as there was an underlying problem    Click here for image  That highlighted bit told me that we should be given the option to trust the certificate  but since this is the app store  working through Safari that recovery suggestion just isn t presented     I wasn t happy with the existing solutions because    Some options require dependance on a third party  Dropbox  We weren t willing to pay for an SSL certificate   Free SSL certificates are only a temporary solution     I finally found a solution by creating a Self Signed Root Certificate Authority and generating our server s SSL certificate using this    I used Keychain Access and OSX Server  but there are other valid solutions to each step    Creating a Certificate Authority  From what I gather  certificate authorities are used to verify that certificates are genuine  Since we re about to create one ourselves  it s not exactly secure  but it means that you can trust all certificates from a given authority  A list of these authorities is usually included by default in your browsers as these are actually trusted   GeoTrust Global CA  Verisign etc    Open Keychain and use the certificate assistant to create an authority        Fill in your Certificate Authority Information      I don t know if it s necessary  but I made the authority trusted        Generating a Certificate Signing Request  In our case  certificate signing requests are generated by the server admin  Simply it s a file that asks  Can I have a certificate with this information for my site please     Next you ll have to create your Certificate Signing Request  I used OSX Server s Certificates manager for this bit       Fill in your certificate information  Must contain only ascii chars   thanks  Jasper Blues       Save the generate CSR somewhere       Creating the Certificate  Acting as the certificate authority again  it s up to you to decide if the person who sent you the CSR is genuine and they re not pretending to be somebody else  Real authorities have their own ways of doing this  but since you are hopefully quite sure that you are you  your verification should be quite certain      Go back to Keychain Access and open the  Create A Certificate    option as shown       Drag in your saved CSR to the box indicated      Click the  Let me override defaults for this request button       I like to increase the validity period       For some reason  we have to fill in some information again      Click continue on this screen      MAKE SURE YOU CLICK SSL SERVER AUTHENTICATION  this one caused me some headaches       You can click continue through the rest of the options  The Mail app will open giving you the chance to send the certificate  Instead of emailing  right click it and save it        Installing the Certificate  We now need to set up the server to use the certificate we just created for it s SSL traffic    If the device your working on is your server  you might find the certificate is already installed       If not though  double click the Pending certificate and drag the PEM file that we just saved from the email into the space indicated   Alternatively  you can export your PEM from keychain if you didn t save it        Update your server to use this new certificate  If you find that the new certificate won t  stick  and keeps reverting  go back to the bit in BOLD ITALIC CAPS       Setting Up Devices  Each device you need to install apps on will need to have a copy of this certificate authority so that they know they can trust SSL certificates from that authority   Go back to Keychain Access and export your certificate authority as a  cer      I then put this file on my server with my OTA apps  users can click this link and download the authority certificate  Emailing the certificate directly to users is also a valid option       Install the certificate on your device        Test   Make sure your plist links are https   Try and install an app  It should now work  The certificate authority is trusted and the SSL certificate came from that authority

User · Answer

I can confirm it works  But You have to put html AND plist on dropbox  It works also for non-enterprise OTA  i e  You want to share app with your dev  team   I did   a  on my site I made a page with this link       href  https   dl dropboxusercontent com u   your DB id  ipa html  MyApp   b  on DropBox I wrote another HTML page         https   dl dropboxusercontent com u  your DB id  MyApp plist       Tap to Install MyApp  c  moved plist on DropBox but leaving it to POINT to my old server  no https

User · Answer

Open up terminal and run the command  curl -i https       ipa file path not plist   This will tell you whether or not the installer can see the IPA file   If you run the curl command with the  -i  you ll see the full response and it s probably not the IPA file  This is the response the installer sees  so if it s not returning HTTP 200 and an IPA you ll need to return it on your end   The ITMS installer doesn t save any context from Safari   If you authenticated into a secure portal in Safari  the authentication cookies aren t pass to the the installer   i e  The installer needs to be able to see the app without authentication and this could be the reason you are getting  Cannot connect to server

User · Answer

Further to the Mark Parnell s answer  a quick-and-dirty way of getting around this is to put the manifest plist into Dropbox  and then using the Dropbox web interface to get a direct https link to it   Share link  -   Get link  -   Download     The actual ipa can remain wherever you always served it from  You ll need to URL-encode the plist s URL before inserting it into the itms-servivces URL s query  although just replacing any  amp s with  3D might work    One downside is that the install dialog will now read  dl dropbox com wants to install  whatever

[ios] Enterprise app deployment doesn't work on iOS 7.1

Examples related to ios

Examples related to deployment