App Over-The-Air Installation with HTTPS not working

Question

I know that in general installation via HTTPS is working but somehow it doesn't in my Environment.

The itms-service link is HTTP as far as I understood:

itms-services://?action=download-manifest&url=http://' . $_SERVER['SERVER_NAME'] . $downloadLink

The links in the .plist are then HTTPS

<key>assets</key>
        <array>
            <dict>
                <key>kind</key>
                <string>software-package</string>
                <key>url</key>
                <string>https://app.ipa</string>
            </dict>
            <dict>
                <key>kind</key>
                <string>full-size-image</string>
                <key>needs-shine</key>
                <true/>
                <key>url</key>
                <string>https://image_512x512.png</string>
            </dict>
            <dict>
                <key>kind</key>
                <string>display-image</string>
                <key>needs-shine</key>
                <true/>
                <key>url</key>
                <string>https://image_57x57.png</string>
            </dict>
        </array>

But the app won't install. I always get the message "App could not be loaded"

All URL's are reachable with HTTP & HTTPS.

XCode shows the app log

unknown securityd[2331] : CFReadStream domain: 12 error: 8

What am I doing wrong here?

Thx

Answer 1

The problem is that the Certificate Authority needs to be known by the iPad.

If you distribute Apps with HTTPS and the CA Server is your own, you need to install the certificate on the iPad. Otherwise iOS will try to download it.

You can install it sending it via email to your iPad or create a .pem File from the Keychain Access program and host it on your server for installation purposes. Then open it with Safari and iOS will ask you to accept it.

Then the installation works. But beware of using .htaccess as using HTTPS and HTTP together in the installation process seems to trigger the login/password for every request, which are 4 for images, .ipa and .plist, which is really annoying.

[EDIT] Please keep in mind that you need to refer to the .plist file only with HTTPS since Apple introduced iOS 7.1.

See here: Enterprise app deployment doesn't work on iOS 7.1

Answer 2

There's not a huge amount of information about how you've tried to solve this, so rather than actual answers I just have questions. If the answer to any of the questions is 'no' then should point you at the area your problem is in.

Is https://app.ipa the actual URL you're using in the .plist? If so I'd try with the full hostname & path in there.

Does the https site have a proper signed valid certificate that Safari on iOS accepts without any interaction with the user? If not try a proper certificate.

Do you see the .ipa file get downloaded from the server, if you check the server log file?

Have you tried installing the .ipa file using iTunes, does it get accepted?