With the launch of iOS 7.1, Apple require all enterprise apps manifest files to be served over HTTPS. Attempts to install through HTTP cause the following message:
The actual page and app IPA don’t need to be served on SSL, it’s just the manifest file that links to it. Currently you’ll have something like this:
itms-services://?action=download-manifest&url=http://yourdomain.com/manifest.plistBut the manifest plist file needs to served over SSL:
itms-services://?action=download-manifest&url=https://yourdomain.com/manifest.plistYou can host the manifest plist file on Dropbox (which will serve it over SSL), but the easiest way is to add an SSL certificate onto your domain. More info over on this stackoverflow question.
“…the easiest way is to add an SSL certificate onto your domain…”
Umm, no. Dropbox may not be the ideal way, but it’s a lot easier than buying and setting up an SSL certificate for your domain.
Maybe easiest was the wrong choice of word. But keeping it all under the same domain instead of hosting it on Dropbox which causes the prompt to say “dl.dropboxcontent.com wants to install an app”, which isn’t ideal when sharing with clients or staff.
But sure, Dropbox is the easiest in terms of a quick fix.
Hi Ben,
I am having the same problems with our enterprise app. The link our developers have given me is:
http://[redaced].com/tenant_staging
and I have changed it to:
https://[redaced].com/tenant_staging
However it is not working. Really appreciate your suggestions.
Tim
Hi Tim,
I’ve removed the full urls to avoid them being publicly visible. The issue isn’t with the main URL being HTTPS but some of the HTML code in a link within the page. You’ll need your developers to update the webpage. I also noticed there isn’t a valid SSL certificate on your staging domain so you’ll need to get one installed or use Dropbox. Feel free to pass this post onto your developers 🙂
Excellent thanks Ben. Will pass onto our developers and see how we go.
Thanks for posting this up so promptly.
This breaks me because my little django runserver can’t handle SSL. Installing via iTunes still works of course, and if it gets too painful I’ll script it up to move the manifest to S3.
Thank you!
Help me a lot.
Hi all, I have a problem downloading the manifest after setting up SSL. I think the problem is that we have an internal network to access the distribution server and some firewall rules must be defined. I’ve read about ocsp.apple.com, and I think it can be the problem that causes the certificate error. What do you think about that?
What happens when you access the full URL for the manifest in mobile Safari? Does it throw any certificate errors?
It shows the information of the manifest. I’ve identified that, I don’t know why, the server certificate subject is blank and it can be another point of troubles, can’t it? I will ask them to expedit a new SSL certificate including the CN.
you saved the day. thanks. the dropbox trick was neat
itms-services://?action=download-manifest&url=https://yourdomain.com/manifest.plist
I used that https for a site but it didn’t let me download after
I don’t know why but mannal changes are works some times and some times not. But when you add https while creating the manifest file it works all the time.
I set up a free SSL certificate onto my site: https://ssl.xxcig.com
The manifest plist file is : https://ssl.xxcig.com/app.plist
Somehow, it doesn’t work, on iphone, it says ‘can not connect to ssl.xxcig.com’
Really appreciate your suggestions.
Thanks so much!!! The dropbox tip saved me some money!