iOS Enterprise App Error – “Cannot install applications because the certificate is not valid”

With the launch of iOS 7.1, Apple require all enterprise apps manifest files to be served over HTTPS. Attempts to install through HTTP cause the following message:

cannot install applications because the certificate is not valid

The actual page and app IPA don't need to be served on SSL, it's just the manifest file that links to it. Currently you'll have something like this:

itms-services://?action=download-manifest&url=http://yourdomain.com/manifest.plist

But the manifest plist file needs to served over SSL:

itms-services://?action=download-manifest&url=https://yourdomain.com/manifest.plist

You can host the manifest plist file on Dropbox (which will serve it over SSL), but the easiest way is to add an SSL certificate onto your domain. More info over on this stackoverflow question.

11 thoughts on “iOS Enterprise App Error – “Cannot install applications because the certificate is not valid”

  1. “…the easiest way is to add an SSL certificate onto your domain…”

    Umm, no. Dropbox may not be the ideal way, but it’s a lot easier than buying and setting up an SSL certificate for your domain.

    • Maybe easiest was the wrong choice of word. But keeping it all under the same domain instead of hosting it on Dropbox which causes the prompt to say “dl.dropboxcontent.com wants to install an app”, which isn’t ideal when sharing with clients or staff.

      But sure, Dropbox is the easiest in terms of a quick fix.

    • Hi Tim,

      I’ve removed the full urls to avoid them being publicly visible. The issue isn’t with the main URL being HTTPS but some of the HTML code in a link within the page. You’ll need your developers to update the webpage. I also noticed there isn’t a valid SSL certificate on your staging domain so you’ll need to get one installed or use Dropbox. Feel free to pass this post onto your developers :)

  2. Thanks for posting this up so promptly.

    This breaks me because my little django runserver can’t handle SSL. Installing via iTunes still works of course, and if it gets too painful I’ll script it up to move the manifest to S3.

  3. Hi all, I have a problem downloading the manifest after setting up SSL. I think the problem is that we have an internal network to access the distribution server and some firewall rules must be defined. I’ve read about ocsp.apple.com, and I think it can be the problem that causes the certificate error. What do you think about that?

      • It shows the information of the manifest. I’ve identified that, I don’t know why, the server certificate subject is blank and it can be another point of troubles, can’t it? I will ask them to expedit a new SSL certificate including the CN.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>