3

I know that in general installation via HTTPS is working but somehow it doesn't in my Environment.

The itms-service link is HTTP as far as I understood:

itms-services://?action=download-manifest&url=http://' . $_SERVER['SERVER_NAME'] . $downloadLink

The links in the .plist are then HTTPS

<key>assets</key>
        <array>
            <dict>
                <key>kind</key>
                <string>software-package</string>
                <key>url</key>
                <string>https://app.ipa</string>
            </dict>
            <dict>
                <key>kind</key>
                <string>full-size-image</string>
                <key>needs-shine</key>
                <true/>
                <key>url</key>
                <string>https://image_512x512.png</string>
            </dict>
            <dict>
                <key>kind</key>
                <string>display-image</string>
                <key>needs-shine</key>
                <true/>
                <key>url</key>
                <string>https://image_57x57.png</string>
            </dict>
        </array>

But the app won't install. I always get the message "App could not be loaded"

All URL's are reachable with HTTP & HTTPS.

XCode shows the app log

unknown securityd[2331] : CFReadStream domain: 12 error: 8

What am I doing wrong here?

Thx

spankmaster79
  • 21,555
  • 10
  • 42
  • 73

2 Answers2

5

There's not a huge amount of information about how you've tried to solve this, so rather than actual answers I just have questions. If the answer to any of the questions is 'no' then should point you at the area your problem is in.

Is https://app.ipa the actual URL you're using in the .plist? If so I'd try with the full hostname & path in there.

Does the https site have a proper signed valid certificate that Safari on iOS accepts without any interaction with the user? If not try a proper certificate.

Do you see the .ipa file get downloaded from the server, if you check the server log file?

Have you tried installing the .ipa file using iTunes, does it get accepted?

JosephH
  • 37,173
  • 19
  • 130
  • 154
  • The download is fully functional via HTTP. The `https://app.ipa` is just an example. I do use the full domain name with https. Certificate shows green on desktop and downloads, on iPad with Safari Popup Message "File can't be downloaded" after entering login data for .htaccess protection. Install with iTunes workes just like it does over HTTP – spankmaster79 Jan 16 '12 at 17:03
  • Can you put a text file or something onto the https and verify that Safari on the ipad can load that file over https without any certificate errors or any other interaction with the user other than asking for the username/password? – JosephH Jan 16 '12 at 17:46
  • downloading a test.txt works fine. After entering username/password the text file is shown in Safari – spankmaster79 Jan 17 '12 at 08:29
  • _Do you see the .ipa file get downloaded from the server, if you check the server log file?_ I only see the .plist in the access.log and an app icon shows in the screen, tries to load and fails. Can't explain it.. – spankmaster79 Jan 17 '12 at 08:34
  • Is the https server logging to a different file? If there's really no log entry at all then try using a tool like wireshark on the server to see if it's even trying to contact the server. – JosephH Jan 17 '12 at 08:49
  • I also removed the .htaccess to see if a problem is there. Have you been succesfull using HTTPS with this installation process? – spankmaster79 Jan 17 '12 at 08:59
  • I used Charles to track the traffic and I can only see a complete request for the .plist _401 Authorization Required_ and a failed request for the CA .crt _unknown host_ could that be the problem? – spankmaster79 Jan 17 '12 at 09:09
4

The problem is that the Certificate Authority needs to be known by the iPad.

If you distribute Apps with HTTPS and the CA Server is your own, you need to install the certificate on the iPad. Otherwise iOS will try to download it.

You can install it sending it via email to your iPad or create a .pem File from the Keychain Access program and host it on your server for installation purposes. Then open it with Safari and iOS will ask you to accept it.

Then the installation works. But beware of using .htaccess as using HTTPS and HTTP together in the installation process seems to trigger the login/password for every request, which are 4 for images, .ipa and .plist, which is really annoying.

[EDIT] Please keep in mind that you need to refer to the .plist file only with HTTPS since Apple introduced iOS 7.1.

See here: Enterprise app deployment doesn't work on iOS 7.1

Community
  • 1
  • 1
spankmaster79
  • 21,555
  • 10
  • 42
  • 73
  • I don't understand what you mean by using .htaccess file. I am not using that file and I still get prompted for login/password 4 times. Can you please explain why that would happen? – Dinesh Reddy Parne May 14 '14 at 19:56
  • I failed to mention that authentication is required for the server where these files are hosted. – Dinesh Reddy Parne May 14 '14 at 20:12
  • You can use HTTP basic auth in .htaccess files on Apache. But the authentication can also be in the server config itself. Maybe the virtual host config is set to authenticate – spankmaster79 May 15 '14 at 09:18
  • I have a tomcat server with 4 end points serving up those files. These endpoints needs basic auth against a user database. It keeps asking the password again and again. I did not setup any sort of authentication in Apache site configuration. – Dinesh Reddy Parne May 15 '14 at 16:38
  • It asks up to 3 or 4 times for every file in your .plist. This would be the application .ipa, the icons for every size, in my cas 2 .png files. Makes 3 requests and 3 logins to enter. iOS sadly doesn't store login credentials. You could put an .htaccess file in the directory you serve your .plist from and put `Satisfy Any` in it :D – spankmaster79 May 16 '14 at 13:11