Can't install ipa generated by Xcode Server bot on the device - ios

I've got my Xcode server setup on a mac mini. Downloading the .ipa from https://pandora.local/xcode/ using Itunes works just fine.
I tried installing it directly from the phone from safari. It installs a certificate but when I click install it gives an error, saying that it can't connect to the server.

For the mention issue, I got solved by going into iphone settings -> general - > About - > Scroll to the bottom , Click on Certificate Trust Settings -> trun on for Xcode Server Root Certificate Authority. See screenshot.

had the exact same issue and it was a browser caching issue on Safari.
I went into Settings -> Safari -> Advanced -> Website Data, then left swiped on my Xcode server website to reveal the Delete button and clicked on it for just that website.
The next time I browsed to the Xcode server in Safari and attempted to install a build, I received the prompt to install the OTA certificate and when accepted done that I could install applications.

I tried the same, deleting the Website Data for my xcode server, but that did not actually work for me.
See my answer at Xcode bot install link request time out for an alternative solution.

you can get the answer offical description,
In iOS 10.3 and later, when you manually install a profile that contains a certificate payload, that certificate isn't automatically trusted for SSL.
You must manually turn on trust for SSL when you install a profile that is sent to you via email or downloaded from a website.
If you want to turn on SSL trust for that certificate, go to Settings > General > About > Certificate Trust Settings. Under "Enable full trust for root certificates," turn on trust for the certificate.
Apple recommends deploying certificates via Apple Configurator or Mobile Device Management (MDM). Certificate payloads installed with Configurator, MDM, or as part of an MDM enrollment profile are automatically trusted for SSL.

Related

iOS itms-service not working, not able to install the app via safari

I'm trying to install the iOS application via Safari.
When archiving the IPA file I have checked in Over Air installation and entered the right URL for ipa, 57x57, 512x512 images. Then created Manifest Plist file.
And I'm calling the Manifest file using the below URL
itms-services://?action=download-manifest&url=MANIFEST_SERVER_URL
While trying to open the link, It shows Open in iTunes correctly, but nothing happens for some time.
Then I get this alert "Cannot connect to URL".
Why is this happening? Is this because we are using self signed certificate in our server. If yes how to resolve it without buying the certificate.
You need a valid HTTPS cert to use this.
You can
get a free cert at letsencrypt.org
upload your app to DropBox or other file sharing service that provides an HTTPS URL
distribute build via distribution service like hockeyapp or TestFlight
I had the same issue on iOS 11 with a self-signed certificate. But it works fine on iOS 13.
After searching around, I finally got a workaround:
Go to Settings > General > About > Certificate Trust Settings. Under "Enable full trust for root certificates", turn on trust for the certificate.
Official document

iOS 11.3.1 doesn't connect to Apple Store if third-party certificate is deployed on the phone

I have iPhone device and need to test my application. However, current version of iOS does not allow to MITM the Apple Store. The rest of the user apps work fine if you follow Charles Proxy manual (install cert, add to the trusted list).
Did anyone encounter the issue before?
iOS does allow third party certs. You just have to explicitly trust them.
Open Settings -> General -> About -> Certificate Trust Settings and enable trust for the development certificate.
This is to ensure that nobody gets an MITM cert installed on accident.
We use this all the time with iOS 11.3 with mitmproxy

How to install root CA certificate from app on iOS and prompt user to trust?

I'm using the NEVPNManager to create a personal VPN for my iOS app which is working. Now I'm trying to install a root CA certificate that can be used by all apps. I understand the user will need to trust this certificate under General -> About - Certificate Trust Settings. I'm trying to automate as much of this process as possible. The two ways I've found to attempt to do this are either:
1) Open Safari with a URL to the root certificate hosted on a website and iOS will prompt the user to install the certificate as a profile.
2) Install the certificate pragmatically within the app.
Option #1 works, but after the user installs the certificate they are not take back to the app and still have to manually go in and trust the certificate in the Certificate Trust Settings.
With option #2 if SecItemAdd is used it is only added to the keychain for the sandbox for my app and not available to other apps. The only option I have seen to make if available to other apps it to increase it's trust level as shown here, but this seems to require an old open source library from Apple that I was not able to get to build.
So, what is the best option to accomplish installing the root certificate and prompting the user to make it trusted? If it is possible through #2, any ideas how I build and then incorporate that library into my app? If I'm left with #1, what is the best way to simplify the process for the user?
SecTrustSettingsSetTrustSettings and related symbols are private API and your app will be rejected by Apple on submission. Even if you manage to compile this open source, it will still export the private symbols, and your app will be rejected.
Instead, you should use the openURL: API and point to a .p12 file, either locally hosted (by using an in-app web server) or remote. The .p12 file should include the certificate chain.
This will open the Settings app and ask the user to install the certificate. Once the user installs, all applications on the device will trust it.

How to install self signed certificate in iOS 10

It appears that Apple has removed the ability to trust SSL certificates that are self-signed in iOS 10.
I created my own self-signed certificate and have a local web server that signed with my certificate. I must install my certificate in iOS for testing locally as I have developed an iOS application that needs to trust my certificate.
How can I install my self-signed certificate?
Good news, they haven't. If you just need this for development purposes, which it sounds like you do (and you shouldn't be using self-signed certificates in production anyway), you can install the self-signed certificate on your iOS devices manually. Following the equivalent FAQ for my iOS Web Bluetooth browser app:
Create your self-signed certificate and key files using openssl or however. Be sure it has the correct /CN “Common Name” for your local server, e.g. mycomputer.local.
Configure your webserver to use it (obviously) and check that it is working using a different client, such as a browser on a Mac.
Email your certificate to an email address you can access on your iOS device.
Tap on the attachment in Mail on your iOS device, this should now prompt you to install it. Do so.
You should now verify that it is installed by going to the Settings app then General -> Profile -> <Common Name>. The Profile menu probably won’t be there at all until you’ve installed the first certificate. The certificate should be marked Verified (it was verified by you when you installed it).
You might, like I did, have thought this would be enough. It isn’t. You now, really counter-intuitively, need to go to the setting General -> About -> Certificate Trust Settings and enable full trust for your certificate there as well. It’s such a weird place for that setting to be.
The installation of own root certificates changed at some point (maybe somebody can confirm, if it was at iOS 11).
What you need to do is with your Mac, get Apple Configurator 2 and create a profile containing your certificate. The resulting mobile profile file can be installed from Safari or email.

sending .ipa file via url to install

I have gone through dozens of articles, stackoverflow questions and sites, my only requirement is to send .ipa file through url where client could check it in safari and install.
does not want third party installation, I've got my own server
my server is not having ssl that means it can be sent only http not https. please dont ask me to have ssl.
could able to install in any ios device, udid is not added to enterprise certificate.
My problem is when I am keeping these 3 file that are a) index.html. b)manifest.plist. and c).ipa file in server and trying to install in device, I am getting an pop up message saying that "certificate is not valid." Please help.
Hope the link below helps you out.
http://readwrite.com/2010/12/16/apple-best-kept-secret-how-to-do-ad-hoc-installs
But i dont think Apple allows you to distribute using http. Https is a mandatory for the URL that the user uses to download. So until you get a https i dont see that issue being solved
Your own server should be fine. As long as your .plist and .ipa are both accessible on the network to which the iPhone is connected.
Unfortunately, starting with iOS 7.1, app installs must be accessible over SSL (https).
The only way to do this is with an enterprise distribution profile. You will need to have an enterprise account to do this, which will require a company's EIN. So you can't do this as an individual developer. (https://developer.apple.com/programs/enterprise/)
You are seeing the error because of the lack of a valid SSL certificate on your server. iOS is swapping your http:// link in your plist with https:// (see this post: https://stackoverflow.com/a/20276908/3708242), which as you said does not have ssl enabled.
Bottom line, you'll need to get a server with SSL to host the files. Also, if you don't want / can't manage the UDIDs for the devices, you will need to get yourself an enterprise account so you can create an enterprise distribution profile to use to build your app.
There are online tools that simplify this process of sharing, for example https://abbashare.com or https://diawi.com
Create an ipa file from xcode with adhoc or inhouse profile, and upload this file on these site.
I prefer abbashare because save file on your dropbox and you can delete it whenever you want

Resources