ios 7.1 enterprise distribution server's certificates error - ios

Since I update to iOS 7.1 I had to start using a secure conexion to be able to download the plist file, I received the following:
Mar 21 09:08:36 xx-iPad itunesstored[98] <Warning>: Could not load download manifest with underlying error:
Error Domain=NSURLErrorDomain Code=-1202 "Cannot connect to the Store"
UserInfo=0x16ec5500 {NSLocalizedDescription=Cannot connect to the Store,
NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?,
NSLocalizedFailureReason=A secure connection could not be established. Please check your Date & Time settings.,
NSErrorFailingURLStringKey=https://mydomain/myappanme.plist,
NSUnderlyingError=0x16dd7fa0 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “mydomain.com” which could put your confidential information at risk.",
NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x16e04510>,
NSErrorFailingURLKey=https://anything/myappanme.plist}
My server it is configured like this:
We've got a wildcard certificate for *.mydomain.com. We moved it to a new server, and the certificate is valid for all browsers that we have tested. (IE, firefox, chrome, safari...). The certificate is the tipical CRT with a bundle/intermediate certificate from GoDaddy and the key. The https site loads without issues. Apache 2.4 and Linux Fedora 20.
The download to install the app is:
itms-services://?action=download-manifest&url=https://mydomain/resources/myappanme.plist
Posible duplicated questions (try them all)
-)The certificate for this server is invalid
-)iOS Enterprise OTA distribution Unable to Download Application
-)http://www.nefkens-ict.nl/enterprise-build-does-not-install/
Thanks in advance

Try the below link, which will help you solving this certificate problem
http://cases.azoft.com/how-to-fix-certificate-is-not-valid-error-on-ios-7/

No issue in sharing the .ipa or apk file, for quick round, you can use below link to share binary file's, using multiple recipients...
URL:
thebetafamily.com/supersend/

Related

iOS App Fails ATS system trust when https is enabled

I have an iOS App that I am compiling in Xcode 11.2.1. I am running MacOS Catalina 10.15.6.
My app consumes a Web Service that works fine when called unsecured over http.
I am now busy implementing security and we have bought a wildcard certificate from digicert and installed it on our API server. I have run the SSLLabs Server Security Test and the server gets an A-grading so all seems fine. We have updated the Android version of the app to use https instead of http and it is working fine. When I access the https endpoints from a browser it works fine and I don't get any security warnings or errors.
However, if I change from http to https and build and run the iOS App I get TLS errors. (I am calling the web service using URLSession and I am using Swift). I am putting a relevant section of the error log below to show the -9802 and -1200 errors I am getting.
ATS failed system trust
Connection 1: system TLS Trust evaluation failed(-9802)
Connection 1: TLS Trust encountered error 3:-9802
Connection 1: encountered error(3:-9802)
...
finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600001082b50>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
I found https://support.apple.com/en-us/HT210176 and I was wondering if it is perhaps an issue that the "Subject Alternative Name" in our cert is our wildcard domain "*.domain.com" whereas the url we are connecting to is "myapi.domain.com". Could that be the problem? What else could I be missing?
In case someone else stumbles upon this...we ended up adding the specific subdomain we're calling in the API from our app to the "Subject Alternative Names" field on the certificate. So instead of just having "*.mydomain.com" in the Subject Alternative Names, we included both "myapi.domain.com *.mydomain.com". After we deployed this certificate to the server and we again tried calling myapi.domain.com from our app, the error went away and everything worked. (For those worried that this requires the purchase of a new certificate...it doesn't. It's quite possible to get such a copy of your certificate without having to buy a different one. Just check the documentation of the certificate issuer you are using.)

Access Development server with self-signed SSL Certificate

My app needs to connect to an internal web server through https.
The server has a self-signed certificate that is valid until next year:
I have installed this certificate in the iOS Simulator and on the device (Certificate.cer):
I am watching the traffic with Charles and the request does not even "leave" my computer.
The problem seems to be due to the SSL Certificate because when I can access the server through the internal url and the port 8080 everything works fine.
I did try the hack with the category allowsAnyHTTPSCertificateForHost:. This did not work in the simulator as well as on the device.
There seems to be official API to do this: How to use NSURLConnection to connect with SSL for an untrusted cert?
However, since this is only my development environment I would prefer not to change my code base for now. Plus I am using a framework to parse my data and I might have to deeply interfere with that framework to get to the API described above.
So my question is, should it not be possible to install the certificate and then use the server as if there was an official SSL certificate.
Email the self-signed certificate to yourself then open it on your iPhone. You will be taken through the steps to install the certificate on your phone.

Can I use self-signed SSL certificate server to deploy Enterprise app over air?

After iOS 7.1 ,if we want to deploy our Enterprise app over air, the URL for the manifest.plist file has to be HTTPS.
For example:
itms-services://?action=download-manifest&url=https://example.com/manifest.plist
In my server I use a self-signed SSL certificate. When I tap the URL on an iPhone, it says Could not connect to <ip-address> and logs the typical
NSUnderlyingError=0x15d37040 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be `<ip-address>`, which could put your confidential information at risk.
So, I want to know whether I can use the self-signed SSL certificate or not?
If I can, how do I resolve the problem the problem I've encountered?
First have the user install the self-signed SSL certificate on their device. Or use a free verified SSL service.
You will need to have the user install this file https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file
I believe this service provides browser-validated SSL certificates. https://www.startssl.com/?app=1

APNS setup for the server

I'm trying to setup our APNS server. I was looking at the instructions on this page:
http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12
I'm understanding everything. Problem is that I have a website already SSL enables (SSL terminates at the load balancer) on AWS, following these instructions a while back:
"Public key certificate and private key doesn't match" when using Godaddy issued certificate
The website for APNS is telling me to get a CSR file, etc. But if I already have this SSL certification done, does it mean I have to start from scratch and re-key my key? :( I wasn't able to find information regarding this...
The APNS CSR has nothing to do with any certificates you already have.
You have to create certificates in the developer area of apples websites. You don't install those certificates to the web server... they are only used from the php script on your server to connect to the apple server as a client. Your script has to load them while they run.. but they are not installed in the web server or load balancer.

MDM: ssl issue for server url

I want to manage the iOS devices using Lion Server,I have purchased the Lion Server and installed in Mac system which has Lion OS 10.7.
I want to manage the devices with in our own network, I have not taken domain specific for MDM.
While creating cofig profile for MDM in IPCU,it needs the server url must begin with "https://".
So I am not able to install the MDM config profile in the iOS device, due to "htts".I tried to get ssl certificate for trial , but that is not available for private networks.
Is there any solution to resolve the issue with out purchasing ssl certificate or public domain.
Please correct me if I am doing something wrong and suggest the correct approach.
Self-signed ssl will work and while generating self-signed ssl certificate in server side,generate identity.p12 certificate and this certificate you need to use in identity section of IPCU.
And go through this also.
If you visit a page on the MDM web server with Safari and get the pop-up dialog warning about the identity of the server then you will need to install the SSL certificate on the device to allow the certificate to be trusted. This can be achieved by using iPCU or allowing the certificate from a web server.

Resources