skip to Main Content

I’ve set up a local webserver running with a self-signed certificate (SSL).
I’ve also installed the certificate on my iOS 15.0 device and trusted it from the Device Settings. But when I load https://my-local-hostname/ which loads a download button with a link to the itms-services/.../manifest.plist, and click the download button, it shows "Unable to Install ***".
On the other hand, if I run ngrok to get a static domain with a cert signed by a trusted root CA, it works, which means that the manifest.plist configuration is correct.
Is there any way to make it work on localhost directly? Has anyone done this ever?

2

Answers


  1. Chosen as BEST ANSWER

    I finally figured it out..
    For those who are interested in the solution, here are the steps for making OTA work on your local machine with localhost.

    • Setup a webserver on your local machine (macOS has a built-in one)
    • Install minica using homebrew (for generating SSL certificates)
    • Make the website accessible through https://localhost (or https://{hostname}) (here is a nice article on how to do that)
    • Use minica to generate the certificates instead of making them on your own (simply skip the Generate a private key and certificate for your site step mentioned in the article, and use minica --domains {hostname} command which will generate the necessary certificates for you instantly. You can find the generated Root CA certificate with the key at ~/minica.pem and ~/minica-key.pem, and your domain's certificates at ~/{hostname}/(cert/key).pem, where {hostname} is the hostname of your local machine. If you're not sure what is your machine's hostname, just open the terminal and type hostname.
    • In the /etc/apache2/extra/httpd-ssl.conf specify SSLCertificateFile, SSLCertificateKeyFile and SSLCACertificateFile paths to /path/to/key.pem,/path/to/cert.pem and /path/to/minica.pem correspondingly.
    • Import minica.pem and cert.pem to the keychain and change to "Always trust".
    • Restart your webserver.
    • Send both minica.pem and cert.pem to the iPhone (using AirDrop or whatever), install the profile, and trust them both from the Certificate Trust Settings screen)

    That's basically it. Just use https://{hostname} instead of https://localhost everywhere in your HTML code and in manifest.plist file so that you can access the website's content from the mobile device in the same network.


  2. I did some releases on a private store, and it worked in a similar way.

    How it works :

    Generate the ipa for entreprise distribution (with the correct provisioning profiles)
    Upload the ipa wherever you want, if you need something beautiful, you could make an app that lists your IPA (your own private store) with information about it, and a link to download it (look below)
    Upload the .plist file and make it so the url in the url field is the .ipa that you uploaded on step 1.
    Create a basic HTML page with this line where you want it :
    Users can now click it and download 😉

    <a href="itms-services://?action=download-manifest&url=YOUR-UPLOADED-PLIST-FILE.plist">Click here ;-)</a>
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search