Getting "Cannot install applications because the certificate is not valid" error on iOS 7.1

Asked 24/3, 2014 at 4:33 Answered 22/4, 2014 at 9:25

I'm getting the above mention error when my client update their device to iOS 7.1, and then try to update our app from the AppCenter.

After some searching, i found a post with a similar problem here. But then since i'm in an environment where by the client is using AppCenter to update the apps, i can't be using USB to plugin and install the app for them.

Is there any workaround for downloads via AppCenter until a support is released?

Francesco answered 24/3, 2014 at 4:33 Comment(0)

A change was introduced to iOS as of iOS 7.1 that requires OTA application installation to take place over HTTPS (rather than HTTP), and no provision exists to allow the user to continue to accept the old behavior (i.e., to permit application installation over HTTP). It is my understanding that this was done as a security enhancement.

In order to do application installations on iOS 7.1 from Application Center, you would need to configure your Application Center to use HTTPS rather than HTTP, using a certificate that will be accepted as valid by your iOS device - that is, either issued by a recognized public CA, or issued by a private CA that you have set up your mobile devices to accept. You can find more information about how to perform this configuration here:

http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/topic/com.ibm.worklight.installconfig.doc/appcenter/c_ac_ssl_config.html

Adjectival answered 25/3, 2014 at 17:22 Comment(4)

Thanks for the info. However i notice that there's this line Self-signed certificates do not work with the Application Center. in the document, which means that i won't be able to use self-sign certificate for AppCenter right? – Francesco 26/3, 2014 at 2:51

The documentation is slightly unclear on this point. The actual requirement is that you use a certificate that is both valid (e.g., hostname is correct, is not expired, etc.), and that is signed by a signer that is accepted by your mobile device as a valid certificate authority. If you're deploying an enterprise app and you have an internal private CA, and your mobile devices are set up to accept that CA, you can use a certificate issued by that CA. If you really want to use a self-signed certificate, and you set up your mobile device to accept it (not a very good practice of course...). – Adjectival 26/3, 2014 at 20:16

There are some hints about the underlying reasons for that requirement towards the end of the documentation page where your quote above comes from. In summary, it's because when the device (at least on certain platforms) sees a certificate that's invalid or signed by an unknown CA during an app download, it simply rejects it and the app download and installation fails. Different than when a browser sees such a certificate, where it pops up a warning message and asks what want to do. We've opened an internal work item to clarify this in the documentation. – Adjectival 26/3, 2014 at 20:21

Thx for the info ! on iOS6 it work without HTTPS but not on iOS7.1 – Sailfish 3/7, 2014 at 17:32

I would add some details. (Just work out this question)

We use self developed app center for our customers, to distribute demo/report apps.

You need SSL certificate. (see the post above) You can buy any kind of public certificate . In some cases you can use self signed certificate previously installed on iOS device by Apple Configurator.
It seems that you don’t have to use https everywhere. Secure URL (https) must have a link to .plist only. The app center web site url and package .ipa url can still be under http.

… and shame on Apple that invents new ways to make developer life hard.

Bock answered 22/4, 2014 at 9:25 Comment(1)

Gosh, when can developers abandon Apple? Can't wait for that day – Timely 6/11, 2017 at 1:58

Recommended topics

Hot tags