Enterprise Distribution Changes?

For several years a client has had an Enterprise code signing certificate from Apple and we’ve distributed the app via a website. The iOS device navigates to the URL and simply presses “Install App” and it downloads and installs the app on the iOS device.

However, this changed recently and it no longer works. I know Apple was cracking down on Enterprise certificates that were scams but everything on the Apple portal looks legit from my standpoint. Using Safari on the iOS device I either get no error message or rarely I’ll get a message that the certificate for the website is invalid (it doesn’t matter what website hosts the html file since two different host give the same error message).

Anyone have any idea for me to look at?

Most of my clients’ enterprise apps are sitting idle due to the economic shutdown. But I just tried to download and install them and all still can be downloaded and installed. So I don’t think it is anything on the Apple side, at least that applies to all Enterprise installs.

It was a few years ago that Enterprise downloads had to happen over HTTPS instead of HTTP, so that is not likely the problem. I think it may be as far back as iOS 7 or maybe iOS 6 – been too long to remember exactly when.

To debug, I would suggest trying to load the website page from a non-iOS browser and make sure that webpage has no browser issues. Then for one of the app install links – which point to a *.plist file – try downloading that *.plist file in another browser or something like PAW or Postman. If that still works, look in the *.plist for the actual link to the *.ipa file, and try it from PAW or Postman – or even a desktop browser.

If any of those fail, resolve those issues first and try the iOS install again.

If you get to where the *.plist is accessible via HTTPS, and the link to the *.ipa in the plist is accessible to a browser, then the next place to look is the Enterprise certificate itself. But in my experience, if you can get that far in the browser, the iOS should device should not be silently failing. It should put up a dialog saying it can’t be installed.

If you want to PM with the link to examine and try myself, feel free to do so.

Just to clarify. The webpage install link is probably along the lines of:


What you want to make sure is the url to the *.plist (which should be https://…) can be downloaded from a browser. Don’t try a non-iOS browser download of the itms-services:// portion. Then look in that *.plist and there should be a dictionary for key “url”, and you want to take it’s string value (which should be https://… .ipa) and make sure that file is downloadable.

In iOS, a web link which is itms-services:// instead of https:// is processed by iOS instead of loading a webpage, in this case to download and install a program.

If the install link does not have an action like <a href=“itms-services://?action=download-manifest&url=https://…plist”? then post or PM me with what it does (you can redact part of the actual website and path to the plist).

Just for the sake of future forum searches, the problem here was not related to the Enterprise certificate. It was the host server not correctly finding the *.ipa named in the *.plist for the installer. So this was unrelated to either Xojo or Apple certificates.

The host server is outside of my (and apparently my clients) control. So the client decided that AppBox https://docs.getappbox.com is ‘good enough’ for now. They don’t have a lot of iOS devices and the AppBox setup is pretty easy and it worked for the app.

Thanks Douglass for his help. Definitely not an Apple or Website certificate issue.

Glad to hear you got it resolved. Sorry I didn’t respond and tell you mine worked fine with newly created version.