Search code examples
iosiissslhttpsplist

Cannot deploy apps on iOS 7 in IIS 7

I have an IIS running that has a page, which has a link:

<a href="itms-services://?action=download-manifest&[email protected]("DownloadPlist", "Test", null, "https")">Plist</a>

That links to:

[RequireHttps]
public ActionResult DownloadPlist()
{
    return File(Url.Content("~/pathToPlist/file.plist"), "application/xml");
}

The link in the a href is utlimately:

itms-services://?action=download-manifest&url=https://myapp/test/downloadplist

I can take the last part https://myapp/test/downloadplist and access it in my browser, which presents me with the XML file. However when I try to install it using an iPad using the full itms link, it says:

Cannot connect to myapp

I have a self-signed certificate, created by IIS Manager and sent to my iPad through E-Mail. It can then be installed but it still says Not Trusted. I have a feeling that this is the problem but I am not 100% sure.

Solution

  • This is common problem if you create the certificate with IIS. The problem is that the machine name does not match the host name. This is also described in Section 3 of this article.

    The best solution is to create your own CA. Then add the CA's certificate to the iOS device and sign your own certificate with your CA. See Section 5 of this article, copied below.

    Create your own Certificate Authority (CA) root

    certificate and then create certificates based on it.Instead of paying a commercial CA to create SSL certificates on your behalf, you are acting as your own CA. The advantage is that your custom CA certificate only has to be installed once on each device. The devices will then automatically trust any certificates you issue based on your root CA certificate.

    Creating the CA certificate

    First create a private key file:

    openssl genrsa -out myCA.key 2048 Then create the certificate: openssl req -x509 -new -key myCA.key -out myCA.cer -days 730 -subj /CN="My Custom CA"

    The certificate file (myCA.cer) created above can be publicly shared and installed on iOS or other OS’s to act like a built in trusted root CA.

    The private key file (myCA.key) is only used when creating new SSL certificates.You can create as many certificates as you like based on this CA certificate.

    Create a CSR (Client Signing Request)

    First you would create a private key:

    openssl genrsa -out mycert1.key 2048 and then create the CSR: openssl req -new -out mycert1.req -key mycert1.key -subj /CN=www2.mysite.com

    Then use the CSR to create the certificate:

    openssl x509 -req -in mycert1.req -out mycert1.cer -CAkey myCA.key -CA myCA.cer -days 365 -CAcreateserial -CAserial serial

    The certificate created (mycert.cer) can be installed on a web server and accessed from any iOS device that already has the CA certificate installed.