iOS OTA enterprise/inhouse installation not working

We are facing an issue while deployment of our enterprise ios application. We are following the documentation from Apple link

Created an html with hyperlink to 'itms-services://?action=download-manifest&url='.

Hosted the html, ipa, manifest and png files in https location.

The following mime type is in the web server

.plist -> application/xml

.ipa -> application/octet-stream

I tried to download the plist file from my iOS browser. It is working fine.

When I trying to click on the link, I am getting an error “Cannot connect to <Server>”

The device log in the Xcode shows, the below log.

Jun 23 15:17:15 TOM-iPhone itunesstored[106] : Could not load download manifest with underlying error: Error Domain=SSErrorDomain Code=2 "Cannot connect to iTunes Store" UserInfo={NSLocalizedDescription=Cannot connect to iTunes Store}

When try the link in my iOS browser or it will display a login page with user name password and when user type user name and password it will navigate to the page. It is the problem? That means the .plist file should hosted in a page where itunes can access is directly?

Post not yet marked as solved Up vote post of shihabkb76 Down vote post of shihabkb76


Apple's server needs to be able to access either the plist or the ipa or both, but I can't remember for sure which it is now. You could test putting one or the other in a public location just to verifty which it is. It is a pain to make sure no-one outside your company can access the file(s). I ended up writing server-side code to inject a unique one-use token into the itms-services link (when the page displaying it is loaded, after the user logs in) and the url string in the plist (when the plist is requested). If a valid token is present on the request for the plist or the ipa, it doesn't prompt for a login. The token is deleted from a valid tokens table after the ipa is requested once using that token. The tokens also "expire" after a certian amount of time if they haven't been used. I based it on a suggestion in an SO post.

EDIT: Actually it may be the device itself, and not Apple's server, which needs access without a login prompt; either way it creates an issue.


the server must have a real https certificate (no automade certificate).

You can have a self signed certificate, but it must be trusted and installed on the device. Your issue is most likely an SSL issue of the certificates.

There are online tools that simplify this process of sharing, for example or

Create an ipa file from xcode with adhoc or inhouse profile, and upload this file on these site.

I prefer abbashare because save file on your dropbox and you can delete it whenever you want

Please do the setting described in the link below. It did resolve the issue for me. Also ensure your server is using TLS 1.2 for HTTPS.