iOS Enterprise Deployement: Clicking on itms-services link results in "Cannot connect to [domain]" error

Question

In an effort to deploy an enterprise iOS app, I've created the following link:

Unencoded version (for easy reading):

<a href="itms-services://?action=download-manifest&url=https://example.com/api/distribution/ios?token=abc123">Download</a>

Encoded version:

<a href="itms-services://?action=download-manifest&url=https%3A%2F%2Fexample.com%2Fapi%2Fdistribution%2Fios%3Ftoken%3Dabc123">Download</a>

The link is properly encoded, as discussed here and here.

Assuming the user's token is valid, a .plist file is returned via SSL, as discussed here. The URL of the .ipa file referenced in the .plist file is generated on the fly. Here is what the .plist file looks like:

<plist version="1.0">
<dict>
    <key>items</key>
    <array>
        <dict>
            <key>assets</key>
            <array>
                <dict>
                    <key>kind</key>
                    <string>software-package</string>
                    <key>url</key>
                    <string>TEMP_URL</string>
                </dict>
            </array>
            <key>metadata</key>
            <dict>
                <key>bundle-identifier</key>
                <string>org.cocos2d.ready-ios</string>
                <key>bundle-version</key>
                <string>0.0.1</string>
                <key>kind</key>
                <string>software</string>
                <key>title</key>
                <string>Ready</string>
            </dict>
        </dict>
    </array>
</dict>
</plist>

As far as I can tell, our GoDaddy SSL certificate appears to be on the trusted list.

However, despite all of the above, after tapping the link and waiting a moment, I receive the following error:

Cannot connect to [domain]

This is the iPhone console output after tapping the link:

Aug 29 07:30:56 My-iPhone wifid[15] <Notice>: WiFi:[431015456.799163]: Client itunesstored set type to background application
Aug 29 07:30:56 My-iPhone wifid[15] <Notice>: WiFi:[431015456.804319]: BG Application: Not Present, BG Daemon: Present. Daemons: apsd networkd itunesstored 
Aug 29 07:30:56 My-iPhone wifid[15] <Notice>: WiFi:[431015456.806066]: Already connected to [Company Name].
Aug 29 07:30:58 My-iPhone itunesstored[100] <Warning>: Could not load download manifest with underlying error: Error Domain=SSErrorDomain Code=2 "Cannot connect to iTunes Store" UserInfo=0x15788270 {NSLocalizedDescription=Cannot connect to iTunes Store}
Aug 29 07:31:03 My-iPhone wifid[15] <Notice>: WiFi:[431015463.925398]: Client itunesstored set type to normal application
Aug 29 07:31:03 My-iPhone wifid[15] <Notice>: WiFi:[431015463.928745]: BG Application: Not Present, BG Daemon: Present. Daemons: apsd networkd 

Any ideas?

Answer 1

I had this problem and none of the documented solutions here, or in other answers, worked for me. Using a correct SSL certificate, it was possible to load the plist in safari, on the target device with no problems. However, attempting to install using the "itms-services://..." link would always fail with the "Cannot connect to [domain]" error.

The problem was the intermediate SSL certificate was not configured on the web server. Web browsers had no problem with this, SSL was valid, but connecting the device to a Mac, and viewing the log through the devices panel in XCode showed the below error:

iPhone itunesstored[83] <Warning>: Could not load download manifest with underlying error: Error Domain=NSURLErrorDomain Code=-1202 "Cannot connect to the Store".... "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “[mydomain]”, which could put your confidential information at risk."

Installing the intermediate SSL certificate on Apache solved this issue.

Answer 2

I had a problem like this for a while and it was driving me crazy. I was getting the popup "Cannot connect to [domain]" and I saw the same error in the log "Cannot connect to iTunes Store."

The original problem was that I had a missing ">" in my .plist xml file.

But I fixed the missing ">" and it worked on another ipad. So, it should have worked on the original ipad, right? Well, no, because the bad plist with the typo must have still been in the cache of that ipad.

So, the fix is to either rename the .plist file, or shut down and "re-boot" the ipad, or find some other way of clearing your ipad's cache of the bad plist file.