Xcode Server CI builds fail to install with iOS 7.1

Question

We currently have our Xcode server set up for our CI build.

When trying to download the builds on a device i am greeted with 'Cannot connect to server.local' when visited over SSL.

When i try to download over http i am created with 'cannot install application because the certificate for server.local is not valid'

I believe this is to do with the the SSL validation for OTA downloads within iOS 7.1 however i am using a self assigned certificate.

Is this a bug or a limitation of Xcode server. Do we need a certificate that is not self assigned?

Thanks

Dan

Answer 1

Your best solution is to create a custom CA and install that on the device and then create a certificate for your specific domain and install that on the Xcode server.

First create a CA.

openssl genrsa -out Custom-CA.key 2048
openssl req -x509 -new -key Custom-CA.key -out Custom-CA.cer -days 730 -subj /CN="Company Name Certificate Authority"

Now you need to create a certificate signed with the above authority.

IMPORTANT: server.local should be replaced by whatever your host name of the machine is (the original question was using server.local). IP addresses will not work.

openssl genrsa -out xcode-server.key 2048
openssl req -new -out xcode-server.req -key xcode-server.key -subj /CN=server.local
openssl x509 -req -in xcode-server.req -out xcode-server.cer -CAkey Custom-CA.key -CA Custom-CA.cer -days 730 -CAcreateserial -CAserial xcode-server_serial.txt

You then need to install Custom-CA.cer on all devices you want to use with the server. The easiest way is to email the Custom-CA.cer to those devices.

In OS X server you need to import the Custom-CA.cer, xcode-server.key and xcode-server.cer and use the server.local certificate as the servers SSL certificate.

(Info from this guide)

E.g. If you machine host name was xcodeserver.companyname.com you would put /CN=xcodeserver.companyname.com

Answer 2

You are correct. In 7.1 OTA installs from xcode server need SSL validation. So, you can either get an SSL cert for your xcode server or do this workaround.

1. Go to your xcode server bots screen on a desktop browser.
2. Download the Product(.ipa) from the bot you want.
3. Open iTunes with your device connected.
4. Drag the .ipa file into iTunes.

You should be able to replace/install your build onto your device.

Not as easy as OTA builds, but it works.