Unable to download in house agent on iOS 7.1 device
Downloading agent from a landing page within enterprise is not working.
Devices prior to iOS7.1 are able to download the agent with no errors.
Error on the device:
Cannot install applications because the certificate for <server name> is not valid.
Error in the device logs:
This error is caused by new change in Apple iOS7.1. The link for the manifest.plist needs to be over https protocol.
Changing the URL to HTTPS resoves the problem.
The link in the download page should be altered from:
<a href="itms-services://?action=download-manifest&url=http://linktoplist/Agent.plist">
to: <a href="itms-services://?action=download-manifest&url=https://linktoplist/Agent.plist">
There is no need to alter any links within the .plist file itself.
For full guide of how to build and publish In-House Agent for SMM please follow
Appendix 1. Sample HTML file
<html>
<body>
<h1>Agent Download</h1>
<a href="itms-services://?action=download-manifest&url=https://linktoplist/Agent.plist">
<img align=middle src="icon.png" /></a>
<font size=+2>Install In-House Agent</font>
<br>
</body>
</html>
Appendix 2.
If you are using an in-house agent this may cause additional issues with trying to use a CA that is not trusted by Apple.
Before iOS 7.1 there was a workaround to use a non-secure link to begin enrollment, then to install the CA as part of the agent for those who use SSL. See: How to enroll an iOS device to a Mobile Management Server when the SSL Certificate is not from a trusted root certificate authority: http://www.symantec.com/docs/HOWTO64245
Unfortunately with Apple’s new requirement it is no longer possible to access the new device to download the CA. The only way to enroll iOS 7.1 and later devices is to have a cert that Apple already trusts.
Here is the list of Apple's list of trusted certs from their site: http://support.apple.com/kb/ht5012
Applies To
SMM for SMP all versions
iOS 7.1 and higher