I found the issue by connecting the iPad to the computer and viewing the console through the XCode Organizer while trying to install the app. The error turns out to be:

我通过将 iPad 连接到计算机并在尝试安装应用程序时通过 XCode Organizer 查看控制台来发现问题。错误结果是：

Could not load non-https manifest URL: http://example.com/manifest.plist

无法加载非 https 清单 URL：http: //example.com/manifest.plist

Turns out that in iOS 7.1, the URL for the manifest.plistfile has to be HTTPS, where we were using HTTP. Changing the URL to HTTPS resolved the problem.

事实证明，在 iOS 7.1 中，manifest.plist文件的 URL必须是 HTTPS，我们使用的是 HTTP。将 URL 更改为 HTTPS 解决了问题。

I.e.

IE

itms-services://?action=download-manifest&url=http://example.com/manifest.plist

becomes

变成

itms-services://?action=download-manifest&url=https://example.com/manifest.plist

I would assume you have to have a valid SSL certificate for the domain in question. We already did but I'd imagine you'll have issues without it.

我假设您必须拥有相关域的有效 SSL 证书。我们已经这样做了，但我想如果没有它，您会遇到问题。

ingconti is right.

ingconti 是对的。

1. Upload your app.plist to dropbox.
2. Get shared link of app.plist, like https://www.dropbox.com/s/qgknrfngaxazm38/app.plist
3. replace www.dropbox.comwith dl.dropboxusercontent.comin the link, like https://dl.dropboxusercontent.com/s/qgknrfngaxazm38/app.plist
4. Remove any parameters on the dropbox shareable link such as "?dl=0t" (as per Carlos Aguirre Tradeco at Enterprise app deployment doesn't work on iOS 7.1and my own experience).
5. Create a download.htmlfile with a link formatted as <a href="itms-services://?action=download-manifest&url=https://dl.dropboxusercontent.com/s/qgknrfngaxazm38/app.plist">INSTALL!!</a>
6. Upload your download.htmlto dropbox
7. Again, get a shared link of download.html, like https://www.dropbox.com/s/gnoctp7n9g0l3hx/download.html, and remove any parameters.
8. Replace www.dropbox.comwith dl.dropboxusercontent.comin the second link as well, like https://dl.dropboxusercontent.com/s/gnoctp7n9g0l3hx/download.html

1. 将您的 app.plist 上传到 Dropbox。
2. 获取 app.plist 的共享链接，如https://www.dropbox.com/s/qgknrfngaxazm38/app.plist
3. 更换www.dropbox.com用dl.dropboxusercontent.com的连结，例如https://dl.dropboxusercontent.com/s/qgknrfngaxazm38/app.plist
4. 删除 Dropbox 可共享链接上的任何参数，例如“?dl=0t”（根据 Carlos Aguirre Tradeco 在Enterprise 应用程序部署中的规定不适用于 iOS 7.1和我自己的经验）。
5. 创建一个download.html链接格式为的文件<a href="itms-services://?action=download-manifest&url=https://dl.dropboxusercontent.com/s/qgknrfngaxazm38/app.plist">INSTALL!!</a>
6. 将您的上传download.html到保管箱
7. 再次，获取 download.html 的共享链接，例如https://www.dropbox.com/s/gnoctp7n9g0l3hx/download.html，并删除所有参数。
8. 更换www.dropbox.com用dl.dropboxusercontent.com在第二个链接，以及像https://dl.dropboxusercontent.com/s/gnoctp7n9g0l3hx/download.html

Now, visit https://dl.dropboxusercontent.com/s/gnoctp7n9g0l3hx/download.htmlin your device, you can install the app like before.

现在，访问https://dl.dropboxusercontent.com/s/gnoctp7n9g0l3hx/download.html您的设备，您可以像以前一样安装该应用程序。

WHAT A WONDERFUL WORLD！

多美妙的世界！

Further to the Mark Parnell's answer, a quick-and-dirty way of getting around this is to put the manifest plist into Dropbox, and then using the Dropbox web interface to get a direct https link to it ('Share link' -> 'Get link' -> 'Download').

除了 Mark Parnell 的回答之外，解决这个问题的一种快速而肮脏的方法是将清单 plist 放入 Dropbox，然后使用 Dropbox 网络界面获取指向它的直接 https 链接（“共享链接”->“获取链接' -> '下载'）。

The actual ipa can remain wherever you always served it from. You'll need to URL-encode the plist's URL before inserting it into the itms-servivces URL's query (although just replacing any &s with %3D might work).

实际的 ipa 可以保留在您始终提供的任何地方。在将 plist 的 URL 插入到 itms-servivces URL 的查询中之前，您需要对其进行 URL 编码（尽管只需将任何 &s 替换为 %3D 即可）。

One downside is that the install dialog will now read "dl.dropbox.com wants to install [whatever]".

一个缺点是安装对话框现在将显示“dl.dropbox.com 想要安装 [whatever]”。

It is true, going forward you are expected to do all OTA deployments over https going forward with iOS7.1. Shame on Apple for not documenting this.

确实，在 iOS7.1 之后，您需要通过 https 进行所有 OTA 部署。为苹果没有记录这一点而感到羞耻。

For those of you that are looking for a better in-house solution than relying on dropbox or having to fork out cash for a certificate you can have a solution if you follow the steps outlined in tip #5 here: http://blog.httpwatch.com/2013/12/12/five-tips-for-using-self-signed-ssl-certificates-with-ios/

对于那些正在寻找比依赖 Dropbox 更好的内部解决方案或必须为证书支付现金的人，如果您按照此处第 5 条提示中概述的步骤操作，您可以获得解决方案：http://blog。 httpwatch.com/2013/12/12/five-tips-for-using-self-signed-ssl-certificates-with-ios/

The gist of it is this:

它的要点是这样的：

• Create your own CA Authority certificate that you can install on the device that is fully trusted (I installed by simply emailing it)
• Create the key/cer pair against the root certificate and install it on your server
• Make sure your webserver utilizes the key/cer pair that matches the CA Authority root certificate
• At this point you should be able to install your apps as usual over https
• All of this can be accomplished on OSX using openssl which is already installed by default

• 创建您自己的 CA 颁发机构证书，您可以将其安装在完全受信任的设备上（我只是通过电子邮件安装）
• 针对根证书创建密钥/cer 对并将其安装在您的服务器上
• 确保您的网络服务器使用与 CA 颁发机构根证书匹配的密钥/cer 对
• 此时您应该可以像往常一样通过 https 安装您的应用程序
• 所有这些都可以在 OSX 上使用默认安装的 openssl 完成

This is not the same as just doing a self-signed certificate, in this solution you are also acting as your own private Certificate Authority. If your root certificate that is installed on your Apple device is not marked as Trusted (green) then something is wrong. Do it over.

这与仅执行自签名证书不同，在此解决方案中，您还充当自己的私有证书颁发机构。如果安装在 Apple 设备上的根证书未标记为“受信任”（绿色），则说明有问题。做一遍。

This absolutely works.

这绝对有效。

Update: 3/13/2014 - I have provided a small command line utility that simplifies this entire process. You can get it at: https://github.com/deckarep/EasyCert/releases

更新：2014 年 3 月 13 日 - 我提供了一个小型命令行实用程序，可以简化整个过程。你可以在：https: //github.com/deckarep/EasyCert/releases

I had the same problem and although I was already using an SSL server, simply changing the links to https wasn't working as there was an underlying problem.

我遇到了同样的问题，虽然我已经在使用 SSL 服务器，但只是将链接更改为 https 并不起作用，因为存在潜在问题。

Click here for image

单击此处查看图像

That highlighted bit told me that we shouldbe given the option to trust the certificate, but since this is the app store, working through Safari that recovery suggestion just isn't presented.

突出显示的部分告诉我，我们应该可以选择信任证书，但由于这是应用程序商店，因此通过 Safari 工作不会显示恢复建议。

I wasn't happy with the existing solutions because:

我对现有的解决方案不满意，因为：

• Some options require dependance on a third party (Dropbox)
• We weren't willing to pay for an SSL certificate
  • Free SSL certificates are only a temporary solution.

• 某些选项需要依赖第三方 (Dropbox)
• 我们不愿意为 SSL 证书付费
  • 免费的 SSL 证书只是一个临时解决方案。

I finally found a solution by creating a Self Signed Root Certificate Authorityand generating our server's SSL certificate using this.

我终于通过创建自签名根证书颁发机构并使用它生成我们服务器的 SSL 证书找到了解决方案。

I used Keychain Access and OSX Server, but there are other valid solutions to each step

我使用了 Keychain Access 和 OSX Server，但每一步都有其他有效的解决方案

Creating a Certificate Authority

创建证书颁发机构

From what I gather, certificate authorities are used to verify that certificates are genuine. Since we're about to create one ourselves, it's not exactly secure, but it means that you can trust all certificates from a given authority. A list of these authorities is usually included by default in your browsers as these are actuallytrusted. (GeoTrust Global CA, Verisign etc)

据我所知，证书颁发机构用于验证证书的真实性。由于我们要自己创建一个，它并不完全安全，但这意味着您可以信任来自给定机构的所有证书。这些权限的列表通常默认包含在您的浏览器中，因为它们实际上是受信任的。（GeoTrust Global CA、Verisign 等）

• Open Keychain and use the certificate assistant to create an authority

• 打开Keychain，使用证书助手创建一个权限

• Fill in your Certificate Authority Information

• 填写您的证书颁发机构信息

• I don't know if it's necessary, but I made the authority trusted.

• 我不知道是否有必要，但我让权威值得信赖。

Generating a Certificate Signing Request

生成证书签名请求

In our case, certificate signing requests are generated by the server admin. Simply it's a file that asks "Can I have a certificate with this information for my site please".

在我们的例子中，证书签名请求是由服务器管理员生成的。简单地说，它是一个文件，询问“我可以为我的网站提供包含此信息的证书吗”。

• Next you'll have to create your Certificate Signing Request(I used OSX Server's Certificates manager for this bit

• 接下来，您必须创建您的证书签名请求（我为此使用了 OSX Server 的证书管理器）

• Fill in your certificate information (Must contain only ascii chars!, thanks @Jasper Blues)

• 填写您的证书信息（必须只包含 ascii 字符！谢谢@Jasper Blues）

• Save the generate CSR somewhere

• 将生成的 CSR 保存在某处

Creating the Certificate

创建证书

Acting as the certificate authority again, it's up to you to decide if the person who sent you the CSR is genuine and they're not pretending to be somebody else. Real authorities have their own ways of doing this, but since you are hopefully quite sure that you are you, your verification should be quite certain :)

再次充当证书颁发机构，由您决定向您发送 CSR 的人是否是真实的，并且他们没有冒充其他人。真正的权威有他们自己的方式来做这件事，但既然你很确定你就是你，你的验证应该是非常确定的:)

• Go back to Keychain Access and open the "Create A Certificate.." option as shown

• 返回 Keychain Access 并打开“Create A Certificate..”选项，如图所示

• Drag in your saved CSR to the box indicated

• 将您保存的 CSR 拖到指示的框中

• Click the "Let me override defaults for this request button"

• 单击“让我覆盖此请求的默认值按钮”

• I like to increase the validity period.

• 我喜欢增加有效期。

• For some reason, we have to fill in some information again

• 由于某些原因，我们不得不重新填写一些信息

• Click continue on this screen

• 在此屏幕上单击继续

• MAKE SURE YOU CLICK SSL SERVER AUTHENTICATION, this one caused me some headaches.

• 确保您单击 SSL SERVER AUTHENTICATION，这让我有些头疼。

• You can click continue through the rest of the options.

• The Mail app will open giving you the chance to send the certificate. Instead of emailing, right click it and save it.

• 您可以在其余选项中单击继续。

• 邮件应用程序将打开，让您有机会发送证书。而不是通过电子邮件，右键单击它并保存它。

Installing the Certificate

安装证书

We now need to set up the server to use the certificate we just created for it's SSL traffic.

我们现在需要设置服务器以使用我们刚刚为其 SSL 流量创建的证书。

• If the device your working on isyour server, you might find the certificate is already installed.

• 如果您使用的设备是您的服务器，您可能会发现证书已安装。

• If not though, double click the Pending certificate and drag the PEM file that we just saved from the email into the space indicated. (Alternatively, you can export your PEM from keychain if you didn't save it.)

• 如果没有，请双击 Pending certificate 并将我们刚刚从电子邮件中保存的 PEM 文件拖到指定的空间中。（或者，如果您没有保存 PEM，您可以从钥匙串导出 PEM。）

• Update your server to use this new certificate. If you find that the new certificate won't "stick" and keeps reverting, go back to the bit in BOLD ITALIC CAPS

• 更新您的服务器以使用此新证书。如果您发现新证书不会“粘住”并不断恢复，请返回BOLD ITALIC CAPS 中的位

Setting Up Devices

设置设备

Each device you need to install apps on will need to have a copy of this certificate authority so that they know they can trust SSL certificates from that authority

您需要在其上安装应用程序的每台设备都需要拥有此证书颁发机构的副本，以便他们知道他们可以信任来自该颁发机构的 SSL 证书

• Go back to Keychain Access and export your certificate authority as a .cer

• 返回 Keychain Access 并将您的证书颁发机构导出为 .cer

• I then put this file on my server with my OTA apps, users can click this link and download the authority certificate. Emailing the certificate directly to users is also a valid option.

• 然后我将此文件与我的 OTA 应用程序一起放在我的服务器上，用户可以单击此链接并下载授权证书。将证书直接通过电子邮件发送给用户也是一个有效的选择。

• Install the certificate on your device.

• 在您的设备上安装证书。

Test

测试

• Make sure your plist links are https

  • Try and install an app! It should now work. The certificate authority is trusted and the SSL certificate came from that authority.

• 确保您的 plist 链接是 https

  • 尝试安装一个应用程序！它现在应该可以工作了。证书颁发机构受信任并且 SSL 证书来自该颁发机构。

I can confirm it works, But You have to put html AND plist on dropbox. It works also for non-enterprise OTA, i.e. You want to share app with your dev. team.

我可以确认它有效，但是您必须将 html 和 plist 放在 dropbox 上。它也适用于非企业 OTA，即您想与开发人员共享应用程序。团队。

I did:

我做了：

a) on my site I made a page with this link:

a) 在我的网站上，我用这个链接创建了一个页面：

.. href="https://dl.dropboxusercontent.com/u//(your DB id)/ipa.html">MyApp

.. href="https://dl.dropboxusercontent.com/u//(您的数据库 ID)/ipa.html">MyApp

b) on DropBox I wrote another HTML page:

b) 在 DropBox 上我写了另一个 HTML 页面：

.. https://dl.dropboxusercontent.com/u/(your DB id)/MyApp.plist"> Tap to Install MyApp

.. https://dl.dropboxusercontent.com/u/(your DB id)/MyApp.plist">点击安装MyApp

c) moved plist on DropBox but leaving it to POINT to my old server (no https)

c) 在 DropBox 上移动 plist 但将其保留到我的旧服务器（无 https）

Open up terminal and run the command: curl -i https:// (.ipa file path not plist)

打开终端并运行命令：curl -i https://（.ipa 文件路径不是 plist）

This will tell you whether or not the installer can see the IPA file. If you run the curl command with the '-i' you'll see the full response and it's probably not the IPA file. This is the response the installer sees, so if it's not returning HTTP 200 and an IPA you'll need to return it on your end.

这将告诉您安装程序是否可以看到 IPA 文件。如果您使用“-i”运行 curl 命令，您将看到完整的响应，并且它可能不是 IPA 文件。这是安装程序看到的响应，因此如果它没有返回 HTTP 200 和 IPA，则您需要在最后返回它。

The ITMS installer doesn't save any context from Safari. If you authenticated into a secure portal in Safari, the authentication cookies aren't pass to the the installer. i.e. The installer needs to be able to see the app without authentication and this could be the reason you are getting 'Cannot connect to server'.

ITMS 安装程序不会保存来自 Safari 的任何上下文。如果您通过 Safari 中的安全门户进行身份验证，则身份验证 cookie 不会传递给安装程序。即安装程序需要能够在没有身份验证的情况下看到应用程序，这可能是您收到“无法连接到服务器”的原因。

If you happen to have AWS S3 that works like a charm also. Well. Relatively speaking :-)

如果您碰巧有 AWS S3，它也可以像魅力一样工作。好。相对而言:-)

Create a bucket for your ad hocs in AWS, add an index file (it can just be a blank index.html file) then using a client that can connect to S3 like CyberDuck or Coda (I used Coda - where you'd select Add Site to get a connection window) then set the connections like the attached:

在 AWS 中为您的临时人员创建一个存储桶，添加一个索引文件（它可以只是一个空白的 index.html 文件），然后使用可以连接到 S3 的客户端，如 Cyber​​Duck 或 Coda（我使用了 Coda - 您可以在其中选择添加站点以获取连接窗口）然后设置连接，如附件所示：

Then build your enterprise ad hoc in XCode and make sure you use https://s3.amazonaws.com/your-bucket-name/your-ad-hoc-folder/your-app.ipaas the Application URL, and upload it to your new S3 bucket directory.

然后在 XCode 中构建您的企业 ad hoc 并确保您使用https://s3.amazonaws.com/your-bucket-name/your-ad-hoc-folder/your-app.ipa作为应用程序 URL，并上传它到您的新 S3 存储桶目录。

Your itms link should match, i.e. itms-services://?action=download-manifest&url=https://s3.amazonaws.com/your-bucket-name/your-ad-hoc-folder/your-app.plist

您的 itms 链接应该匹配，即 itms-services://?action=download-manifest&url= https://s3.amazonaws.com/your-bucket-name/your-ad-hoc-folder/your-app.plist

And voilá.

瞧。

This is only for generic AWS URLs - I haven't tried with custom URLs on AWS so you might have to do a few things differently.

这仅适用于通用 AWS URL - 我还没有尝试在 AWS 上使用自定义 URL，因此您可能需要做一些不同的事情。

I was determined to try to make James Webster's solution above work, but I couldn't get it to work with Plesk.

我决心尝试使上述 James Webster 的解决方案起作用，但我无法将其与 Plesk 一起使用。

I had same trouble and did as mentioned above.

我遇到了同样的问题，并按照上面提到的做了。

• Put the plist in dropbox.
• Over the download file button, below an image of the document with mouse right button select the copy link action. This link is already something like https://dl.dropboxusercontent.com/s/xyz123/app.plist?stuff=stuffwith many params.
• Remove the parameters (kept only address between https and .plist)
• Browse for url encode online, selected one of those links, copy, paste, execute, then the resulting text copied and pasted into the html where I have the itms-services link. By the way I have this html in two different locations, one of those is where the ipa is located.
• Make sure the plist includes absolute references to the ipa file.

• 将 plist 放入保管箱。
• 在下载文件按钮上方，在文档图像下方用鼠标右键选择复制链接操作。此链接已经类似于 https://dl.dropboxusercontent.com/s/xyz123/app.plist?stuff=stuff ，带有许多参数。
• 删除参数（只保留 https 和 .plist 之间的地址）
• 在线浏览 url 编码，选择这些链接之一，复制、粘贴、执行，然后将生成的文本复制并粘贴到我有 itms-services 链接的 html 中。顺便说一下，我在两个不同的位置有这个 html，其中一个是 ipa 所在的位置。
• 确保 plist 包含对 ipa 文件的绝对引用。

Both pages worked successfully for installing the app in iphones with ios 7.1

这两个页面都可以成功地在 ios 7.1 的 iphone 中安装该应用程序

But, now iphones with ios 7.0x can't install the app.

但是，现在带有 ios 7.0x 的 iphone 无法安装该应用程序。

I created a new question: upgraded adhoc app deployment doesnt work on ios previous to 7.1

我创建了一个新问题：升级的临时应用部署在 7.1 之前的 ios 上不起作用

Both issues are tightly related, and also bonded by the lack of official references.

这两个问题密切相关，也因缺乏官方参考资料而联系在一起。

Some nice guy handled the issue by using the Class 1 StartSSL certificate and shared Apache config that adds certificate support (will work with any certificate) and code for changing links in existing *.plist files automatically. Too long to copy, so here is the link: http://cases.azoft.com/how-to-fix-certificate-is-not-valid-error-on-ios-7/

一些好人通过使用 Class 1 StartSSL 证书和共享的 Apache 配置来处理这个问题，该配置添加了证书支持（将与任何证书一起使用）和用于自动更改现有 *.plist 文件中的链接的代码。复制太长，所以这里是链接：http: //cases.azoft.com/how-to-fix-certificate-is-not-valid-error-on-ios-7/