After a few hours wracking braincells, here's how I did it:

经过几个小时的脑细胞破坏后，我是这样做的：

NOTE: I haven't currently tested this against iOS 8.1.2 or lower (proceed with caution!)

注意：我目前尚未针对 iOS 8.1.2 或更低版本对此进行测试（请谨慎操作！）

For apps that have ALREADY been signed with your OWN enterprise certificate, all you have to do (as mentioned by RAStudios in his edit) is to edit the manifest.plist:

对于已经使用您自己的企业证书签名的应用程序，您所要做的（正如 RAStudios 在他的编辑中提到的那样）就是编辑 manifest.plist：

Before:

前：

<key>bundle-identifier</key>
<string>uk.co.acme.AcmeApp</string>

After:

后：

<key>bundle-identifier</key>
<string>S836XXACME.uk.co.acme.AcmeApp</string>

For apps that have been signed by a third partythat you're resigning with your enterprise certificate (this walkthrough is assuming the ipa file is AcmeApp.ipa, your entitlements file is entitlements.plist and your provisioning profile is provProvile.mobileprovision; all files are in the Desktop folder (Mac OSX), and S836XXACME is your team identifier):

对于已由第三方签名且您使用企业证书辞职的应用程序（本演练假设 ipa 文件为 AcmeApp.ipa，您的权利文件为 entitlements.plist，您的配置文件为 provProvile.mobileprovision；所有文件位于桌面文件夹 (Mac OSX) 中，S836XXACME 是您的团队标识符）：

Create a new entitlements.plist file:

创建一个新的 entitlements.plist 文件：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>S836XXACME.uk.co.acme.AcmeApp</string>
<key>get-task-allow</key>
<false/>
</dict>
</plist>

Unzip the ipa:

解压ipa：

cd ~/Desktop

unzip AcmeApp.ipa 

Remove the Code Signature:

删除代码签名：

rm -r Payload/AcmeApp.app/_CodeSignature/ 

Copy in the mobileprovision file:

复制到 mobileprovision 文件中：

cp provProfile.mobileprovision Payload/AcmeApp.app/embedded.mobileprovision 

Codesign:

代码设计：

codesign -f -s "iPhone Distribution: ACME Corporation Limited" --entitlements entitlements.plist Payload/AcmeApp.app

Zip it up as the resigned ipa:

将其压缩为已辞职的 ipa：

zip -qr AcmeApp_resigned.ipa Payload/

You also need to amend the manifest.plist file as per the 'ALREADY' signed part earlier:

您还需要根据之前“已经”签名的部分修改 manifest.plist 文件：

<key>bundle-identifier</key>
<string>S836XXACME.uk.co.acme.AcmeApp</string>

After investigating..

经过调查...

Edit:After further testing, I found that simply matching the bundle ID in the Info.plistand the bundle ID in the manifest.plistworked for installing apps over-the-air on iOS 8.1.3.If this solution does not work, try the solution below.

编辑：经过进一步测试，我发现只需匹配 中的捆绑 IDInfo.plist和 中的捆绑 ID 即可在manifest.plistiOS 8.1.3 上通过无线方式安装应用程序。如果此解决方案不起作用，请尝试以下解决方案。

Original Solution

原始解决方案

Fix to the problem:

修复问题：

Your application must have a valid entitlements.plist, which includes correct the valid bundle identifier of an application.

您的应用程序必须有一个有效的entitlements.plist，其中包括正确的应用程序的有效包标识符。

If you are distributing an application signed with a iOS development certificate, here is an example of a entitlements.plist you should include with your app.

如果您要分发使用 iOS 开发证书签名的应用程序，以下是您应包含在应用程序中的 entitlements.plist 示例。

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>com.yourbundleidhere.mycoolapp</string>
    <key>com.apple.developer.team-identifier</key>
    <string>com.yourbundleidhere.mycoolapp</string>
    <key>get-task-allow</key>
    <true/>
    <key>keychain-access-groups</key>
    <array>
        <string>com.yourbundleidhere.mycoolapp</string>
    </array>
</dict>
</plist>

If you are using a wildcard profile, replace com.yourbundleidhere.mycoolappwith yourwildcardappid.*. In both instances, you can use iResign to properly resign applications and include the now required, entitlements.plist.

如果您使用通配符配置文件，请替换com.yourbundleidhere.mycoolapp为yourwildcardappid.*. 在这两种情况下，您都可以使用 iResign 正确退出应用程序并包含现在需要的 entitlements.plist。

Explanation of the problem

问题说明

Due to security patches (see hereunder CVE-2014-4493), without the entitlements.plist, the application will not install. The security patch keeps applications from overriding existing apps and installing over the top of them/replacing them.

由于安全补丁（参见此处CVE-2014-4493），如果没有 entitlements.plist，应用程序将无法安装。安全补丁可防止应用程序覆盖现有应用程序并安装在它们之上/替换它们。

I've done quite a few experiments with this. In my experience the bundle identifier in the manifest.plist file isn't actually that critical. The most important thing to do is to get the entitlements.plist correct.

我已经用这个做了很多实验。根据我的经验， manifest.plist 文件中的包标识符实际上并不是那么重要。最重要的事情是让 entitlements.plist 正确。

Rather than creating this manually I would recommend generating it from the provisioning profile using the following script (credit):

我建议使用以下脚本（credit）从配置文件中生成它，而不是手动创建它：

# Create an entitlements file
# parse provision profile
security cms -D -i "provProfile.mobileprovision" > ProvisionProfile.plist 2>&1

# generate entitilements.plist
/usr/libexec/PlistBuddy -x -c "Print Entitlements" ProvisionProfile.plist > Entitlements.plist 2>&1

You can then use this entitlements file with the --entitlements option on the codesign utility.

然后，您可以将此权利文件与 codesign 实用程序上的 --entitlements 选项一起使用。

I have sovled this problem.

我已经解决了这个问题。

1. Since Apple has changed provisioning profiles, please RENEW the provisioning profiles (File 1) and copy it into the "Payload/".
2. Make sure there's a Entitlements.plist (File 2) in the "Payload/", and this plist file MUST be PLAIN TEXTwhich is created by a text editor.
3. Make sure there's a Info.plist (File 3) in "Payload/", and this is created by XCode;
4. Copy the Entitlements.plist (File 4) anywhere else except the "Payload/".
5. Be sure "Bundle identifier" in File 1-4 should be the same.
6. Use this Entitlements.plist (File 4) to Re-Sign the IPA file.

1. 由于 Apple 已更改配置文件，请更新配置文件（文件 1）并将其复制到“Payload/”中。
2. 确保有在“有效载荷/”，这plist文件一个Entitlements.plist（文件2）必须是纯文本是由一个文本编辑器创建。
3. 确保“Payload/”中有一个 Info.plist（文件 3），这是由 XCode 创建的；
4. 将 Entitlements.plist（文件 4）复制到除“Payload/”之外的任何其他位置。
5. 确保文件 1-4 中的“捆绑标识符”应该相同。
6. 使用此 Entitlements.plist（文件 4）重新签署 IPA 文件。

You can resign it like this

你可以这样辞职

codesign -fs "iPhone Distribution: Your Company Name" --entitlements=/Users/SenTR/Downloads/codesign/Entitlements.plist /Users/SenTR/Downloads/codesign/Payload/Your_Project_name.app

Entitlements.plist sample

Entitlements.plist 示例

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>application-identifier</key>
        <string>PREFIX.yourappBundleID</string>
        <key>aps-environment</key>
        <string>production</string>
        <key>get-task-allow</key>
        <false/>
        <key>keychain-access-groups</key>
        <array>
            <string>PREFIX.yourappBundleID</string>
        </array>
    </dict>
</plist>

If you know Chinese, this will be helpful.

如果你懂中文，这会很有帮助。

http://hennry.com/2015/03/fail-to-resign-ipa-since-ios8/

http://hennry.com/2015/03/fail-to-resign-ipa-since-ios8/

I have answered this here, this worked for me without having to do anything else

我在这里回答了这个问题，这对我有用而无需做任何其他事情

In addition to @Mark's and @RaStudio's answers, I have seen two more causes for the 'Unable to download application' message; one of which is new to iOS 8.1.3.

除了@Mark 和@RaStudio 的回答之外，我还看到了“无法下载应用程序”消息的另外两个原因；其中之一是 iOS 8.1.3 的新功能。

New failure cause on iOS 8.1.3

iOS 8.1.3 上的新故障原因

This error occurs when trying to install an application that has an expired provisioning profile. When signing an application, both the certificate and the provisioning profile must be valid and not expired. It seems as though an application with an expired provisioning profile and non-expired certificate can be installed on iOS 8.1.2 in some circumstances. Ensure that the provisining profile is not expired by going to Apple's developer center.

尝试安装具有过期配置文件的应用程序时会发生此错误。签署应用程序时，证书和供应配置文件都必须有效且未过期。在某些情况下，似乎可以在 iOS 8.1.2 上安装具有过期配置文件和未过期证书的应用程序。前往Apple 的开发人员中心，确保配置文件未过期。

Old failure cause

旧故障原因

This error occurs when trying to download an application signed with a development certificate and provisioning profile if the device has not been added to the development provisining profile on Apple's developer center.

如果设备尚未添加到Apple 开发人员中心的开发配置文件中，则尝试下载使用开发证书和配置文件签名的应用程序时会发生此错误。

I have the same issue and this happens for the applications that doesn't have any entitlements.

Re-signing the app with entitlement solved the issue for me, but this is going to be pain as all the applications that are already deployed need to be re-signed and deployed.

This is a weird issue because these apps which failed for me doesn't use anything like keychain sharing or push notifications and hence doesn't need an entitlement at all (as per my understanding). Now when I just add an entitlement with keychain-sharing it starts working.

我有同样的问题，这种情况发生在没有任何权利的应用程序中。

重新签署具有权利的应用程序为我解决了这个问题，但这将是痛苦的，因为所有已经部署的应用程序都需要重新签名和部署。

这是一个奇怪的问题，因为这些对我来说失败的应用程序不使用钥匙串共享或推送通知之类的东西，因此根本不需要权利（根据我的理解）。现在，当我添加带有钥匙串共享的权利时，它就开始工作了。

ios 8.1.3: inhouse app need distribute with MDM.

ios 8.1.3：内部应用需要通过 MDM 分发。

MobileInstallation

移动安装

Impact: A malicious enterprise-signed application may be able to take control of the local container for applications already on a device

影响：恶意企业签名应用程序或许能够控制设备上已有应用程序的本地容器

Description: A vulnerability existed in the application installation process. This was addressed by preventing enterprise applications from overriding existing applications in specific scenarios.

描述：应用程序安装过程中存在漏洞。这已通过防止企业应用程序在特定场景中覆盖现有应用程序得到解决。

from apple release note

来自苹果发布说明