I've set up a local webserver running with a self-signed certificate (SSL).
I've also installed the certificate on my iOS 15.0 device and trusted it from the Device Settings. But when I load https://my-local-hostname/ which loads a download button with a link to the itms-services/.../manifest.plist
, and click the download button, it shows "Unable to Install ***".
On the other hand, if I run ngrok to get a static domain with a cert signed by a trusted root CA, it works, which means that the manifest.plist configuration is correct.
Is there any way to make it work on localhost directly? Has anyone done this ever?
I finally figured it out..
For those who are interested in the solution, here are the steps for making OTA work on your local machine with localhost.
minica
to generate the certificates instead of making them on your own (simply skip the Generate a private key and certificate for your site
step mentioned in the article, and use minica --domains {hostname}
command which will generate the necessary certificates for you instantly. You can find the generated Root CA certificate with the key at ~/minica.pem
and ~/minica-key.pem
,
and your domain's certificates at ~/{hostname}/(cert/key).pem
,
where {hostname}
is the hostname of your local machine. If you're not sure what is your machine's hostname, just open the terminal and type hostname
./etc/apache2/extra/httpd-ssl.conf
specify SSLCertificateFile
, SSLCertificateKeyFile
and SSLCACertificateFile
paths to /path/to/key.pem
,/path/to/cert.pem
and /path/to/minica.pem
correspondingly.minica.pem
and cert.pem
to the keychain and change to "Always trust".minica.pem
and cert.pem
to the iPhone (using AirDrop or whatever), install the profile, and trust them both from the Certificate Trust Settings screen)That's basically it. Just use https://{hostname} instead of https://localhost everywhere in your HTML code and in manifest.plist file so that you can access the website's content from the mobile device in the same network.