All geek questions in one place

Apple-app-site-association not found

I am trying to pass the Apple Search Validation Tool and am having problems with the apple-app-site association.

For some reason, the bot cannot find my file. But if you open its url.

This is not a formatting issue because the file is not even found. I have https, so I do not need to sign my file.

I do not have the extension in my file as indicated in the documentation.

Someone had a similar problem and asked Apple Developer foruns , but that didn't help me.

My url https://ps3looke.ottvs.com.br/apple-app-site-association

I tried checking it with cUrl and everything seems to be normal:

Caios-MacBook-Air:~ caiocoan$ curl -I https://ps3looke.ottvs.com.br/apple-app-site-association HTTP/1.1 200 OK Content-Length: 135 Content-Type: application/json Last-Modified: Tue, 27 Oct 2015 15:36:52 GMT Accept-Ranges: bytes ETag: "f81e714dcd10d11:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Wed, 04 Nov 2015 20:43:25 GMT

Any ideology of what I can do wrong, or what I need to do?

+5
source share
2 answers

I am currently contacting Microsoft Support on the same issue. My initial access is that Windows Server 2012 R2 has an error processing TLS 1.2, which is the HTTPS protocol that AppleBot uses to scan pages.

Your apple-app-site association looks great.

Edit

I found that even if the validation tool doesn’t work when you visit the Safari site on the iPad / iPhone, the Open application in the xxx application exits

Update 2015-12-22

Microsoft is back to me. The problem is that AppleBot sends the next Hello client to start an SSL connection

 Signature Hash Algorithms (4 algorithms) Signature Hash Algorithm: 0x0401 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0403 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0201 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0203 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3)

When you look at the certificate hierarchy of your SSL certificate, you see

 COMODO RSA Organization Validation Secure Server CA Certificate signature algorithm PKCS #1 SHA-384 With RSA Encryption

When Windows Server receives the AppleBot Hello client application, it sees that AppleBot supports SHA1 and SHA256, but your certificate requires SHA384 support. Thus, according to http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 , the request cannot be completed and Windows Server resets the connection. Then AppleBot reports that the file was not found.

In particular, RFC5246 says

  If the client provided a "signature_algorithms" extension, then all certificates provided by the server MUST be signed by a hash/signature algorithm pair that appears in that extension.

Microsoft Recommended Tool

When you need to use a validator, create a self-signed certificate. By default, Windows uses SHA1 as the certificate signing algorithm. Bind the self-signed certificate to your HTTPS endpoint, and then use the validator to make sure your apple-app-site association file is approved. You can then revert to the actual SSL certificate that you purchased.

My warning

Do not put a self-signed certificate on your production server. Create another server for testing!

+3
source

I was able to fix this problem with the Rewrite URL module by adding the .json extension to the file name and then adding a rewrite rule to my web.config as follows:

 <rule name="AppleAppSite" enabled="true" stopProcessing="true"> <match url="^apple-app-site-association$"/> <action type="Rewrite" url="apple-app-site-association.json"/> </rule>
+1
source

Source: https://habr.com/ru/post/1235248/

More articles:


All Articles