8

I've set up Universal Links in our app, and I'm unable to retrieve the apple-app-site-association file from my server on app install. The device console is giving the following error where it attempts to retrieve the file during the install:

Rejecting URL 'https://example.com/apple-app-site-association' for auth method 'NSURLAuthenticationMethodServerTrust': -6754/0xFFFFE59E kAuthenticationErr

I'm able to retrieve the file successfully in Safari using the same device. It's hosted via https with a standard verisign issued EV cert. I don't get any SSL errors when retrieving the file outside of app install, so I'm confident the cert is configured correctly on the server side.

What could be causing this error?

72A12F4E
  • 1,744
  • 1
  • 14
  • 28
Nick Sinklier
  • 221
  • 1
  • 3
  • 9
  • Is the device on WiFi or Cellular data? – 72A12F4E Feb 05 '16 at 19:23
  • Read this http://stackoverflow.com/a/34155116/919545 – Ankit Srivastava Feb 05 '16 at 19:48
  • I have those things correct in mine. I have multiple apps listed in my apple-app-site-association file, each with their respective app ID, which made it obvious that those values each needed to be unique. – Nick Sinklier Feb 05 '16 at 20:06
  • 1
    Does anything in this answer apply to your situation? "iOS logs an error message in the system logs if you don't have TLS set up properly on the domain specified in your entitlements", such as the app trying to use a TLS version not supported by the server?: http://stackoverflow.com/a/32751734/1655180 – Joseph Quigley Feb 05 '16 at 20:40
  • 1
    The server supports all TLS versions. Also, I used the Apple provided tool to test accessing the file on the server. https://search.developer.apple.com/appsearch-validation-tool – Nick Sinklier Feb 05 '16 at 21:24
  • Which it successfully passes. I suppose that means that their tool does not exactly spoof the behavior of the phone. – Nick Sinklier Feb 05 '16 at 21:30
  • Is there a success message in the logs when the apple-app-site-association file is downloaded successfully? – johnborges Apr 19 '16 at 18:08
  • 1
    When the phone successfully downloads the file, there is nothing logged to the console. You only get a message if it fails. – Nick Sinklier Apr 21 '16 at 01:46

2 Answers2

1

As it turns out this issue was caused by having Worx by Citrix installed on the phone. This app installed a profile by XenMobile on the phone that was interfering with the ssl handshake between our server and apple. This was only the case when installing test apps on the phone. Our production app downloaded from the App Store works just fine. Also, if I remove the Citrix apps and the associated XenMobile profile, it works. Very annoying.

Nick Sinklier
  • 221
  • 1
  • 3
  • 9
0

For me the issue was a missing capability entry: activitycontinuation:com.example.app. For some reason, when the apple-app-site-association file is hosted on an IIS server that capability needs to be added in addition to applinks:com.example.app.

johnborges
  • 2,422
  • 20
  • 33