Sign apple-app-site-association

Question

I try to implement the iOS9 Universal Links.

I m using this tutorial: http://blog.hokolinks.com/how-to-implement-apple-universal-links-on-ios-9/ And this: https://developer.apple.com/library/ios/documentation/Security/Reference/SharedWebCredentialsRef/

But none of them did the whole process.

I would apple-app-site-association file.

The above links say to do it this way:

cat json.txt | openssl smime -sign -inkey example.com.key
                            -signer example.com.cert
                            -certfile intermediate.cert
                            -noattr -nodetach
                            -outform DER > apple-app-site-association

And I don't have the .cert files (and don't know how to create it).

Form Apple docs:

The file must be CMS signed by a valid TLS certificate.

Any support will be great.

Thanks in advance!

Answer 1

As of iOS 9 developer seed 2, you no longer need to sign the apple-app-site-association file for Universal links. Most places on the web still reference the need to sign the file as do the official Apple Docs. Here's the WWDC session where it was announced that you no longer need to sign the file. https://developer.apple.com/videos/play/wwdc2015-509/ goto ~14 mins in to the video where they announce this and the limitations (not backwards compatible with iOS 8).

I have verified that Universal Links work with unsigned files on the official iOS 9 release.

Answer 2

This is definitely not an easy process. You can find another helpful blog post here. I'm pulling straight from that post.

And I don't have the .cert files (and don't know how to create it).

From the post:

Acquire SSL certification

You need to acquire SSL certification files for the domain you’ll use to host the Universal Links. In order to do this, you’ll need to use a third party service to register your domain for SSL, and create the files you need. After looking around, we’ve chosen Digicert to handle branch.io and associated subdomains.

Here are the steps to create your SSL certification:

1. Visit https://www.digicert.com/easy-csr/openssl.htm and fill out the form at the top to generate an openSSL command. Keep this window open

2. Login to your remote server

3. Execute the openSSL command to generate a certificate signing request (.csr) and certification file (.cert)

4. Pay for your SSL certification at https://www.digicert.com/welcome/ssl-plus.htm

5. Wait for Digicert to approve and send you the final files

6. In the end, move yourdomain.com.cert, yourdomain.com.key and digicertintermediate.cert into the same directory on your remote server

You can also try another process if you want to get certs for free. startssl.com is fairly popular. There's a step-by-step guide here.

Lastly, you can use CloudFlare for free TLS. That won't help you with signing the apple-app-site-association file, but it will help with making sure your (sub)domain is serving up the apple-app-site-association over HTTPS, which is required. This is how your (sub)domain should look when properly configured:

_{(source: branch.io)}

When you do get this working, please post about what steps you got caught on to help other devs. While this is something large companies easily have the manpower to set up, for sole developers it's quite tricky.

Answer 3

cat json.txt | openssl smime -sign -inkey website.key -signer website_com.cert -noattr -nodetach -outform DER > apple-app-site-association

This command creates apple-app-site-association file that you have store on root directory of your web server. ANd website.key and webiste.cert these files you'll get in ssl folder when you connect to your webserver via ftp if you have ssl website if not then first get ssl certifcate for your server