iosiphonexcodeopensslios-universal-app

apple-app-site-association universal link signing issue

I am working on universal linking , I have four files as mentioned below (through which my domain is SSL certifed),

ACertificate-1.cer
ACertificate-2.cer
ServerCertificate.cer
Private.key

and The Json file 

{
    "applinks": {
        "apps": [],
        "details": [
            {
                "appID": "ZY9H86N885.com.abc.Developementabc",
                "paths": ["*"]
            }
        ]
    }
}

with the below command i have signed the apple-app-site-association file

cat json | openssl smime -sign -inkey Private.key -signer ServerCertificate.cer -certfile ACertificate-1.cer -noattr -nodetach -outform DER > apple-app-site-association

i have no idea, where to put the second certificate ACertificate-2.cer, so i left it like that.

and i did all the points alerted in https://limitless-sierra-4673.herokuapp.com/

up to this point

Your file should validate and return its contents with openssl smime -verify -inform DER -noverify

then i tried to verify it like below

openssl smime -verify -in apple-app-site-association -inform DER -content json -noverify -binary ServerCertificate.cer > /dev/null

i have no idea which certificate/key/file to put where ! i just tried as above, then i've got the below error

Verification failure
139806288791456:error:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:293:
139806288791456:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature failure:pk7_doit.c:1222:
139806288791456:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:410:

where i was doing wrong & help me resolving this

Solution

  • okay, its resolved.

    i've combined those chained certificates into one single certificate.crt using openssl commands, then i signed the apple association file with below command

    sudo openssl smime -sign -signer my_combined_certificate.crt -inkey private.key -in json.txt -out apple-app-site-association

    its worked , the deep linking is working now :)

    UPDATE 1

    if you have individual files instead of combined one, then with below command you can sign it.

    cat file.json | openssl smime -sign -inkey privatefile.key -signer servercertificate.cer -certfile certficate.cer -noattr -nodetach -outform DER > apple-app-site-association

    signer.cer

    servercertificate.cer --> having 3 chain certificates

    certificate.cer --> have one ssl provider certificate

    privatefilekey.key -->is key file