找不到苹果应用程序站点关联 [英] Apple-app-site-association not found

问题描述

我正在尝试通过 Apple搜索验证工具，但遇到了问题与apple-app-site-association关联.

I'm trying to pass the Apple Search Validation Tool, and I'm having problems with the apple-app-site-association.

由于某种原因，机器人无法找到我的文件.但是，如果您打开URL，就在那里.

For some reason the bot can't find my file. But if you open the URL it's there.

这不是格式问题，因为甚至找不到该文件. 我有https，因此不需要对我的文件进行签名.

It's not a formatting problem, because the file isn't even found. I have https so it's not needed to sign my file.

文件中没有我要求的扩展名.

I don't have any extension on my file, as asked in the documentation.

有人遇到了类似的问题，并在 Apple Developer论坛上提问，但没有帮助我.

Someone had a similar problem and asked on the Apple Developer foruns, but it didn't help me.

我的网址是 https://ps3looke.ottvs.com.br/apple-app-site-关联

我试图用cUrl检查它，一切似乎都很正常:

I tried to check it with cUrl and everything seems normal:

Caios-MacBook-Air:~ caiocoan$ curl -I https://ps3looke.ottvs.com.br/apple-app-site-association
HTTP/1.1 200 OK
Content-Length: 135
Content-Type: application/json
Last-Modified: Tue, 27 Oct 2015 15:36:52 GMT
Accept-Ranges: bytes
ETag: "f81e714dcd10d11:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 04 Nov 2015 20:43:25 GMT

对我可能做错了什么或需要做的事情有何想法?

Any ideia of what I could be doing wrong, or what I need to do?

推荐答案

我目前正在就同一问题与Microsoft支持联系.我最初的见解是Windows Server 2012 R2在处理TLS 1.2(这是AppleBot使用的HTTPS协议抓取页面)中存在一个错误.

I am currently contacting Microsoft Support over the same issue. My initial accessment is that Windows Server 2012 R2 has a bug in handling TLS 1.2, which is the HTTPS protocol that AppleBot uses crawl the pages.

您的apple-app-site-association看起来很好

Your apple-app-site-association looks perfectly fine

修改

我发现，即使验证工具不起作用，当您在iPad/iPhone上的Safari浏览器上访问该网站时，"xxx应用程序中的打开"按钮也会弹出

I found that even with the validation tool not working, when you visit the site on Safari on the iPad/iPhone, the Open in the xxx app does pop out

更新2015-12-22

微软又回到了我身边.问题是AppleBot发送以下客户端Hello来启动SSL连接

Microsoft has gotten back to me. The issue is that AppleBot sends the following Client Hello to initiate SSL connection

Signature Hash Algorithms (4 algorithms)
    Signature Hash Algorithm: 0x0401
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: RSA (1)
    Signature Hash Algorithm: 0x0403
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
    Signature Hash Algorithm: 0x0201
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: RSA (1)
    Signature Hash Algorithm: 0x0203
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: ECDSA (3)

当您查看SSL证书的证书层次结构时，您会看到

When you look at the certificate hierarchy of your SSL certificate, you see

COMODO RSA Organization Validation Secure Server CA
    Certificate signature algorithm
        PKCS #1 SHA-384 With RSA Encryption

当Windows Server从AppleBot接收到客户端Hello时，它将看到AppleBot支持SHA1和SHA256，但是，您的证书要求支持SHA384.因此，根据 http://tools.ietf.org/html/rfc5246 #section-7.4.1.4.1 ，无法满足请求，Windows Server会重置连接.然后，AppleBot将报告为找不到文件.

When Windows Server receives the Client Hello from AppleBot, it sees that AppleBot supports SHA1 and SHA256, however, your certificate requires support for SHA384. Thus, according to http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1, there is no way to fulfil the request and Windows Server resets the connection. AppleBot then reports as file not found.

具体来说，RFC5246说

Specifically, RFC5246 says

   If the client provided a "signature_algorithms" extension, then all
   certificates provided by the server MUST be signed by a
   hash/signature algorithm pair that appears in that extension.

Microsoft建议的补救措施

当您需要使用验证器时，请创建一个自签名证书.默认情况下，Windows使用SHA1作为证书签名算法.将自签名证书绑定到HTTPS端点，然后使用验证器确保apple-app-site-association文件正常.然后，您可以切换回购买的实际SSL证书.

When you need to use the validator, create a self-signed certificate. By default, Windows uses SHA1 as the certificate signature algorithm. Bind the self-signed cert to your HTTPS endpoint, then use the validator to ensure that your apple-app-site-association file is okay. You can then switch back to the actual SSL certificate you bought.

我的警告

请勿在生产服务器上放置自签名证书.创建另一个服务器进行测试！

Do not put a self-signed cert on your production server. Create another server to test!

这篇关于找不到苹果应用程序站点关联的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！