How does my domain support iOS9 Web Markup Universal Links?

As many already know, Google App Engine hosts its apps on the subdomain by default and an SSL certificate (* that allows any app to use https on that subdomain.

Enter iOS 9 with Universal Links and Web Markup, which now requires a "signed json file" to be placed with the applications listed in it. Keyword "signed". This file must be signed with a valid SSL certificate and private key. (Listing 2-7 and 2-8)

On twitter, I was told that the signing certificate does NOT have to match the actual domain SSL certificate, but the self-signed certificate will not work.

So, one solution is to just buy your own SSL certificate and sign it with that certificate.

I am curious what other options we have that have APIs and websites in Google App Engine and / or with Google Cloud Endpoints, because I assume Google is not going to surrender their wildcard ssl certificates and private key for us;)

Update 8/5/2015

To host the apple-app-site-association file, I had to manually open it and spit it out when called to use the webapp2 handler like this:

class GetAppleAppSiteAssoc(webapp2.RequestHandler):
    def get(self):

def showAppleAppSiteAssoc(self):"Enter showAppleAppSiteAssoc()")

    path = os.path.join(os.path.dirname(__file__), 'apple-app-site-association')
    fileContents = open(path).read()
    self.response.headers['Content-Type'] = 'application/pkcs7-mime'

app = webapp2.WSGIApplication([('/', MainHandler),
                ('/apple-app-site-association', GetAppleAppSiteAssoc)],


I'm currently having issues similar to this post and have tried both signing with my iOS distribution certificate and a valid certificate from work.

Update 8/10/2015

If our developer developer had worked this with both CA and intermediate certificates from work and downloaded it and it worked!

Still interested to know about other solutions though ..... it seems strange that the iOS Distribution certificate didn't work.


source to share

3 answers

You do not need to subscribe to the apple-app-site association unless your implementation of keep-alive is for devices running iOS 8. Universal Links are new to iOS 9, and Apple no longer requires you to subscribe to the Apple-app-site-association.



Well, one answer to this question indicates that any valid domain certificate (with a CA certificate) can sign the file (even if that certificate is NOT for the domain the file will live in).

I ended up buying one for one of my domains and signing a file for another domain.



If your app is running iOS 9 or later and you are using HTTPS to work with the Apple-app-site association file, you can create a simple text file that uses the app / json MIME type and you don't need to sign it.



All Articles