Universal Links NSURLAuthenticationMethodServerTrust kAuthenticationErr

Did you find out anything more about this? A client of my company having exactly the same error...

Hi,

Just wanted to follow up as well to see if you figured it out. I am running in to this issue as well. Thanks!

So here's what I've found so far. My apple-app-site-association file is correct, as is the server. The company I work for uses a suite of apps (Worx Mobile Apps) for things like corporate email and meetings by a company called CITRIX. The main Worx app installs a "Mobile Device Management" profile by XenMobile on the phone. It seems that this profile is interfering with the download of the association file. So when I remove this profile and the apps from the phone, then install my app, it retrieves the file and everything works fine. Then if I reinstall Worx, everything continues to work as expected. But then deleting my app and reinstalling with Worx already installed, again causes the "server trust" error, and universal links does not work. What's interesting is that universal links seem to work just fine with my Amazon app. In a few weeks my changes will go into production, so maybe downloading the app from the app store will fix the issue. Either way, it seems like an Apple bug to me. I don't think non-associated apps and profiles should interfere with each other. I hope this helps someone, I spent a long time looking into this before finding the culprit. I'll update this thread after this hits production.

I'm the MDM Admin at NickSin's company and he and I worked together to figure this out.

To give a bit more background around this issue, we think that it has something to do with the trust of ad-hoc/enteprise distributed apps. When apps are distributed through the App Store, theyr'e signed by Apple. But when apps are distributed through an Enterprise, they're signed with the Enterprise's own certificate (which is given to them by Apple, of course). If an enterprise app is downloaded to a device outside of the App Store, the end-user has to go to Settings > General > Profiles & Device Management and tap on "Trust" for the app distributer.

The app NickSin is working on uses the same certificate as our MDM profile does. Apps distributed through an MDM profile are inherently trusted, and no manual configuration is needed.

So what I think is happening is that if an MDM profile is already installed, and then a seperate app is distributed outside the MDM profile that shares the same certificate, it interferes with the downloading of the association file.

Again, we don't know what the resolution will be, but we think we found the cause. Our hope is that when we upload the app to the App Store, the certificate sharing won't be a problem, and thus the UL will function as intended... Here's to hoping. 🙂

in my company we use Mobile Iron as MDM solution and I’m facing the exact same problem. Any hints what to do?

from my IIS server log I see that apple-app-site-association gets downloaded successfully with return code 200 and without any redirects, hoewever in Device Console I get this:

Feb 8 07:15:45 Sebastians-iPhone-6s-plus swcd(CoreUtils)[218] <Notice>: ### Bad apple-app-site-association server trust: -6754/0xFFFFE59E kAuthenticationErr, 1 (kSecTrustResultProceed), {

"TrustResultDetails" :

[

{},

{},

{}

],

"TrustResultValue" : 1,

"TrustEvaluationDate" : 2018-02-08 06:15:45.231066,

"TrustExpirationDate" : 2018-02-12 10:18:43.000000,

"TrustRevocationChecked" : true,

}