问题描述
我正在尝试通过 Apple搜索验证工具,但遇到了问题与apple-app-site-association关联.
I'm trying to pass the Apple Search Validation Tool, and I'm having problems with the apple-app-site-association.
由于某种原因,机器人无法找到我的文件.但是,如果您打开URL,就在那里.
For some reason the bot can't find my file. But if you open the URL it's there.
这不是格式问题,因为甚至找不到该文件.我有https,因此不需要对我的文件进行签名.
It's not a formatting problem, because the file isn't even found.I have https so it's not needed to sign my file.
文件中没有我要求的扩展名.
I don't have any extension on my file, as asked in the documentation.
有人遇到了类似的问题,并在 Apple Developer论坛上提问,但没有帮助我.
Someone had a similar problem and asked on the Apple Developer foruns, but it didn't help me.
我的网址是 https://ps3looke.ottvs.com.br/apple-app-site-关联
我试图用cUrl检查它,一切似乎都很正常:
I tried to check it with cUrl and everything seems normal:
Caios-MacBook-Air:~ caiocoan$ curl -I https://ps3looke.ottvs.com.br/apple-app-site-association
HTTP/1.1 200 OK
Content-Length: 135
Content-Type: application/json
Last-Modified: Tue, 27 Oct 2015 15:36:52 GMT
Accept-Ranges: bytes
ETag: "f81e714dcd10d11:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 04 Nov 2015 20:43:25 GMT
对我可能做错了什么或需要做的事情有何想法?
Any ideia of what I could be doing wrong, or what I need to do?
推荐答案
我目前正在就同一问题与Microsoft支持联系.我最初的见解是Windows Server 2012 R2在处理TLS 1.2(这是AppleBot使用的HTTPS协议抓取页面)中存在一个错误.
I am currently contacting Microsoft Support over the same issue. My initial accessment is that Windows Server 2012 R2 has a bug in handling TLS 1.2, which is the HTTPS protocol that AppleBot uses crawl the pages.
您的apple-app-site-association看起来很好
Your apple-app-site-association looks perfectly fine
修改
我发现,即使验证工具不起作用,当您在iPad/iPhone上的Safari浏览器上访问该网站时,"xxx应用程序中的打开"按钮也会弹出
I found that even with the validation tool not working, when you visit the site on Safari on the iPad/iPhone, the Open in the xxx app does pop out
更新2015-12-22
微软又回到了我身边.问题是AppleBot发送以下客户端Hello来启动SSL连接
Microsoft has gotten back to me. The issue is that AppleBot sends the following Client Hello to initiate SSL connection
Signature Hash Algorithms (4 algorithms)
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0403
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0203
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
当您查看SSL证书的证书层次结构时,您会看到
When you look at the certificate hierarchy of your SSL certificate, you see
COMODO RSA Organization Validation Secure Server CA
Certificate signature algorithm
PKCS #1 SHA-384 With RSA Encryption
当Windows Server从AppleBot接收到客户端Hello时,它将看到AppleBot支持SHA1和SHA256,但是,您的证书要求支持SHA384.因此,根据 http://tools.ietf.org/html/rfc5246 #section-7.4.1.4.1 ,无法满足请求,Windows Server会重置连接.然后,AppleBot将报告为找不到文件.
When Windows Server receives the Client Hello from AppleBot, it sees that AppleBot supports SHA1 and SHA256, however, your certificate requires support for SHA384. Thus, according to http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1, there is no way to fulfil the request and Windows Server resets the connection. AppleBot then reports as file not found.
具体来说,RFC5246说
Specifically, RFC5246 says
If the client provided a "signature_algorithms" extension, then all
certificates provided by the server MUST be signed by a
hash/signature algorithm pair that appears in that extension.
Microsoft建议的补救措施
当您需要使用验证器时,请创建一个自签名证书.默认情况下,Windows使用SHA1作为证书签名算法.将自签名证书绑定到HTTPS端点,然后使用验证器确保apple-app-site-association文件正常.然后,您可以切换回购买的实际SSL证书.
When you need to use the validator, create a self-signed certificate. By default, Windows uses SHA1 as the certificate signature algorithm. Bind the self-signed cert to your HTTPS endpoint, then use the validator to ensure that your apple-app-site-association file is okay. You can then switch back to the actual SSL certificate you bought.
我的警告
请勿在生产服务器上放置自签名证书.创建另一个服务器进行测试!
Do not put a self-signed cert on your production server. Create another server to test!
这篇关于找不到苹果应用程序站点关联的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!