User Profile

In our test environments (only accessible over VPN), universal links have recently started to fail (for iOS 13, which doesn't use Apple's AASA CDN). I've captured a sysdiagnose to look at the swcd logs. I see entires for our private test domains that look like this (edited to redact domain details just in case): Service:              applinks App ID:               <<redacted>> App Version:          2101251821 Domain:               <<redacted>> User Approval:        unspecified Site/Fmwk Approval:   unspecified Flags:                 Last Checked:         2021-01-26 12:12:01 +0000 Next Check:           2021-01-26 15:17:37 +0000 Error:                Error Domain=SWCErrorDomain Code=100 "Disallowed trust result type." UserInfo={Line=174, Function=-[SWCSecurityGuard verifyTrust:error:], NSDebugDescription=Disallowed trust result type., TrustResultType=6} Retries:              1 I've done a little bit of digging for TrustResultType and I'm guessing that it might be a SecTrustResultType which is an enum. If this is the case then the error code is kSecTrustResultFatalTrustFailure - https://developer.apple.com/documentation/security/sectrustresulttype/ksectrustresultfataltrustfailure?language=objc. Digging a bit more, the only mentions that I can find such as this Apple doc - https://developer.apple.com/documentation/security/certificate_key_and_trust_services/trust/discovering_why_a_trust_evaluation_failed suggest that there is probably some kind of certificate issue. Am I right that this is probably a certificate issue? Is there any way to discover more about what swcd is troubled by (perhaps the function and line number in the error could be helpful)? I'd like to be able to find out more specifically what the issue is so I can point out infrastructure team in the direction of the cause. NB: if I try to directly open the AASA file at <redacted-domain>/.well-known/apple-app-site-association using a test iPhone on the VPN, I can open the file and it looks correct to me. However, perhaps Safari has less stringent certificate requirements than swcd? Thanks.