Associated Domains don’t work with self-signed certs on iOS 13

Heads-up if you’re using self-signed certificates for your app’s Associated Domains – iOS 13 won’t trust them for fetching the AASA file. You have to use a certificate which has been trusted by a trusted root in Trust Store.

Lately we had a case where we had set up a test Associated Domain in our internal network and we’d used a self-signed certificate for it. On iOS 12 and earlier it had worked, but on iOS 13 we got this error in the iOS console:

default 19:18:09.044256 +0200   swcd    Trust evaluate failure: [root AnchorTrusted]
 error   19:18:09.101468 +0200   swcd    Failed to verify server trust  for task <task-id> { domain: <domain>, bytes: 0, wk: y, p: background }: Error Domain=SWCErrorDomain Code=103 "Certificate is not rooted in the system trust store." UserInfo={Line=168, Function=-[SWCSecurityGuard verifyTrust:error:], RootCertificate=, NSDebugDescription=Certificate is not rooted in the system trust store.}

So go the simplest way – use a proper certificate for your Associated Domains – and you won’t have this problem.