question

GilowTech avatar image
GilowTech asked

Custom Skill Web Service Self Signed SSL Certificate Issue

We currently have a basic test skill created and coded and ready to test.
It took awhile but we have our Tomcat server correctly configured for SSL to interact with the Amazon Alexa service. We are now getting an error that our SSL certificate is not signed by a CA from the Developer Console when the skill is tested. From the documentation on SSL it is implied (although not stated) that we wouldn't need the SSL certified by a CA.

The Error we are getting:
"The certificate of the endpoint Resource [https://*******], Type [HTTP], Region [DEFAULT] does not have a path to a trusted authority. This happens if you are using a self signed certificate."

Before we go get a certificate signed by a CA I wanted to ask a few questions

  • Is there a way to test our skill with a self-signed certificate (like with the ASK command line)?
  • In the future amazon is going to require that SSL certificates be signed by them, not just any CA. There is a charge to use the amazon service to sign a private key. Is there a way to sign our CA for free for testing purposes?

Me and a friend are developing for Alexa as kind of a side project and wanted to get the basics down and even test out some ideas before investing in a dynamic Amazon server and SSL certificate signing.

Thank you in advance,

alexa skills kittestingcertificatessl
10 |3000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Anand@Amazon avatar image
Anand@Amazon answered

Hello GilowTech,

Thanks for posting !!!

You can use self signed certificates for testing purpose but you need a CA signed certificates when you try to publish your skill.

This means that the web service for a skill published to users must present a valid, trusted certificate when the connection is established and must possess the corresponding private key.

The SSL certificate type you need to get started depends on how you plan to get the SSL certificate for your web service. You select the type of certificate on the Build page, in Custom > Endpoint.

  1. If you host your web service on an endpoint for which you already have a certificate signed by an Amazon-approved certificate authority, select the My development endpoint has a certificate from a trusted certificate authority.
  2. If you host your web service with a cloud platform that provides a wildcard certificate, select My development endpoint is a sub-domain of a domain that has a wildcard certificate from a certificate authority.
    • A wildcard certificate is set up to provide SSL for multiple sub-domains. It still must be signed by a trusted certificate authority.
    • Check with the cloud hosting provider you are using to determine whether they provide this type of certificate to your web service.
    • Note that the wildcard certificate provided by your cloud platform must be signed by an Amazon-approved certificate authority.
  3. If you create a free self-signed certificate, you can create the certificate yourself, upload it to the Developer Portal when you register the skill, and configure your endpoint to present this certificate when it connects to Alexa. See Configure Your Web Service to Use a Self-signed Certificate for instructions.
6 comments
10 |3000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Our issue is that we can not test with the self signed certificate.

1 Like 1 ·

Hello GilowTech,

Sorry for late reply !!

Please try to get certificates from Amazon approved certificate authority to get it working.

-1 Like -1 ·