question

servoronine avatar image
servoronine asked

Alexa Smart Home Skills with StartSSL Class 1 certificate

Hi,

I am starting to build my web service to integrate with Amazon Echo Dot (Alexa Skills Kit). I intend to use smart home skills using a Lambda adapter that will eventually connect to my web service. In order to use this, I would of course need to authorize Alexa with my server via OAuth2.

The problem I have is that Amazon seems to be rejecting my StartSSL class 1 certificate. Alexa app successfully calls my login page where I input my user name and password. I then redirect back to Amazon passing back the code. I can then see Amazon calling my service (via WireShark) but it eventually fails with error 46 - invalid certificate (just to be clear - this message is issued by Amazon). I've run multiple SSL checks online and they all show that my certificate and set up are valid. I also checked the list of Amazon certified CAs and StartSSL is on the list.

Any help on this would be much appreciated.

debuggingalexaalexa smart homessl
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

Galactoise avatar image
Galactoise answered
Alexa's cert requirements are extremely strict, so people have had a hard time in the past with wildcard certs or with SNI. Do either of those apply to you?
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

servoronine avatar image
servoronine answered
Not to the best of my knowledge. I have the service running on a separate IP address (both sides of NAT). IIS is also configured to route requests from this specific IP to a specific web site. I also have a certificate that is specific to the sub-domain that I am using. Interestingly, I have now configured a custom skill (which only requires implicit OAuth2 authentication and hence does not need Amazon to call my service with a token request) - and it works absolutely fine. Echo calls my custom service and I can process the command. However as soon as I try to authorize the smart home service, I get an issue with the certificate when Amazon tries to call my token endpoint.
10 |5000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.