question

Joshua Birk avatar image
Joshua Birk asked

What is the correct SSL option for *.herokuapp.com?

I'm trying to do a simple smoke test with a Heroku deployed app ( https://application-name-here.herokuapp.com). When I use: "My development endpoint has a certificate from a trusted certificate authority (required for certification)" The SSL option checks green, but Alexa says she can't reach the requested application. And the card says: The certificate of the endpoint uses a wildcard domain name in its cname or subject alts: *. herokuapp.com If I do: "My development endpoint is a subdomain of a domain that has a wildcard certificate from a certificate authority" Which seems more accurate, but does not check green in the skills setup and Alexa says "there was a problem with requested application's response". The content card says: The application responded with a non-200 HTTP status code I assume because she doesn't like the cert. This is purely for dev and testing, I don't have any immediate goal for production. Does it require a self-signed cert? Message was edited by: Joshua Birk
alexa skills kitdebugging
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Joshua Birk avatar image
Joshua Birk answered
OK - I *think* it is meant to be wildcard, even though the check does not flip green (?) Can anyone confirm? I found a bug in my code and I seem to be getting the response, even though Alex still won't say hello back. I now get no card instead of an error card.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Joshua Birk avatar image
Joshua Birk answered
Confirmed - it works now that I am handling the post body correctly. Seems weird that the wildcard SSL option won't show a green check, but it does work.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Nick Gardner avatar image
Nick Gardner answered
The wildcard cert option works, but it doesn't show a green check because it is not a valid option for an app to go through certification. For that, you need a certificate from a trusted authority which is not a wildcard certificate. Thanks, Nick
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

bosscube avatar image
bosscube answered
I'm having a similar issue. I'm using the endpoint https://www.mydomain.com/alexa and I selected the option: [i]My development endpoint has a certificate from a trusted certificate authority (required for certification)[/i] My SSL certificate is issued by Starfield and uses SHA-2. I can access the page and see the JSON response with a 200 status code, but using the test harness I get the following response: [i]Unable to call remote endpoint or the response is invalid[/i] In the Alexa app, I get the following error card: [i]The application responded with a non-200 HTTP status code[/i] Again, testing in Chrome and then again with a simple WinSock app, I can see a 200 status code, the correct application/json content-type header, content-length header, etc. I tried switching to the wildcard option, but when I do I get a different error card: [i]A connection could not be established to Resource [ https://www.mydomain.com/alexa], Type [HTTP][/i] Does Alexa not trust a Starfield issued certificate? I can switch the algorithm over to GoDaddy SHA-2 if needed.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Nick Gardner avatar image
Nick Gardner answered
Is the certificate an SNI certificate? Those are not supported at this time and will give the error you describe. -Nick
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

bosscube avatar image
bosscube answered
I'm embarrassed to say I have no idea :) I just switched to SHA-1 encryption instead of SHA-2 so we'll see if that makes any difference. Also I just realized I could export the certificate in Chrome as X.509, so I'll try using the X.509 option in the Alexa console -- fingers crossed!
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

bosscube avatar image
bosscube answered
Nope, neither worked. I tried switching to SHA-1 and then exporting as base64-encoded X.509 and using that option. I still get an error card on the Alexa app stating what's below. I am out of ideas :( [b]Application response was marked as failure[/b] Request Identifier: amzn1.echo-api.request.xxxxxxxxxxxxxxxxx The application responded with a non-200 HTTP status code Response from my endpoint in Chrome: HTTP/1.1 200 OK Date: Mon, 21 Sep 2015 23:30:40 GMT Server: Apache Content-Length: 222 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/json;charset=UTF-8 { "version" : "1.0", "response" : { "outputSpeech" : { "type" : "PlainText", "text" : "Hello World!" }, "shouldEndSession" : true }, "sessionAttributes": {} }
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

bosscube avatar image
bosscube answered
So I just realized that the content length header appeared to be wrong. PHP strlen() didn't seem to be counting my line breaks. So I changed my code to this: Still no go. I tried just using {} as the response, and lo and behold, I get a different error: [b]Null SpeechletResponse[/b] [i]The SpeechletResponse must not be null[/i] This would lead me to believe that the endpoint is returning a 200 status but something is jacked up with the JSON response. I'm at wit's end though. Need beer.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

bosscube avatar image
bosscube answered
Got it. There were 3 issues here. 1. My content-length was incorrect. I've fixed that by using json_encode(json_decode('JSON_HERE')) 2. I was using the following skill endpoint: http://www.mydomain.com/alexa .. Apparently this is BAD. Changing this to http://www.mydomain.com/alexa[b]/index.php[/b] instantly works. 3. Even with the changes above, the Alexa test harness provided by Amazon could not connect to my endpoint. Testing on the Echo itself is fine. I hope this saves someone else some frustration!! The beer definitely helped :)
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.