SSL (sorry, another one!) Q: SSL handshake failed, using cloudflare
I've read through all of the other "SSL handshake failed" threads, but I'm not sure they address my problem. That said, to be honest setting up SSL isn't something I've spent much time doing in the past and so I quite honestly don't understand the nuances. Anyway, I'm guessing my problem stems from the fact that I'm using CloudFlare's crypto service, which essentially acts as an SSL termination point for my domain. Still, as far as I know this should be valid in terms of security/etc. I've looked at a few of these online "ssl checker" type utilities and each of them seems to report that everything is setup correctly, everything looks good. For example, here are two that I looked at:
http://imgur.com/a/e4zzQ Anyway, the error I'm getting is, I think, boiler plate, but ti's "Request identifier: amzn1.echo.api.request..... The SSL handshare to endpoint Resource [https://[my domain/end point]], Type [HTTP] failed. Please check that your java keystore is correct configured. Any thoughts or troubleshooting tips? Thank you!
Hi Kevin! Can you confirm whether your endpoint on cloudflare is using SNI? If so, it's something that is not currently supported; please see:
https://forums.developer.amazon.com/forums/thread.jspa?messageID=16173㼭 I'm also a victim of this, as I host on App Engine which is SNI based for SSL certs. I was able to get around the issue by setting up a VPS + nginx as a reverse proxy frontend to my app requests. I can help set that up for you if you'd like - lmk. Cheers, James
Thank you, that must be it. Apparently CloudFlare uses SNI. For now I'll just self sign my cert until I'm read to "launch", then I guess I'll have to buy a cert. Though, I still have a pending question about that (see:
https://forums.developer.amazon.com/forums/thread.jspa?threadID=5622&tstart=0), so we'll see :) Thanks again, now I know that at least I'm not going crazy, and in fact things were working as they should have been (that is, not working with the SNI). <3
Cool, glad to have helped. I hate working with small children, animals and SSL certificates :) I've taken a look at that other question for you - please let me know if anything is unclear, or I can help further.