question

Kevin M avatar image
Kevin M asked

SSL (sorry, another one!) Q: SSL handshake failed, using cloudflare

I've read through all of the other "SSL handshake failed" threads, but I'm not sure they address my problem. That said, to be honest setting up SSL isn't something I've spent much time doing in the past and so I quite honestly don't understand the nuances. Anyway, I'm guessing my problem stems from the fact that I'm using CloudFlare's crypto service, which essentially acts as an SSL termination point for my domain. Still, as far as I know this should be valid in terms of security/etc. I've looked at a few of these online "ssl checker" type utilities and each of them seems to report that everything is setup correctly, everything looks good. For example, here are two that I looked at: http://imgur.com/a/e4zzQ Anyway, the error I'm getting is, I think, boiler plate, but ti's "Request identifier: amzn1.echo.api.request..... The SSL handshare to endpoint Resource [https://[my domain/end point]], Type [HTTP] failed. Please check that your java keystore is correct configured. Any thoughts or troubleshooting tips? Thank you!
alexa skills kitsubmission testing certification
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

James Chivers avatar image
James Chivers answered
Hi Kevin! Can you confirm whether your endpoint on cloudflare is using SNI? If so, it's something that is not currently supported; please see: https://forums.developer.amazon.com/forums/thread.jspa?messageID=16173㼭 I'm also a victim of this, as I host on App Engine which is SNI based for SSL certs. I was able to get around the issue by setting up a VPS + nginx as a reverse proxy frontend to my app requests. I can help set that up for you if you'd like - lmk. Cheers, James
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kevin M avatar image
Kevin M answered
Thank you, that must be it. Apparently CloudFlare uses SNI. For now I'll just self sign my cert until I'm read to "launch", then I guess I'll have to buy a cert. Though, I still have a pending question about that (see: https://forums.developer.amazon.com/forums/thread.jspa?threadID=5622&tstart=0), so we'll see :) Thanks again, now I know that at least I'm not going crazy, and in fact things were working as they should have been (that is, not working with the SNI). <3
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

James Chivers avatar image
James Chivers answered
Cool, glad to have helped. I hate working with small children, animals and SSL certificates :) I've taken a look at that other question for you - please let me know if anything is unclear, or I can help further.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jan Lubeck avatar image
Jan Lubeck answered

I found this: https://forums.developer.amazon.com/articles/46669/wildcard-certificates-and-sni-support.html

Apparently they are supporting SNI now, but for some reason I'm still having the same problem as the original poster.

Any ideas?

Thanks!

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.