question

April L. Hamilton avatar image
April L. Hamilton asked

"Presenting" SSL Certificate

First, apologies for the novice questions; I'm a pretty strong app dev, but haven't concentrated on server-side stuff for a very long time. In the documentation about testing, there's an instruction to: "Finally, configure your endpoint to present this certificate. The specifics for doing this depend on how you are hosting the web service for your app. For example, if you use Amazon Web Services Elastic Beanstalk, you upload the certificate file as part of the configuration process." Are there any examples for how to "present this certificate" when the app is hosted on VPS host services provider like HostGator [i]instead[/i] of Elastic Beanstalk, and the SSL cert is [i]not[/i] self-signed? Also, assuming installation of node.js and npm modules on the VPS, is what I'm proposing a workable environment for hosting Echo apps?
alexa skills kitdebugging
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Anil avatar image
Anil answered
Hi, Let me start off by saying I know nothing about HostGator, so take this all with a large grain of salt! Hopefully it will be somewhat helpful. There are two security requirements to host an app: 1. Your site needs to use SSL (https) using a certificate issued for your fully qualified domain (e.g. not a wildcard) 2. Your site needs to verify the incoming requests to make sure they are signed by Amazon. I'm told they will be providing more information on that soon. For #1. It sounds like you already have a certificate. For what I see on HostGator ( http://support.hostgator.com/articles/ssl-certificates/acquire-ssl/how-do-i-purchase-a-private-ssl-from-you-and-what-type-is-it) if you buy a cert from them they'll install it for you. Two points to check if you have https working: 1. That the certificate was certified by an accepted authority. I know Comodo is on their list, I don't see Positive SSL there. You'll need to double check: https://wiki.mozilla.org/CA:IncludedCAs 2. SNI is not yet supported. Check your site on https://www.ssllabs.com/ and have a look to see if SNI support is required (for example "IE 8 / XP" will fail if your configuration requires SNI). Hope this helps. Good luck!
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

James Chivers avatar image
James Chivers answered
Hello April, and welcome to the Echo forums! There's no such thing as a novice question - we all need to start somewhere, and you've posted in 'Getting Started' which is perfect :) "presenting certificates" - what Amazon means is: your web server, that will receive the requests from Alexa, needs to hold an SSL certificate for the domain you're using to serve your app For example, say your domain is april.com - you will need to acquire an SSL certificate for this domain. You can either generate your own (self-signed), or preferably buy the certificate. Good domain registrars will give you a non-wildcard SSL certificate for free. The most important thing about your certificate is that it was issued by a CA (Certificate Authority) in the Mozilla CA list: https://wiki.mozilla.org/CA:IncludedCAs ...as Amazon's Alexa backend holds these CA certificates and will use them to check your own specific cert. I think most SSL certs are covered by this CA's in that list, but check first to be sure. When configuring your Alexa app, you will then set the 'App Endpoint' to something like: https://april.com/path/to/app When Alexa makes a call to your https App Endpoint, your web server will then 'present' your SSL certificate to initiate a secure connection (with Alexa) and to validate your domain. A VPS, such as offered by HostGator is absolutely fine to serve as an App Endpoint for Alexa apps - as long as the web server on your VPS is configured to present your SSL against your domain. It looks like HostGator use Apache which is perfect for this. I've no experience with node.js, but you should check out Matt Kruse's thread here: https://forums.developer.amazon.com/forums/thread.jspa?messageID=16211 ...as he's published both an npm module and a node.js+express server. Let me know if the above is useful; happy to try and help you get started with Apache, etc. if need be. Cheers, James
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

April L. Hamilton avatar image
April L. Hamilton answered
Thanks very much, James and Anil. It sounds as if I'm all set as far as SSL cert (I purchased a Comodo cert for my domain through HostGator, and they've installed it). Now I just need to dig into the node stuff...I'll check that linked thread, thanks for the heads-up on it!
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.