question

Jim Hunter avatar image
Jim Hunter asked

SSL wildcards not supported

I have not done any development for a few days but when I tried yesterday to get back in and update my app, I discovered that my apps no longer work because Amazon doesn't like wildcard certs. I am using a very large, well respected, API company to host my endpoints so that I can easily have security and better debugging. But all my apps are prepended to the domain name of the hosting company and their cert is a wildcard cert in order to handle this paradigm. So why is this such a bad thing? Not allowing this means I now have to purchase a domain name, get another server to host it, purchase a cert all for an app that isn't going to make me any money but might help Amazon sell more Echos. Why should I be forced to spend money for no apparent reason? I have read that people are having this same issue using Amazons App Engine, how ironic is that. Mine is the same situation. So right now I can't even work on my app, I am completely frozen out of all testing. Thanks, Jim
alexa skills kitsubmission testing certification
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jim Hunter avatar image
Jim Hunter answered
Tech support emailed me and said they were working on this and would update this post with info. It has been over a week and no information and my apps still will not work. What is the status of this? Is it going to get resolved? Do I have to change my entire process chain now and spend money I don't think I should have to spend? Thanks, Jim
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jim Hunter avatar image
Jim Hunter answered
Come on Amazon, at lease respond saying you are still looking into this. Right now I am dead in the water. I feel like I have been abandoned, not a good feeling at all. Give me something Amazon, anything... Jim
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Nick Gardner avatar image
Nick Gardner answered
Hello Jim, The Alexa service allows wildcard certificates to be used when developing and testing your application. In order for a wildcard certificate to be accepted, you must select the "My development endpoint is a subdomain of a domain that has a wildcard certificate from a certificate authority" option under the SSL Certificate tab on developer.amazon.com Thanks, Nick
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jim Hunter avatar image
Jim Hunter answered
Thanks for the response. When I first set up the app I don't recall that being an option. But setting it to that allows me to get back to a testing state. Now I have to figure out why what was working before the SSL issue is no longer working, in both my apps, So you are saying that a wildcard domain can not be used in production? If not, why? Thanks, Jim FYI- the watch feature of these forums does not seem to work. I had a watch set for this thread but got no notification when you replied to it.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

James Chivers avatar image
James Chivers answered
Hi Jim, I'm guessing wildcard SSL certs are not permitted in production because you can have multiple "tenants" under a single domain / hosting service running off different subdomains - i.e. the trust scope per domain is near-infinite with wildcards. By enforcing non-wildcard certs, you reduce the number of possible endpoints protected by a single private key to one. Functionally, I see no issues with wildcard (and hey, you can have wildcard certs for dev apps) - I expect it's more a process and trust requirement. Cheers, James
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jim Hunter avatar image
Jim Hunter answered
Thanks for the reply, but I don't agree. "By enforcing non-wildcard certs, you reduce the number of possible endpoints protected by a single private key to one" - does not reduce the endpoints to one. The only difference is that without wildcards the endpoints are defined at the end of the domain, and with wildcards they are defined at the beginning. It's simply semantics. There is no real difference. I ask that you take this information to the people that made the decision, to not allow wildcards, and have them make a change. There is no reason to not allow wildcards. For example, the following are both covered by a single cert (each side of the example): app.somedomain.com/endpoint1 can be somedomain.com/app/endpoint1 app2.somedomain.com/endpoint2 can be somedomain.com/app2/endpoint2 etc. The company I choose uses the first method to designate differences between apps instead of the latter. Using the latter you can have thousands of apps/endpoints under one cert, just like you can placing the endpoint before the domain. There is no difference to Amazon on security (I guarantee Amazon uses wildcard certs themselves, so Amazon must believe they are secure). One method is not more or less secure than the other. I have already spent enough money on the device I don't want to spend more money and time on apps that are not going to generate money. Thanks, Jim
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.