avinanuami avatar image
avinanuami asked

Echo Alexa - SSL Certificate Verification Failed

Hi, I am developing app for [b]amazon echo[/b] device. I have done with my app registration on amazon developer portal as per the instructions. I developing app with my webservice(endpoint) for which I am using PHP. According to amazon this endpoint must support HTTP over SSL/TLS, So I made my endpoint according to amazon requirements. But when I call my app in echo like [b]Alexa, launch MyAppName[/b] then in [b]cards[/b] it shows like [b]SSL Certificate Verification Failed[/b] and saying the message like [b]The certificate does not have a path to the trusted authority. This happens if you are using self-signed certificate.[/b] The amazon docs says for testing purpose, I can use self signed certificate or my endpoint should be a subdomain of a domain that has a wildcard certificate from a certificate authority. But that did not worked for me. So do I require to have a certificate signed by an Amazon Approved certificate authority. If yes then how I can do that? is there any other options? I have attached the screenshot of my echo card which shows about SSL certification failure.
alexa skills kitsubmission testing certification
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

James Chivers avatar image
James Chivers answered
Hello avinanuami! I think that error message is a bit misleading, because if you're using a self-signed certificate, it won't have a path to a root CA of course :) I'm not sure what to suggest, but can you confirm that you've configured your cert so that: [subject_alternate_names] DNS.1 = your.domain.endpoint pointing to your domain where you're hosting the app backend? (I only mention this as it got me before when I first tried self-signed and typo'd it) Other than that, there was an issue recently that broke self-signed certificates:䃁 maybe something broke again? Are the requests still reaching your app backend despite this error message? Or are you not seeing them arrive (I'm guessing not...)? As for alternatives - yes, you could use a wildcard (for testing) certificate or get a regular, non-wildcard cert; which you might be able to get for free from either your domain registrar, hosting provider, or Whatever you get must have trusted root CA in Cheers, James
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.