Hi, I am developing app for [b]amazon echo[/b] device. I have done with my app registration on amazon developer portal as per the instructions. I developing app with my webservice(endpoint) for which I am using PHP. According to amazon this endpoint must support HTTP over SSL/TLS, So I made my endpoint according to amazon requirements. But when I call my app in echo like [b]Alexa, launch MyAppName[/b] then in [b]cards[/b] it shows like [b]SSL Certificate Verification Failed[/b] and saying the message like [b]The certificate does not have a path to the trusted authority. This happens if you are using self-signed certificate.[/b] The amazon docs says for testing purpose, I can use self signed certificate or my endpoint should be a subdomain of a domain that has a wildcard certificate from a certificate authority. But that did not worked for me. So do I require to have a certificate signed by an Amazon Approved certificate authority. If yes then how I can do that? is there any other options? I have attached the screenshot of my echo card which shows about SSL certification failure.
Hello avinanuami! I think that error message is a bit misleading, because if you're using a self-signed certificate, it won't have a path to a root CA of course :) I'm not sure what to suggest, but can you confirm that you've configured your cert so that: [subject_alternate_names] DNS.1 = your.domain.endpoint ...is pointing to your domain where you're hosting the app backend? (I only mention this as it got me before when I first tried self-signed and typo'd it) Other than that, there was an issue recently that broke self-signed certificates:
https://forums.developer.amazon.com/forums/thread.jspa?messageID=16577䃁 ..so maybe something broke again? Are the requests still reaching your app backend despite this error message? Or are you not seeing them arrive (I'm guessing not...)? As for alternatives - yes, you could use a wildcard (for testing) certificate or get a regular, non-wildcard cert; which you might be able to get for free from either your domain registrar, hosting provider, or
startssl.com. Whatever you get must have trusted root CA in
https://wiki.mozilla.org/CA:IncludedCAs Cheers, James