Anyone have tips on resolving https issues? My app was working fine using a wildcard certificate. I switched to a Comodo non-wildcard certificate, but now I get an error when making requests from Echo: SSL handshake failed The SSL handshake to endpoint Resource [
https://www.wakecomputer.com/compliment], Type [HTTP] failed. Please check that your java keystore is correctly configured I checked the SSL cert against a number of different online SSL checkers, none of them saw any problems. My cert does have two domains on it (
wakecomputer.com, the latter was automatically included when I requested the cert). I tried switching to Cloudflare in hopes that that would resolve my problem. It didn't. With Cloudflare on, I now get this error from Amazon: Hostname verification failed The DNS entries in the certificate presented do not match the target endpoint Resource [
https://www.wakecomputer.com/myendpoint], Type [HTTP] Perhaps it's my lack of experience with SSL configuration, or perhaps there are some nuances that I don't understand imposed by Echo. Anyone with ideas? Thanks! Anil
I also wasted a bunch of time troubleshooting HTTPS cert issues. The only thing I see in your configuration that might be causing problems is "This site works only in browsers with SNI support.". Someone from Alexa should confirm that their HTTPS client that calls apps supports SNI (where multiple SSL websites are are served from the same IP address). If they do then it's a different problem.
Hey Anil - if this is a wildcard certificate, then the CN (Common Name) must be set to: *.
wakecomputer.com Right now, it looks like it's set to:
www.wakecomputer.com You can address this by revoking the SSL cert, and regenerating your CSR once more. This process is typically free, so just repeat the steps you took and redeploy the cert. Let me know how it goes.
Thanks freebusy, James. Yeah, I can't believe how much time I'm wasting on this SSL issue. Thanks for the info on SNI freebusy. If your suspicion is right, then it means I can't use OpenShift which is a huge pain since I already have my app there. It would also explain why CloudFlare didn't work. James, no the certificate I installed should not be a wildcard. I was using a wildcard perviously, and it worked fine, but since that's not allowed to get app approval I switched to a non-wildcard cert.
Ah, yeah - sorry just re-read your original post and you do say you swapped it out with a non-wildcard cert. I'm running on my app on Google App Engine and was getting SSL handshake errors with both cert types - even though the CA was in the required Mozilla CA cert list, I'm serving the full chain (e.g. root + intermediate + server), etc. In the end, I installed the cert under nginx on a VPS and configured it to reverse proxy requests back out to App Engine (although this is hacky and a giant single point of failure, I know). This could be a temporary solution for you if moving off OpenHost is going to be a headache. freebusy might be onto something - App Engine uses SNI - so maybe the Alexa platform cannot work with it? Amazon - can you confirm whether your client works with SNI (
Thanks for the udpate rgr. It would be great to update the development documentation to state that SNI is not currently supported. It wouldn't have been a big deal for me, had I know it wasn't supported!