Your Digital Media Has Never Looked So Good

 
VikR0001
Topic Author
Posts: 39
Joined: Tue Feb 20, 2018 1:23 pm

SSL certificate problem: unable to get issuer certificate​?

Thu Nov 29, 2018 1:43 am

My Roku app uses an roUrlTransfer object to retrieve data from a REST endpoint running on AWS. The endpoint uses a certificate for security.

I can successfully connect to and retrieve data from the same REST endpoint via Postman.

But when I try to connect to the REST endpoint from my Roku app, I get the error message:

get_PurchasedSTAProductsFromAWSEndpoint got error code -60
SSL certificate problem: unable to get issuer certificate

Here is my roUrlTransfer code:

    urlTransfer = CreateObject("roUrlTransfer")
    port = CreateObject("roMessagePort")
    urlTransfer.SetMessagePort(port)
    urlTransfer.SetUrl(m.global.api.BaseURL + "myRESTendpoint")
    
    urlTransfer.SetCertificatesFile("pkg:/certificates/ca_bundle.crt")  //custom cert & key
    urlTransfer.AddHeader("Content-Type", "application/json")
    urlTransfer.AddHeader("X-Roku-Reserved-Dev-Id", "my-dev-id")
    urlTransfer.InitClientCertificates()
    urlTransfer.RetainBodyOnError(true)
    urlTransfer.EnableEncodings(true)

    AddTrackingHeader(urlTransfer)
    
    requestBody = {}
    requestBody["uuid"] = m.global.device_info.uuid
    requestBody = FormatJson(requestBody)
    
    if (urlTransfer.AsyncPostFromString(requestBody))
        while (true)
           [.....]


How can I correct this?
 
renojim
** Valued Community Member **
Posts: 3375
Joined: Mon Feb 15, 2010 1:35 pm

Re: SSL certificate problem: unable to get issuer certificate​?

Thu Nov 29, 2018 12:18 pm

Are you sure "pkg:/certificates/ca_bundle.crt" made it into your zip? The description for error -60 states, "problem with the CA cert (path?) ".

-JT
 
VikR0001
Topic Author
Posts: 39
Joined: Tue Feb 20, 2018 1:23 pm

Re: SSL certificate problem: unable to get issuer certificate​?

Thu Nov 29, 2018 3:22 pm

Yes. The error message is generated like this:

code = msg.GetResponseCode()
print "get_PurchasedSTAProductsFromAWSEndpoint got error code "; code
print  msg.GetFailureReason()

...so I believe I have the correct error message text.
 
destruk
Posts: 2599
Joined: Sat Dec 18, 2010 4:58 pm

Re: SSL certificate problem: unable to get issuer certificate​?

Thu Nov 29, 2018 3:33 pm

You might temporarily try using the common certificate in the roku firmware and see if it makes a difference --

urlTransfer.SetCertificatesFile("common:/certs/ca-bundle.crt")

Who is online

Users browsing this forum: No registered users and 3 guests