Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VikR0001
Visitor

SSL certificate problem: unable to get issuer certificate​?

My Roku app uses an roUrlTransfer object to retrieve data from a REST endpoint running on AWS. The endpoint uses a certificate for security.

I can successfully connect to and retrieve data from the same REST endpoint via Postman.

But when I try to connect to the REST endpoint from my Roku app, I get the error message:

get_PurchasedSTAProductsFromAWSEndpoint got error code -60
SSL certificate problem: unable to get issuer certificate

Here is my roUrlTransfer code:


    urlTransfer = CreateObject("roUrlTransfer")
    port = CreateObject("roMessagePort")
    urlTransfer.SetMessagePort(port)
    urlTransfer.SetUrl(m.global.api.BaseURL + "myRESTendpoint")
    
    urlTransfer.SetCertificatesFile("pkg:/certificates/ca_bundle.crt")  //custom cert & key
    urlTransfer.AddHeader("Content-Type", "application/json")
    urlTransfer.AddHeader("X-Roku-Reserved-Dev-Id", "my-dev-id")
    urlTransfer.InitClientCertificates()
    urlTransfer.RetainBodyOnError(true)
    urlTransfer.EnableEncodings(true)

    AddTrackingHeader(urlTransfer)
    
    requestBody = {}
    requestBody["uuid"] = m.global.device_info.uuid
    requestBody = FormatJson(requestBody)
    
    if (urlTransfer.AsyncPostFromString(requestBody))
        while (true)
           [.....]


How can I correct this?
0 Kudos
4 REPLIES 4
renojim
Community Streaming Expert

Re: SSL certificate problem: unable to get issuer certificate​?

Are you sure "pkg:/certificates/ca_bundle.crt" made it into your zip? The description for error -60 states, "problem with the CA cert (path?) ".

-JT
Roku Community Streaming Expert

Help others find this answer and click "Accept as Solution."
If you appreciate my answer, maybe give me a Kudo.

I am not a Roku employee.
0 Kudos
VikR0001
Visitor

Re: SSL certificate problem: unable to get issuer certificate​?

Yes. The error message is generated like this:

code = msg.GetResponseCode()
print "get_PurchasedSTAProductsFromAWSEndpoint got error code "; code
print  msg.GetFailureReason()

...so I believe I have the correct error message text.
0 Kudos
destruk
Binge Watcher

Re: SSL certificate problem: unable to get issuer certificate​?

You might temporarily try using the common certificate in the roku firmware and see if it makes a difference --

urlTransfer.SetCertificatesFile("common:/certs/ca-bundle.crt")
0 Kudos
VikR0001
Visitor

Re: SSL certificate problem: unable to get issuer certificate​?

We found the error. It was in the line:

urlTransfer.AddHeader("X-Roku-Reserved-Dev-Id", "my_dev_id")


"X-Roku-Reserved-Dev-Id "is reserved and it is an error for our code to use it. We changed it to something else and now everything works fine. 
0 Kudos