SSL Connection: CA Cert not recognized
I'm trying to SSL-enable a working app, and it looks like I'm not generating the CA Cert properly, as I'm getting "Invalid HTTP response code -77" in the debugger when I call the server. I created the CA cert via openssl on Ubuntu as follows:
The result of that is a Base64-encoded cert, as follows
I load the CA cert into the roku, and I have a Python script that generates a server cert and signs it with the CA cert (because we want our users to be able to get a server cert signed by the CA cert used in our app). I load this server cert into apache server, behind which I'm running Tomcat hosting Subsonic as a web app. Here's how I call the Subsonic server from the BrightScript app.
At this point, I see the -77 error status, which according to the curl documentation means the CA cert is either missing or in the wrong format.
But when I load the CA cert into Firefox and navigate to the same URL, I don't get the warning about an un-trusted cert. I do get the warning before I load the CA cert into Firefox.
So Firefox is happy with the CA cert, but apparently the roku app is not. I must have done something wrong either in the cert creation or with how I'm calling the server in the BrightScript app. Anyone have any idea?
openssl req -x509 -newkey rsa:2048 -out cacert.pem -outform PEM -days 1825
The result of that is a Base64-encoded cert, as follows
-----BEGIN CERTIFICATE-----
<BASE64-encoded Cert data>
-----END CERTIFICATE-----
I load the CA cert into the roku, and I have a Python script that generates a server cert and signs it with the CA cert (because we want our users to be able to get a server cert signed by the CA cert used in our app). I load this server cert into apache server, behind which I'm running Tomcat hosting Subsonic as a web app. Here's how I call the Subsonic server from the BrightScript app.
xfer = CreateObject("roURLTransfer")
xfer.SetCertificatesFile("pkg:/certificates/subsonic.pem")
port = CreateObject("roMessagePort")
xfer.SetPort(port)
url = ... ; URL built correctly and verified with debug output
xfer.SetURL(url)
valid = xfer.AsyncGetToString()
At this point, I see the -77 error status, which according to the curl documentation means the CA cert is either missing or in the wrong format.
But when I load the CA cert into Firefox and navigate to the same URL, I don't get the warning about an un-trusted cert. I do get the warning before I load the CA cert into Firefox.
So Firefox is happy with the CA cert, but apparently the roku app is not. I must have done something wrong either in the cert creation or with how I'm calling the server in the BrightScript app. Anyone have any idea?
