Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
pcnweb
Channel Surfer

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

I'm sorry OddScott, you don't understand my post. I'm using Roku's embedded cert bundle for secure authentication, their embedded cert bundle is the one that is failing. Only Roku can update:

"common:/certs/ca-bundle.crt"

as they are injecting it when the app is compiled. Now that I'm sure I have the latest OS, I'm going to compile and submit it again. Roku could have done this themselves over the weekend for everyone using their ca-bundle.crt and avoided all this, potentially.

0 Kudos
pcnweb
Channel Surfer

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

That's not the issue, now they are moderating posts.

common:/certs/ca-bundle.crt

This is Roku's embedded cert bundle - it's failing. Now that I'm sure the machine I am at has the latest OS, I'm going to try repackaging, resubmitting and hoping the embedded bundle is updated.

That's the issue here and will be for an enormous number of devs.

0 Kudos
pcnweb
Channel Surfer

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

Ok, ignore the other noise on here if you are using Roku's embedded cert bundle:

common:/certs/ca-bundle.crt

You need your packaging device updated to at least:

9.3.0v4170

Change your version manifest number (or some other content change), upload to device, test and see that the new embedded cert works, package and upload for certification.

The bad news, the upload for certification tool does not seem to be working on:
developer.roku.com/developer-channels/channels/edit/packageUpload/

right now.

0 Kudos
OddScott
Roku Guru

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

There seem to be at least two different ways to resolve this issue. A Roku OS update is one way. Replacing the certs on the other side of the connection - at the server - is the other way.

What posts have been moderated?

www.InstantTvChannel.com - 717-441-4386 - Build a Roku SDK channel in 15 minutes! - Easy Direct Publisher to SDK upgrades!
0 Kudos
OddScott
Roku Guru

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

@pcnweb - Not sure which posts you think are "noise". I think we're all trying to resolve this issue. Most devs, including myself, use Roku's OS-embedded certs. But because of the way certs work, you can also work around the problem by changing the cert on the server side, where your videos are streaming from.

I wasn't aware that the embedded certs come from the device which does the packaging. I thought the certs are included in the downloaded OS that is automatically installed on the end-users' Roku devices.

 

www.InstantTvChannel.com - 717-441-4386 - Build a Roku SDK channel in 15 minutes! - Easy Direct Publisher to SDK upgrades!
0 Kudos
pcnweb
Channel Surfer

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

There is one way to fix Roku's own embedded cert bundle (common:/certs/ca-bundle.crt) which is injected when it's compiled - my steps above.

Anyone using expired certs on platforms like Amazon. etc - has a separate issue that needs to addressed there.

0 Kudos
pcnweb
Channel Surfer

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

My updated channel (steps above) was just approved and functions correctly again - if you are using Roku's embedded cert, do what I did immediately.

0 Kudos
RokuTomC
Community Moderator
Community Moderator

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

Scott is correct that this issue can be resolved by replacing the cert the server. In fact, this is the advisable solution even with Roku's updated cert bundle, as the cert's presence on the server may negatively impact applications running on other streaming platforms, particularly platforms with older devices still in use.

0 Kudos
RokuTomC
Community Moderator
Community Moderator

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

An update on the OS patch (Roku OS 9.3 build 4170) which includes the updated cert bundle:

The build is currently available on all set-top boxes and streaming sticks ("players") now via a manual update from the user. Pending any unforeseen hiccups, these devices will automatically update to the new build (irrespective of a manual update) throughout the week, with all players having received it by Thursday. Amarillo devices may be the one exception to this rule; they may require an additional update.

Roku TVs are currently scheduled to receive the patch update around the final week of June.

I will continue to provide updates on the rollout of Roku TVs as well as players (including any exceptions for Amarillo) until the rollout is complete.

chaklasiyanikun
Roku Guru

Re: [Potential service disruption] — Upcoming SSL certificate expiration could impact channel operat

Hello, @RokuTomC My Roku Device Software version is Up-to-Date "9.3.0 Build 4170-91".  I used Roku Premiere+ Device(Gilbert).

This is an SSL certificate problem or something else I don't understand clearly. I put questions in the Roku partner success team. But, no response found. My question is below : 

My two URLs are not running with Roku. It's my first experience I facing URLs is not running in Roku.

Not Working Image URL is: https://simultv.com:1400/nodeapi/Channels/file-1591699694712.jpg
Not Working Video URL is: https://simultv.com:4500/Movie/CimarronStrip.mp4

Working Image URL is: https://simultv.com/ace.png

Both, Not Working URLs Running with the ports and Working URLs Not Running With the ports. I'm not sure. Does it matter, if the server is running without running with a port or running with a port? I'm Still not found any solution for this.

I also tried with adding an SSL certificate like below. But no luck.

screen.SetCertificatesFile("common:/certs/ca-bundle.crt")
screen.InitClientCertificates()

or

poster.SetCertificatesFile("common:/certs/ca-bundle.crt")
poster.InitClientCertificates()

 

0 Kudos