Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MidnightJava
Visitor
‎02-01-2012 09:08 AM

SSL Connection: CA Cert not recognized

I'm trying to SSL-enable a working app, and it looks like I'm not generating the CA Cert properly, as I'm getting "Invalid HTTP response code -77" in the debugger when I call the server. I created the CA cert via openssl on Ubuntu as follows:

openssl req -x509 -newkey rsa:2048 -out cacert.pem -outform PEM -days 1825


The result of that is a Base64-encoded cert, as follows


-----BEGIN CERTIFICATE-----
<BASE64-encoded Cert data>
-----END CERTIFICATE-----


I load the CA cert into the roku, and I have a Python script that generates a server cert and signs it with the CA cert (because we want our users to be able to get a server cert signed by the CA cert used in our app). I load this server cert into apache server, behind which I'm running Tomcat hosting Subsonic as a web app. Here's how I call the Subsonic server from the BrightScript app.


xfer = CreateObject("roURLTransfer")
xfer.SetCertificatesFile("pkg:/certificates/subsonic.pem")
port = CreateObject("roMessagePort")
xfer.SetPort(port)
url = ... ; URL built correctly and verified with debug output
xfer.SetURL(url)
valid = xfer.AsyncGetToString()


At this point, I see the -77 error status, which according to the curl documentation means the CA cert is either missing or in the wrong format.
But when I load the CA cert into Firefox and navigate to the same URL, I don't get the warning about an un-trusted cert. I do get the warning before I load the CA cert into Firefox.

So Firefox is happy with the CA cert, but apparently the roku app is not. I must have done something wrong either in the cert creation or with how I'm calling the server in the BrightScript app. Anyone have any idea?
0 Kudos
Reply
2 REPLIES 2
RokuJoel
Binge Watcher
‎02-01-2012 09:55 AM

Re: SSL Connection: CA Cert not recognized

Can you PM the URL to RokuKevin, he will take a look.

- Joel
0 Kudos
Reply
MidnightJava
Visitor
‎02-02-2012 05:29 PM

Re: SSL Connection: CA Cert not recognized

Kevin, I sent you the URL yesterday. Thanks for looking into it. I just tried using a different CA cert, generated by a colleague. Same result, error code -77.
0 Kudos
Reply
Need Assistance?
Welcome to the Roku Community! Feel free to search our Community for answers or post your question to get help.

Become a Roku Streaming Expert!

Share your expertise, help fellow streamers, and unlock exclusive rewards as part of the Roku Community. Learn more.