Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MidnightJava
Visitor

SSL Connection: CA Cert not recognized

I'm trying to SSL-enable a working app, and it looks like I'm not generating the CA Cert properly, as I'm getting "Invalid HTTP response code -77" in the debugger when I call the server. I created the CA cert via openssl on Ubuntu as follows:

openssl req -x509 -newkey rsa:2048 -out cacert.pem -outform PEM -days 1825


The result of that is a Base64-encoded cert, as follows


-----BEGIN CERTIFICATE-----
<BASE64-encoded Cert data>
-----END CERTIFICATE-----


I load the CA cert into the roku, and I have a Python script that generates a server cert and signs it with the CA cert (because we want our users to be able to get a server cert signed by the CA cert used in our app). I load this server cert into apache server, behind which I'm running Tomcat hosting Subsonic as a web app. Here's how I call the Subsonic server from the BrightScript app.


xfer = CreateObject("roURLTransfer")
xfer.SetCertificatesFile("pkg:/certificates/subsonic.pem")
port = CreateObject("roMessagePort")
xfer.SetPort(port)
url = ... ; URL built correctly and verified with debug output
xfer.SetURL(url)
valid = xfer.AsyncGetToString()


At this point, I see the -77 error status, which according to the curl documentation means the CA cert is either missing or in the wrong format.
But when I load the CA cert into Firefox and navigate to the same URL, I don't get the warning about an un-trusted cert. I do get the warning before I load the CA cert into Firefox.

So Firefox is happy with the CA cert, but apparently the roku app is not. I must have done something wrong either in the cert creation or with how I'm calling the server in the BrightScript app. Anyone have any idea?
0 Kudos
2 REPLIES 2
RokuJoel
Binge Watcher

Re: SSL Connection: CA Cert not recognized

Can you PM the URL to RokuKevin, he will take a look.

- Joel
0 Kudos
MidnightJava
Visitor

Re: SSL Connection: CA Cert not recognized

Kevin, I sent you the URL yesterday. Thanks for looking into it. I just tried using a different CA cert, generated by a colleague. Same result, error code -77.
0 Kudos