Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
VikR0001
Visitor
‎11-29-2018 12:43 AM

SSL certificate problem: unable to get issuer certificate​?

My Roku app uses an roUrlTransfer object to retrieve data from a REST endpoint running on AWS. The endpoint uses a certificate for security.

I can successfully connect to and retrieve data from the same REST endpoint via Postman.

But when I try to connect to the REST endpoint from my Roku app, I get the error message:

get_PurchasedSTAProductsFromAWSEndpoint got error code -60
SSL certificate problem: unable to get issuer certificate

Here is my roUrlTransfer code:


    urlTransfer = CreateObject("roUrlTransfer")
    port = CreateObject("roMessagePort")
    urlTransfer.SetMessagePort(port)
    urlTransfer.SetUrl(m.global.api.BaseURL + "myRESTendpoint")
    
    urlTransfer.SetCertificatesFile("pkg:/certificates/ca_bundle.crt")  //custom cert & key
    urlTransfer.AddHeader("Content-Type", "application/json")
    urlTransfer.AddHeader("X-Roku-Reserved-Dev-Id", "my-dev-id")
    urlTransfer.InitClientCertificates()
    urlTransfer.RetainBodyOnError(true)
    urlTransfer.EnableEncodings(true)

    AddTrackingHeader(urlTransfer)
    
    requestBody = {}
    requestBody["uuid"] = m.global.device_info.uuid
    requestBody = FormatJson(requestBody)
    
    if (urlTransfer.AsyncPostFromString(requestBody))
        while (true)
           [.....]


How can I correct this?
0 Kudos
Reply
4 REPLIES 4
renojim
Community Streaming Expert
‎11-29-2018 11:18 AM

Re: SSL certificate problem: unable to get issuer certificate​?

Are you sure "pkg:/certificates/ca_bundle.crt" made it into your zip? The description for error -60 states, "problem with the CA cert (path?) ".

-JT
Roku Community Streaming Expert

Help others find this answer and click "Accept as Solution."
If you appreciate my answer, maybe give me a Kudo.

I am not a Roku employee.
0 Kudos
Reply
VikR0001
Visitor
‎11-29-2018 02:22 PM

Re: SSL certificate problem: unable to get issuer certificate​?

Yes. The error message is generated like this:

code = msg.GetResponseCode()
print "get_PurchasedSTAProductsFromAWSEndpoint got error code "; code
print  msg.GetFailureReason()

...so I believe I have the correct error message text.
0 Kudos
Reply
destruk
Streaming Star
‎11-29-2018 02:33 PM

Re: SSL certificate problem: unable to get issuer certificate​?

You might temporarily try using the common certificate in the roku firmware and see if it makes a difference --

urlTransfer.SetCertificatesFile("common:/certs/ca-bundle.crt")
0 Kudos
Reply
VikR0001
Visitor
‎12-13-2018 11:22 AM

Re: SSL certificate problem: unable to get issuer certificate​?

We found the error. It was in the line:

urlTransfer.AddHeader("X-Roku-Reserved-Dev-Id", "my_dev_id")


"X-Roku-Reserved-Dev-Id "is reserved and it is an error for our code to use it. We changed it to something else and now everything works fine. 
0 Kudos
Reply
Need Assistance?
Welcome to the Roku Community! Feel free to search our Community for answers or post your question to get help.

Become a Roku Streaming Expert!

Share your expertise, help fellow streamers, and unlock exclusive rewards as part of the Roku Community. Learn more.