Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Search instead for 
Did you mean: 
VikR0001
Level 7

SSL certificate problem: unable to get issuer certificate​?

My Roku app uses an roUrlTransfer object to retrieve data from a REST endpoint running on AWS. The endpoint uses a certificate for security.

I can successfully connect to and retrieve data from the same REST endpoint via Postman.

But when I try to connect to the REST endpoint from my Roku app, I get the error message:

get_PurchasedSTAProductsFromAWSEndpoint got error code -60
SSL certificate problem: unable to get issuer certificate

Here is my roUrlTransfer code:


    urlTransfer = CreateObject("roUrlTransfer")
    port = CreateObject("roMessagePort")
    urlTransfer.SetMessagePort(port)
    urlTransfer.SetUrl(m.global.api.BaseURL + "myRESTendpoint")
    
    urlTransfer.SetCertificatesFile("pkg:/certificates/ca_bundle.crt")  //custom cert & key
    urlTransfer.AddHeader("Content-Type", "application/json")
    urlTransfer.AddHeader("X-Roku-Reserved-Dev-Id", "my-dev-id")
    urlTransfer.InitClientCertificates()
    urlTransfer.RetainBodyOnError(true)
    urlTransfer.EnableEncodings(true)

    AddTrackingHeader(urlTransfer)
    
    requestBody = {}
    requestBody["uuid"] = m.global.device_info.uuid
    requestBody = FormatJson(requestBody)
    
    if (urlTransfer.AsyncPostFromString(requestBody))
        while (true)
           [.....]


How can I correct this?
0 Kudos
4 Replies
renojim
Level 8

Re: SSL certificate problem: unable to get issuer certificate​?

Are you sure "pkg:/certificates/ca_bundle.crt" made it into your zip? The description for error -60 states, "problem with the CA cert (path?) ".

-JT
0 Kudos
VikR0001
Level 7

Re: SSL certificate problem: unable to get issuer certificate​?

Yes. The error message is generated like this:

code = msg.GetResponseCode()
print "get_PurchasedSTAProductsFromAWSEndpoint got error code "; code
print  msg.GetFailureReason()

...so I believe I have the correct error message text.
0 Kudos
destruk
Level 10

Re: SSL certificate problem: unable to get issuer certificate​?

You might temporarily try using the common certificate in the roku firmware and see if it makes a difference --

urlTransfer.SetCertificatesFile("common:/certs/ca-bundle.crt")
0 Kudos
VikR0001
Level 7

Re: SSL certificate problem: unable to get issuer certificate​?

We found the error. It was in the line:

urlTransfer.AddHeader("X-Roku-Reserved-Dev-Id", "my_dev_id")


"X-Roku-Reserved-Dev-Id "is reserved and it is an error for our code to use it. We changed it to something else and now everything works fine. 
0 Kudos