You need to specify which Certificate Authorities to trust. You can specify our default bundle (same as Firefox) with:

roUrlTransfer.SetCertificatesFile("common:/certs/ca-bundle.crt")

Or use the same call to specify a crt file in your pkg.

--Kevin

Thanks, Kevin. That did the trick perfectly.

I think I'm having a similar problem regarding trusted CA root certs, but not sure.

I don't need to do mutual authentication (as listed here); I basically just want to send an email address via http post to an https addr via roUrlTransfer.

I have tried using both the cacert.pem included with the SDK, as well as a pem file my client provided for me by request. The client's pem file seems legit as tested with the checker at sslshopper.com, but if I do an "openssl verify" on it I get "error 20 at 0 depth lookup:unable to get local issuer certificate" (not sure it applies).

This is the error I'm getting via the roku debug console:
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
getresponsecode -60

Finally, if I'm not doing mutual authentication, do I still need to upload the package as a private test channel in order for this to work properly?

Thanks for any advice!

Ah answered my own question.. was quite easy. I just viewed the certificate chain via firefox, grabbed the certificate at the top of the chain and created a pem file with it, and used called that in the brightscript code. I thought the intermediate CA certificate was good enough but it wasn't. Problem solved.

can you send me snippet code how to do that to solved certificate problem

please...................