Try using
http://sdkdocs.roku.com/display/RokuSDK ... icatesVoid

Tried that already (but tried it again just now to make sure!) and it doesn't make a difference, tested on both 3.1 & 4.8.

...stuff to set up roGridScreen...
rv1=screen.SetCertificatesFile("common:/certs/ca-bundle.crt")
rv2=screen.InitClientCertificates()
...SetContentList() & Show()...

Both rv1 & rv2 are boolean true, but still no HTTPS grid posters. 😞

Any official response to this?

Here's someone else with basically the same question from about 9 months ago:
http://forums.roku.com/viewtopic.php?f=34&t=44790&p=304071&hilit=ssl#p304071

This problem is consistent, repeatable, and affects grid posters hosted on S3 (using SSL URLs w/expiration), as well as an Apache server with a cheapo Godaddy cert. The same poster URLs work fine elsewhere including in roPosterScreen and roSpringboardScreen.

Workaround is to read the posters into tmp:/ before passing them to SetContentList(), but that seems sort of kludgy considering the API Is supposed to be able to read the posters in directly as a background task.

Please check that your cert is signed by a trusted CA cert. The common bundle only includes CA a certs trusted by Firefox about a year ago.

Details about finding which CA cert you are using can be found here:
viewtopic.php?f=34&t=27562&start=0&hilit=ssl+mutual+auth#p262662

--Kevin

Yes, the certificate on the SSL server under my control is from Network Solutions (said it was Godaddy before, sorry). The other system, not under my control, is Amazon's S3. Openssl verifies that the certs on both of them are signed correctly.

Just to be clear, I am not using mutual SSL authentication. I am simply retrieving posters using regular old SSL HTTPS URLs, more often than not from Amazon S3, but the roGridScreen problem also occurs with HTTPS posters fetched from an SSL test server running Apache.

I tried what you suggested in http://forums.roku.com/viewtopic.php?f=34&t=27562&start=0&hilit=ssl+mutual+auth#p262662

I tried first with roPosterScreen:
1. Using "common:/certs/ca-bundle.crt" with SetCertificatesFile() worked fine as always. Posters from both my SSL test server and from Amazon S3 were fetched and displayed correctly using HTTPS URLs.
2. Building a custom bundle from the certs shown by the openssl command worked only if I also added the root cert (which was probably already in ca-bundle.crt) to the custom bundle. The root cert itself was not displayed by the openssl command, only the name. If I looked up the contents of the root cert (in the case of Ubuntu in the /etc/ssl/certs directory) and added it to the bundle then roPosterScreen was happy and displayed HTTPS posters from sources keyed to the certs in the bundle. As expected, posters from other HTTPS sources could not be displayed. Log messages showed status=untrustedcert for HTTPS poster sources not in the cert bundle.

Good so far, no problem with roPosterScreen. I moved on to roGridScreen:
1. Using "common:/certs/ca-bundle.crt" with SetCertificatesFile() resulted in no HTTPS posters being displayed. Sample posters were from both the test Apache SSL server and from S3.
2. Using a custom bundle, with or without the additional root cert also did not display any HTTPS posters.
In neither case with roGridScreen where there any log messages indicating an untrustedcert or any other HTTP error occurred.

It's easy to reproduce this problem. I started with the simplegrid example from the 4.1 SDK and changed some of the posters to my own HTTPS URLs. Then added:

    screen.SetCertificatesFile("common:/certs/ca-bundle.crt")
    screen.InitClientCertificates()
    screen.SetCertificatesDepth(3)

immediately prior to SetContentList(). I don't think that InitClientCertificates() is required when not doing mutual-auth but several people suggested it and it's probably harmless. Anyhow, still no HTTPS posters with roGridScreen.

"OddScott" wrote:
I don't think that InitClientCertificates() is required when not doing mutual-auth but several people suggested it and it's probably harmless. Anyhow, still no HTTPS posters with roGridScreen.

Definitely not harmless. I've run across several instances where calling InitClientCertificates caused failures with roUrlTransfer. Probably not the issue here, but still worth noting...

.bump.

Still looking for an answer to this.

I can confirm that I'm seeing the same issue. I've tried setting the certificates file in multiple locations, just in case it had something to do with the order in which it was being called, but no luck.