1

I have a Node.js https server that uses a self-signed certificate for authentication. I am using my public ip address (xxx.xxx.xxx.xxx) right now instead of a domain name. To test this, I port forwarded port 8080 on my router, and went to https://xxx.xxx.xxx.xxx:8080 and sure enough, no lock symbol. Chrome recognizes the certificate, and establishes a secure connection.

So if Chrome can see my webservice, why can't Alexa? I basically followed the steps here. I created a new Alexa Skill in the Amazon Developer Portal, created and uploaded my openssl certificate (which was proven to work), and set the endpoint as https://xxx.xxx.xxx.xxx:8080. So Alexa should be able to reach my web service. Instead, I get:

Test Error (when testing in the Amazon Developer Portal)

The remote endpoint could not be called, or the response it returned was invalid.

Card Error (in the Alexa app when asking the Echo to launch the service)

A connection could not be established to Resource [https://xxx.xxx.xxx.xxx:8080], Type [HTTP], Region [NA]

jww
  • 83,594
  • 69
  • 338
  • 732
user3685285
  • 4,678
  • 8
  • 35
  • 80
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. Also [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306). – jww Jan 15 '17 at 00:12
  • What does your certificate look like? Please post it. What is the IP address `xxx.xxx.xxx.xxx`? Is it in the certificate as a SAN? What standard does Alexa Web Service use to validate certificates? Also see [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) – jww Jan 15 '17 at 05:46
  • I had a similar issue, which was resolved when I used a domain name rather than a public ip. – Kaarthik Apr 26 '17 at 11:41

1 Answers1

1

For fulfillment of Alexa skills you must specify an HTTPS endpoint on port 443 (or a lambda).

Actually, I think the port restriction is a general one that applies to AWS resources accessing resources external to AWS so I wouldn't expect it to change anytime soon.

Possible work-arounds include a lambda proxy and a proxy service run by BST tools, though in your case it sounds like you could just reconfigure your router.

Tom
  • 15,404
  • 8
  • 60
  • 70
  • I changed the port in my code to 443, and port forwarded 443. But when I open in my browser, `https://xxx.xxx.xxx.xxx:443` goes to my router page instead of my service. How do you configure it to work on 443 without conflicting? – user3685285 Jan 14 '17 at 22:47
  • When you open it in your browser, you're behind the router. Connect to it from an external machine using `curl` to see if it works differently from outside. The conflict may only be inside. – Michael - sqlbot Jan 15 '17 at 00:09
  • Hey Tom, can you expand on this? I know it's been a while. I have a smart home skill and lambda that I am trying to link to the Alexa app. It is failing because my oauth 2.0 service is running on https but on 8123. Assuming that's the issue. It does work in testing but not in linking. I have no idea nor can find anything easy to follow that describes how to use a "lambda" to get around this or a proxy. I'm assuming something runs on Amazon's servers listening on 443 and it receives the requests so Amazon is happy and then forwards those requests to my server on my port? – John Nov 20 '19 at 19:20
  • @John Sorry, I haven't done any ASK in the last couple years. – Tom Nov 20 '19 at 21:38