I created a Java Breeze Snap-In that contains a webhook that I invoke from Google Dialog Flow. Everything was works fine when I invoke it with http. However, when I invoke it with https (which is required if I use Google Home for my bot), the call from the outside service fails. Unfortunately, it does not say why it is failing. I ran ce dlogw on my snap-in and nothing is logged. I ran traceHTTP and I don't see any messaging.

I assume this is a cert error, but I can't be sure. Any thoughts on how to debug this?

Thanks!

Hi Andrew, I agree that this is most likely a cert issue. Things to check would be:
- Is the address for your webhook FQDN-based rather than IP address-based?

Go to Services->Inventory->Manage Elements, select your Breeze server, More Actions, Manage Identity Certificates. Click on "securitymodule_http", then look at Certificate Details

- Look at the "Issuer". Does Dialog Flow trust this CA?
- Look at the Subject Alternative Name field. Does this have the exact FQDN used to access your webhook?

If all of that looks good, you could consider using tshark from the Breeze command line to take a packet capture, then use wireshark to analyze it. The TLS handshake is all in clear text. This may or may not yield some clues.

Thank you, Joel I suspect that the cert in securitymodule_http is the problem. The guy who built the Breeze server used a System Manager cert and I highly doubt that Google trusts it. It's not like Chrome where I can make an exception.

I am looking into what it will take to get a trusted cert.

I believe you'd said separately to me that this is running in AWS; is that right? I don't know the details, but I believe that it's not very costly or difficult to get a certificate signed by the Amazon CA for workloads that you are running in AWS. This may be the direction that you're already going.

Thank you again. I am exploring all kinds of solutions. I know I could solve this by putting my code on a public web server (e.g. GoDaddy), but I really want to run this all on my Breeze server.

Hi Andrew, I came across this page. It makes it sound like you can get set up with an AWS certificate easily, and for free: https://aws.amazon.com/certificate-manager/

Something additional you might consider is fronting your Breeze server with the AWS API Gateway. You could configure the gateway to present an AWS certificate to Google, and stick with the SMGR cert on Breeze.

Got it to work. I needed to put a public cert on the SBC that proxied to a private cert on my Breeze server. Thanks for all your advice!

Good to hear! Thanks for letting us know.