Author Message
ajprokop
Joined: Aug 2, 2018
Messages: 48
Offline
I created a Java Breeze Snap-In that contains a webhook that I invoke from Google Dialog Flow. Everything was works fine when I invoke it with http. However, when I invoke it with https (which is required if I use Google Home for my bot), the call from the outside service fails. Unfortunately, it does not say why it is failing. I ran ce dlogw on my snap-in and nothing is logged. I ran traceHTTP and I don't see any messaging.

I assume this is a cert error, but I can't be sure. Any thoughts on how to debug this?

Thanks!
JoelEzell
Joined: Nov 15, 2013
Messages: 780
Offline
Hi Andrew, I agree that this is most likely a cert issue. Things to check would be:
- Is the address for your webhook FQDN-based rather than IP address-based?

Go to Services->Inventory->Manage Elements, select your Breeze server, More Actions, Manage Identity Certificates. Click on "securitymodule_http", then look at Certificate Details

- Look at the "Issuer". Does Dialog Flow trust this CA?
- Look at the Subject Alternative Name field. Does this have the exact FQDN used to access your webhook?

If all of that looks good, you could consider using tshark from the Breeze command line to take a packet capture, then use wireshark to analyze it. The TLS handshake is all in clear text. This may or may not yield some clues.
ajprokop
Joined: Aug 2, 2018
Messages: 48
Offline
Thank you, Joel I suspect that the cert in securitymodule_http is the problem. The guy who built the Breeze server used a System Manager cert and I highly doubt that Google trusts it. It's not like Chrome where I can make an exception.

I am looking into what it will take to get a trusted cert.
JoelEzell
Joined: Nov 15, 2013
Messages: 780
Offline
I believe you'd said separately to me that this is running in AWS; is that right? I don't know the details, but I believe that it's not very costly or difficult to get a certificate signed by the Amazon CA for workloads that you are running in AWS. This may be the direction that you're already going.
ajprokop
Joined: Aug 2, 2018
Messages: 48
Offline
Thank you again. I am exploring all kinds of solutions. I know I could solve this by putting my code on a public web server (e.g. GoDaddy), but I really want to run this all on my Breeze server.
JoelEzell
Joined: Nov 15, 2013
Messages: 780
Offline
Hi Andrew, I came across this page. It makes it sound like you can get set up with an AWS certificate easily, and for free: https://aws.amazon.com/certificate-manager/

Something additional you might consider is fronting your Breeze server with the AWS API Gateway. You could configure the gateway to present an AWS certificate to Google, and stick with the SMGR cert on Breeze.
ajprokop
Joined: Aug 2, 2018
Messages: 48
Offline
Got it to work. I needed to put a public cert on the SBC that proxied to a private cert on my Breeze server. Thanks for all your advice!
JoelEzell
Joined: Nov 15, 2013
Messages: 780
Offline
Good to hear! Thanks for letting us know.
pasoorii
Joined: Oct 21, 2022
Messages: 1
Offline
someone knows how to fix this problem? "your java runtime is incompatible"
panorama charter

192.168.1.1

Go to:   
Mobile view