All*_*len 2 ssl https amazon-web-services amazon-sns tls1.2
I'm having trouble getting Amazon SNS to send a subscription message to my HTTPS endpoint. The CloudWatch logs report the following:
{
"delivery": {
"deliveryId": "7bdda6a5-0000-5d6d-b0c0-e9b254fde521",
"destination": "https://www.beta.yogacentre.com/webhooks/sns",
"providerResponse": "SSLPeerUnverifiedException in HttpClient",
"dwellTimeMs": 63661,
"attempts": 4
},
"status": "FAILURE"
}
It looks like it doesn't like the SSL certificate I'm using, but I confirmed that the root CA is on the list SNS checks. Chrome reports my connection uses TLS 1.2, so it should be compatible with the recent end of SSLv3 support.
As a sanity check I tried subscribing to a regular HTTP endpoint and it worked right away. What could be causing the problem? My certificate can be found at https://www.beta.yogacentre.com/ in case there is something I missed.
从SSLLabs查看此站点的报告,您将看到:
此服务器的证书链不完整。等级上限为 B。
这意味着服务器没有正确设置,因为它没有发送所有需要的链证书,即站点的叶证书和浏览器或系统信任的根证书之间的信任路径中的所有内容。查看详细信息,您将看到服务器仅发送叶证书,而缺少的“COMODO RSA 域验证安全服务器 CA”证书被标记为“额外下载”。
虽然像 Chrome 这样的一些浏览器会从互联网上下载丢失的证书,但其他浏览器不会,浏览器之外的应用程序也不会这样做。因此,所有这些不知道缺少链证书的客户端都将失败,因为它们无法构建信任链,这会导致您看到的 SSLPeerUnverifiedException。因此,您需要修复服务器配置以发送丢失的链证书。详细信息取决于服务器配置。