Sending JSON to HTTPS on Google App Engine not working

0
votes

I have an app on a custom domain on Google App Engine and I need to capture JSON packages.

I am using http://www.hurl.it/ to test and the url is like: https://subdomain.website.net.au/folder/

This give a server error however if I remove the S and just use HTTP the request works fine. What does Google need in order for this to work?

Update:

Using Curl and running the following command:

curl --verbose --data "@json.txt" --header "Content-Type:application/json" "https://subdomain.website.net.au/folder/"

I get the error: "unable to get local issuer certificate"

When I download the cert file from http://curl.haxx.se/ca/cacert.pem and run:

curl --verbose --cacert "cacert.pem" --data "@json.txt" --header "Content-Type:application/json" "https://subdomain.website.net.au/folder/"

It works fine and as expected. Does this mean the issue is with hurl.it? if so what is the issue exactly, I have a customer trying to send me data and it is not working either.

Update2:

The issue ended up being that the client did not support SNI so I had to use a VIP instead. This costs money, is an older method but more compatible.

1
jsongoogle-app-enginesslhttps

1 Answers

0
votes

There is an article on how to setup SSL for custom domains on developers.google.com.

Basically you need two things:

  • An SNI or Virtual IP Certificate
  • Your domain has to be a payed Google Apps domain to install the certificate

Your certificate, your Google Apps Domain and using the certificate with App Engine will cost you. If you can use the YOURAPPID.appspot.com domain instead you get SSL for free. If you need your custom domain i recommend the above website.

After Updating your Question: It looks like the Certificate Authority (CA) is unknown or untrusted to the client. This can be fixed by using a commercial certificate from thawte or verisign. Or, you can add the CA certificate to the certificate store of your operating system or client application. In other words: Install the CA cert as trusted root certificate in your operation system or app. That should do.

Oh and your assumption is right. hurl.it does not know the CA and thus rejects your certificate as invalid or unknown issuer.

Update 2: Craig, your GeoTrust cert should be fine. Please try the following:

  1. Please verify if you can visit this or any other page hosted by your app with a normal web browser. It should not complain about the certificate. If it does and you need to add an exception rule for the certificate then something is still wrong configuration wise.

    I haven't done this in a while but last time i used an SSL certificate i concatenated the actual certificate and the CA somehow, i'm sure there are tutorials for this. Because the CA.cert isn't found it makes sense to provide it in this manner.

    From developers.google.com: 'A certificate file can contain at most five certificates; this number includes chained and intermediate certificates.'

    See also wikipedia

  2. Since it does work with curl when you supply the CA manually that is a temporary solution for your customer to upload data.

  3. Note that not all applications use the system store for certificates. Firefox for example has its own certificate store and it completely ignores all changes you do in the root certificate store of the operating system (at least under windows that is the case)
  4. Once you have verified that the website works with HTTPS (see 1) you can create a simple form in that app containing a textarea in which you can paste your JSON data and send it to your app using jquery or something. While this is not ideal it is an excellent test to verify that your app and SSL setup works and the issue is somewhere else.
  5. If upload is all you need at the moment you could always package curl and the CA.cert together and add a small batch file that makes the appropriate call.

This is all the information i can give you without having a look at your actual setup. My advice is to fiddle around with clients and certificates because that's definetly where this issue is. It has nothing to do with the JSON data.