New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: What kind of HTTPS ceritificate do I need to apply as my BOT is on AWS? #1328

Closed
afficionaddo opened this Issue Sep 26, 2016 · 1 comment

Comments

Projects
None yet
3 participants
@afficionaddo

afficionaddo commented Sep 26, 2016

HI,

I want to host my bot on AWS.
I tried third-party HTTPS certs from StartSSL.com & LetsEncrypt.com
But on 'Test connection to bot' they give an error.

Sometimes it's 'Trust cannot be established' and on other occasions it's 'Error in BotControllerManager.cs'
Please help as its urgent for me to fix soon as my bot is to launch this week.

My questions:

  1. What kind of HTTPS ceritificate do I need to apply as my BOT is on AWS and not on Azure?
  2. Do I need to configure anything else as well besides the HTTPS certificate apply on my endpoint??
@dandriscoll

This comment has been minimized.

Show comment
Hide comment
@dandriscoll

dandriscoll Sep 26, 2016

Member

Hi @afficionaddo, the Error in BotControllerManager will be fixed in our next deployment.

The Bot Framework requires that the x.509v3 certificate exposed by your endpoint be current and valid. Most of the checks for "current and valid" are standard checks for server certs: the CN must match the hostname, it must not be expired, it must not be listed in a CRL, it must have the correct set of EKUs, etc.

Most importantly, your cert must chain to a root certificate authority trusted by Microsoft. The latest list of these CAs is available here: http://social.technet.microsoft.com/wiki/contents/articles/31634.microsoft-trusted-root-certificate-program-participants-v-2016-april.aspx

Member

dandriscoll commented Sep 26, 2016

Hi @afficionaddo, the Error in BotControllerManager will be fixed in our next deployment.

The Bot Framework requires that the x.509v3 certificate exposed by your endpoint be current and valid. Most of the checks for "current and valid" are standard checks for server certs: the CN must match the hostname, it must not be expired, it must not be listed in a CRL, it must have the correct set of EKUs, etc.

Most importantly, your cert must chain to a root certificate authority trusted by Microsoft. The latest list of these CAs is available here: http://social.technet.microsoft.com/wiki/contents/articles/31634.microsoft-trusted-root-certificate-program-participants-v-2016-april.aspx

@tomlm tomlm added the question label Nov 5, 2016

@tomlm tomlm closed this Nov 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment