help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Why am I seeing SSLPeerUnverifiedException errors in my subscriber log?

ANSWERED

‎06-05-2014 21:26 - edited ‎05-12-2016 16:08

‎06-05-2014 21:26 - edited ‎05-12-2016 16:08

This means that you do not have a valid TLS configuration or that you are using an unsupported TLS configuration.

 

Unsupported TLS configurations:

  • Self-signed certificates. You must use a certificate from a recognized certificate authority.

  • Ports other than 443

  • TLS+SNI. Commonly used by cloud providers.

  • TLS 1.1, TLS 1.2

  • Go Daddy Class 2 Certification Authority G2 CA SHA-2 certificates. This is a GoDaddy issue. Rekey your certificate using SHA-1 signed by GoDaddy's Class 2 CA server (Update: Supported as of May 10, 2016)

 

If you are using a supported TLS configuration, verify that your certificate and all necessary intermediate certificates are properly installed on your server. You can use Symantec's SSL Toolbox.

 

You can also verify this using OpenSSL by running this command, replacing example.com with your domain: openssl s_client -showcerts -connect example.com:443

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎09-08-2015 10:59

In response to proby1

‎09-08-2015 10:59

@proby1: Can you please test now? The issue should be resolved.

View best answer in original post

Best Answer
0 Votes
5 REPLIES 5

‎09-01-2015 14:03

‎09-01-2015 14:03

Is the Go Daddy Root Certificate Authority - G2 problem still present in the FitBit subscription API?

 

According to that stack overflow link and the GoDaddy forums Java (Java SE 8 Update 31 and Java SE 7 Updates 75/76) has been updated to include thier new root cert. The java release was way back in January according to the linked blog post.

 

I'm getting nothing but the SSLHandshakeException in my subscriber log. I've used both SSL Labs tool and Symantec SSL tool. They are both showing that TLS 1.0 (no SNI) works on port 443. The certs are not self-signed. The only thing left on your list (which has been mightly helpful) is the silly GoDaddy issue. Is there anything I'm missing?

 

Best Answer
0 Votes

‎09-01-2015 15:55

In response to proby1

‎09-01-2015 15:55

GoDaddy Class 2 Certification Authority G2 CA SHA-2 certificates are not yet supported. I am coordinating with an internal team regarding these updates.

Best Answer
0 Votes

‎09-08-2015 10:59

In response to proby1

‎09-08-2015 10:59

@proby1: Can you please test now? The issue should be resolved.

Best Answer
0 Votes

‎09-15-2015 10:21

In response to JeremiahFitbit

‎09-15-2015 10:21

Sorry for the delay, I was on vacation.

 

It looks great now, all green responses. Thank you so much.

Best Answer
0 Votes

‎05-12-2016 16:06

‎05-12-2016 16:06

Update: Go Daddy Class 2 Certification Authority G2 CA SHA-2 certificates are now supported.

Best Answer
0 Votes