Comments

9 comments

  • Andreas Garnæs

    Hi Barry,

    To better understand the issue, could you please share the HTTP requests and responses taking part in this interaction? How does it not match your expectations?

    Thanks,
    Andreas

    0
    Comment actions Permalink
  • Barry Kukkuk

    Hi Andreas,

    I'm trying to set up a Hook from Podio to one of our servers.

    When I click on the "Verify" button in Podio, I expect some request to hit my web server, but nothing happens.

    What am I doing wrong?

    0
    Comment actions Permalink
  • Andreas Garnæs

    I just CURLed your webhook address (https://mothership.netstock.co/podio_hooks/click_desk), and it seems to be working. I'll need to investigate further to determine the issue (this does not seem to be a general problem). Let me know if the issue resolves itself in the meantime (e.g. did you set up the DNS entry recently?).

    0
    Comment actions Permalink
  • Barry Kukkuk

    Still not working when I click on "Verify". That domain has been live for years, so not a DNS issue, I think.

    0
    Comment actions Permalink
  • Andreas Garnæs

    I think I've found the root cause (SSL error) -- I'll get back to you as soon as it's fixed.

    0
    Comment actions Permalink
  • Brian Stengaard

    Hi Barry,

    It seems that the certificate chain offered by mothership.netstock.co is incomplete1. Further it includes un-needed certificates and the CA root - while this isn't a hard error it does add significant handshaking overhead. We do have the root CA in our CA store, but not the missing intermediate, and since OpenSSL can't create a complete path from the leaf cert to the root it rejects the certificate.

    This is not something we can fix, but needs to be addressed in the TLS setup. Specifically we need the issuing, intermediate certificate COMODO RSA Domain Validation Secure Server CA to be presented on new connections. I can see that mothership is hosted on nginx - you can simply add the intermediate certificate at the end of the file pointed at by the ssl_certificate configuration variable.

    SSL labs offer a pretty neat tool to verify that your TLS setup is correct1. For a little faster solution openssl can be used as: openssl s_client -connect mothership.netstock.co:443 -showcerts to verify that the certificates are set up correctly.

    Cheers,
    Brian
    Operations, Podio

    0
    Comment actions Permalink
  • Barry Kukkuk

    Wow. Thanks for the in-depth response Brian. Interesting that browsers don't complain, and other services that interact with our Mothership server don't complain.

    I'll make the change in the cert, and test again.

    Once again, thanks for all your effort.

    0
    Comment actions Permalink
  • Brian Stengaard

    Hi Barry,

    Your certificate has a link embedded inside it (Look for Authority Information Access: CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt) to where the intermediate certificate can be fetched. I had never heard of this option until today - but it seems to be used by most browsers. OpenSSL (and by extension Podio) does not support it.

    Hope this clears it up. :)

    Cheers,
    Brian

    0
    Comment actions Permalink
  • |SUPEUS| Podio Admin

    Hello to everyone.

    I am experiencing the same issue - I am using Microsoft Flow on Azure to receive webhooks.

    When I click 'verify' inside Podio app, my endpoint receives nothing.

    Any help on this? I see Brian is a great issue-resolver here :)

    Thanks

    Ivan

    https://prod-58.westeurope.logic.azure.com

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk