Post

4 followers Follow
-1
Avatar

Web hook verification

Hello,

I'm attempting to use my first web hook with Podio. I've set-up the web hook, and created the app to receive the request.

But when I Verify the web hook, it doesn't seem to even hit the web server. There's nothing in the log.

What am I doing wrong?

App ID: 13457291
Web hook URL: https://mothership.netstock.co/podio_hooks/click_desk

Thanks

Barry

Barry Kukkuk

Please sign in to leave a comment.

8 comments

0
Avatar

Hi Barry,

To better understand the issue, could you please share the HTTP requests and responses taking part in this interaction? How does it not match your expectations?

Thanks,
Andreas

Andreas Garnæs 0 votes
Comment actions Permalink
0
Avatar

Hi Andreas,

I'm trying to set up a Hook from Podio to one of our servers.

When I click on the "Verify" button in Podio, I expect some request to hit my web server, but nothing happens.

What am I doing wrong?

Barry Kukkuk 0 votes
Comment actions Permalink
0
Avatar

I just CURLed your webhook address (https://mothership.netstock.co/podio_hooks/click_desk), and it seems to be working. I'll need to investigate further to determine the issue (this does not seem to be a general problem). Let me know if the issue resolves itself in the meantime (e.g. did you set up the DNS entry recently?).

Andreas Garnæs 0 votes
Comment actions Permalink
0
Avatar

Still not working when I click on "Verify". That domain has been live for years, so not a DNS issue, I think.

Barry Kukkuk 0 votes
Comment actions Permalink
0
Avatar

I think I've found the root cause (SSL error) -- I'll get back to you as soon as it's fixed.

Andreas Garnæs 0 votes
Comment actions Permalink
0
Avatar

Hi Barry,

It seems that the certificate chain offered by mothership.netstock.co is incomplete1. Further it includes un-needed certificates and the CA root - while this isn't a hard error it does add significant handshaking overhead. We do have the root CA in our CA store, but not the missing intermediate, and since OpenSSL can't create a complete path from the leaf cert to the root it rejects the certificate.

This is not something we can fix, but needs to be addressed in the TLS setup. Specifically we need the issuing, intermediate certificate COMODO RSA Domain Validation Secure Server CA to be presented on new connections. I can see that mothership is hosted on nginx - you can simply add the intermediate certificate at the end of the file pointed at by the ssl_certificate configuration variable.

SSL labs offer a pretty neat tool to verify that your TLS setup is correct1. For a little faster solution openssl can be used as: openssl s_client -connect mothership.netstock.co:443 -showcerts to verify that the certificates are set up correctly.

Cheers,
Brian
Operations, Podio

Brian Stengaard 0 votes
Comment actions Permalink
0
Avatar

Wow. Thanks for the in-depth response Brian. Interesting that browsers don't complain, and other services that interact with our Mothership server don't complain.

I'll make the change in the cert, and test again.

Once again, thanks for all your effort.

Barry Kukkuk 0 votes
Comment actions Permalink
0
Avatar

Hi Barry,

Your certificate has a link embedded inside it (Look for Authority Information Access: CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt) to where the intermediate certificate can be fetched. I had never heard of this option until today - but it seems to be used by most browsers. OpenSSL (and by extension Podio) does not support it.

Hope this clears it up. :)

Cheers,
Brian

Brian Stengaard 0 votes
Comment actions Permalink