Struggling to get the group certificate to work with TLS for Amazon Pay
Hello,
I've got a project setup under the URL https://amzn.infraredsaunarepair.com . This a modified instantiation of the node.js version of the Amazon Pay SDK.
When accessed, it does not appear to be pulling the certs. I'm getting the following error message:
Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: amzn.infraredsaunarepair.com. is not in the cert's altnames: DNS:pay-api.amazon.com
at new NodeError (node:internal/errors:371:5)
at Object.checkServerIdentity (node:tls:346:12)
at TLSSocket.onConnectSecure (node:_tls_wrap:1540:27)
at TLSSocket.emit (node:events:526:28)
at TLSSocket._finishInit (node:_tls_wrap:944:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
reason: "Host: amzn.infraredsaunarepair.com. is not in the cert's altnames: DNS:pay-api.amazon.com",
host: 'amzn.infraredsaunarepair.com',
cert: {
subject: [Object: null prototype] { CN: 'pay-api.amazon.com' },
issuer: [Object: null prototype] {
C: 'US',
O: 'Amazon',
OU: 'Server CA 1B',
CN: 'Amazon'
},
subjectaltname: 'DNS:pay-api.amazon.com',
infoAccess: [Object: null prototype] {
'OCSP - URI': [Array],
'CA Issuers - URI': [Array]
},
modulus: 'BBBE0000D934A95C3C850AFA82EF5AC6A83BDBD5782F225296F970B88F6B0E39C6F0A4A9CF2821C688D6B8E2CA07FA80F320E7C8465432467A85658914DF4BBFEAD2A1457C91C95B8613BE822E8A29079D66EAC01215D29B332DC7A894DA0ECE48F32ACD094291F8333C184468D4833974DC6420D348D27E642FC01C925F89DDFB2E1D11AD908976E9F141494768CF3ABFC2DA09EC99806E6E27703614CECAA9CBDA54E265168806C02D118F3561C4E82CCA431FDDBE9B2C0B0465961C9AFA9334C8497AD7A604A995888BDBE764F3E57B9791DDEB4133AE57A1EECA44A6C0BEEEF197F94D1C1E1DC9A35B1978BF11DC0A85B1DDC15E5836166DFB07CEA5506F',
bits: 2048,
exponent: '0x10001',
pubkey: <Buffer 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb be 00 00 d9 34 a9 5c 3c 85 0a fa 82 ef 5a c6 a8 ... 244 more bytes>,
valid_from: 'Jun 29 00:00:00 2022 GMT',
valid_to: 'Jun 18 23:59:59 2023 GMT',
fingerprint: '4F:72:65:74:77:0F:33:F3:CC:C0:47:FF:AB:4F:67:AF:35:B7:8C:2D',
fingerprint256: '00:91:93:3C:E7:6C:11:C4:BC:C5:EF:C5:01:5A:E3:2A:BF:37:8D:B6:9F:52:6D:33:2E:24:F7:C7:F4:F1:A9:DD',
fingerprint512: '59:30:4C:37:57:36:6A:F7:66:6F:A2:62:72:DC:43:71:86:97:E7:B7:98:DF:C2:4D:D2:D6:37:59:0D:80:AF:2E:88:FF:92:86:68:89:8A:CC:E3:41:12:F9:3C:FD:E2:EE:7C:6A:93:49:CE:7A:6A:5B:5B:B7:0B:9F:89:07:DC:60',
ext_key_usage: [ '1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2' ],
serialNumber: '039685CAC54C5D17638A8858E30DE0FC',
raw: <Buffer 30 82 05 dd 30 82 04 c5 a0 03 02 01 02 02 10 03 96 85 ca c5 4c 5d 17 63 8a 88 58 e3 0d e0 fc 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 46 31 0b ... 1455 more bytes>,
issuerCertificate: {
subject: [Object: null prototype],
issuer: [Object: null prototype],
infoAccess: [Object: null prototype],
modulus: 'C24E1667DDCEBC6AC8375AEC3A30B01DE6D112E8122848CCE829C1B96E53D5A3EB03391ACC7787F601B9D970CCCF6B8DE3E3037186996DCBA6942A4E13D6A7BD04EC0A163C0AEB39B1C4B558A3B6C75625EC3E527AA8E3291607B96E50CFFB5F31F81DBA034A628903AE3E47F20F2791E3142085F8FAE98A35F55F9E994DE76B37EFA4503E44ECFA5A8566079C7E176A55F3178A351EEEE9ACC3754E58557D536B0A6B9B1442D7E5AC0189B3EAA3FECFC02B0C84C2D85315CB67F0D088CA3AD11773F55F9AD4C5721E7E01F19830632AAAF27A2DC5E2021A86E5323E0EBD11B4CF3C93EF1750109E43C2062AE00D68BED3888B4A658C4AD4C32E4C9B55F486E5',
bits: 2048,
exponent: '0x10001',
pubkey: <Buffer 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 c2 4e 16 67 dd ce bc 6a c8 37 5a ec 3a 30 b0 1d e6 ... 244 more bytes>,
valid_from: 'Oct 22 00:00:00 2015 GMT',
valid_to: 'Oct 19 00:00:00 2025 GMT',
fingerprint: '91:7E:73:2D:33:0F:9A:12:40:4F:73:D8:BE:A3:69:48:B9:29:DF:FC',
fingerprint256: 'F5:5F:9F:FC:B8:3C:73:45:32:61:60:1C:7E:04:4D:B1:5A:0F:03:4B:93:C0:58:30:F2:86:35:EF:88:9C:F6:70',
fingerprint512: 'E0:14:A5:F5:F3:75:FC:E4:9E:F2:34:C4:55:86:32:CE:8B:22:EE:3F:C6:EB:D3:FF:53:20:5A:45:6D:A0:AA:93:3F:50:AB:A0:79:5A:66:2F:2A:0C:8F:ED:83:6D:AD:81:83:AB:7E:EA:28:63:80:2F:45:CC:AE:F8:53:A9:35:0A',
serialNumber: '067F94578587E8AC77DEB253325BBC998B560D',
raw: <Buffer 30 82 04 49 30 82 03 31 a0 03 02 01 02 02 13 06 7f 94 57 85 87 e8 ac 77 de b2 53 32 5b bc 99 8b 56 0d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 ... 1051 more bytes>,
issuerCertificate: [Object]
}
},
code: 'ERR_TLS_CERT_ALTNAME_INVALID',
config: {
url: 'https://pay-api.amazon.com/v2/checkoutSessions',
method: 'post',
data: '{"webCheckoutDetails":{"checkoutReviewReturnUrl":"https://www.infraredsaunarepair.com/paymentstatus"},"storeId":"amzn1.application-oa2-client.fefbccd72a274bf4978e519c11f5a9af"}',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
connection: 'keep-alive, close',
'x-zc-request-uuid': '1668884072171_4586',
'x-zc-admin-cred-type': 'token',
'x-zc-user-cred-token': '1001.36451eaf7e99a75d2d403e96bc0aa60d.4edce5500b9b757017fe6a436920fd55',
signature: 'ff0Wdepaaiafq3PW0Q2MJ
Do I need to be referencing the certs in code? And along those lines, is there a relative path to the group certs that I can/should be using through node.js?
It's worth noting that the group cert does appear to be working correctly for https requests... e.g. simply calling https://amzn.infraredsaunarepair.com does pull the group cert.
Thanks,
Bryan
Topic Participants
Bryan Pape
Arun Gokul
Announcements
React Nexus 2025 Recap: Catalyst Slate in Action!
Hey Catalyst Community! We recently attended the React Nexus 2025 conference, an exciting gathering for frontend enthusiasts and React developers. Our team had an incredible time presenting and conducting a hands-on workshop on Catalyst Slate, our streamlined[Webinar] A hands-on guide to Catalyst Stratus
Have you used Catalyst Stratus yet? It’s an object storage service that makes it easy to handle large files — whether they're coming from your Catalyst app or other Zoho apps. We’re hosting a live coding session where you’ll build a working prototypeCatalyst Video Tutorials!
Hello everyone! We’ve been brewing something exciting behind the scenes, and we’re thrilled to finally share it with you- Catalyst video tutorials are here! We recognized that videos are the predominant medium for learning and discovery these days, so[Webinar] Catalyst Cloud Browser in Action: PDF & Web Rendering Solutions for Regulated Industries
Hi everyone, Have you ever struggled with rigid PDF tools or clunky rendering logic in BFSI or healthcare apps? Do your clients struggle to deliver compliant, dynamic, and automated documents — and most are still stuck with brittle, server-heavy PDF generation?Announcing Catalyst Developer Bootcamps in India - Zoho Community
Hey everyone! We're excited to announce a set of developer bootcamps dedicated to Catalyst! These bootcamps are aimed to empower developers to build, scale, and deploy applications with speed and precision, using Catalyst. Whether you're a newcomer or