Struggling to get the group certificate to work with TLS for Amazon Pay

Struggling to get the group certificate to work with TLS for Amazon Pay

Hello,

I've got a project setup under the URL https://amzn.infraredsaunarepair.com .  This a modified instantiation of the node.js version of the Amazon Pay SDK.

When accessed, it does not appear to be pulling the certs.  I'm getting the following error message:

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: amzn.infraredsaunarepair.com. is not in the cert's altnames: DNS:pay-api.amazon.com at new NodeError (node:internal/errors:371:5) at Object.checkServerIdentity (node:tls:346:12) at TLSSocket.onConnectSecure (node:_tls_wrap:1540:27) at TLSSocket.emit (node:events:526:28) at TLSSocket._finishInit (node:_tls_wrap:944:8) at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) { reason: "Host: amzn.infraredsaunarepair.com. is not in the cert's altnames: DNS:pay-api.amazon.com", host: 'amzn.infraredsaunarepair.com', cert: { subject: [Object: null prototype] { CN: 'pay-api.amazon.com' }, issuer: [Object: null prototype] { C: 'US', O: 'Amazon', OU: 'Server CA 1B', CN: 'Amazon' }, subjectaltname: 'DNS:pay-api.amazon.com', infoAccess: [Object: null prototype] { 'OCSP - URI': [Array], 'CA Issuers - URI': [Array] }, modulus: 'BBBE0000D934A95C3C850AFA82EF5AC6A83BDBD5782F225296F970B88F6B0E39C6F0A4A9CF2821C688D6B8E2CA07FA80F320E7C8465432467A85658914DF4BBFEAD2A1457C91C95B8613BE822E8A29079D66EAC01215D29B332DC7A894DA0ECE48F32ACD094291F8333C184468D4833974DC6420D348D27E642FC01C925F89DDFB2E1D11AD908976E9F141494768CF3ABFC2DA09EC99806E6E27703614CECAA9CBDA54E265168806C02D118F3561C4E82CCA431FDDBE9B2C0B0465961C9AFA9334C8497AD7A604A995888BDBE764F3E57B9791DDEB4133AE57A1EECA44A6C0BEEEF197F94D1C1E1DC9A35B1978BF11DC0A85B1DDC15E5836166DFB07CEA5506F', bits: 2048, exponent: '0x10001', pubkey: <Buffer 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb be 00 00 d9 34 a9 5c 3c 85 0a fa 82 ef 5a c6 a8 ... 244 more bytes>, valid_from: 'Jun 29 00:00:00 2022 GMT', valid_to: 'Jun 18 23:59:59 2023 GMT', fingerprint: '4F:72:65:74:77:0F:33:F3:CC:C0:47:FF:AB:4F:67:AF:35:B7:8C:2D', fingerprint256: '00:91:93:3C:E7:6C:11:C4:BC:C5:EF:C5:01:5A:E3:2A:BF:37:8D:B6:9F:52:6D:33:2E:24:F7:C7:F4:F1:A9:DD', fingerprint512: '59:30:4C:37:57:36:6A:F7:66:6F:A2:62:72:DC:43:71:86:97:E7:B7:98:DF:C2:4D:D2:D6:37:59:0D:80:AF:2E:88:FF:92:86:68:89:8A:CC:E3:41:12:F9:3C:FD:E2:EE:7C:6A:93:49:CE:7A:6A:5B:5B:B7:0B:9F:89:07:DC:60', ext_key_usage: [ '1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2' ], serialNumber: '039685CAC54C5D17638A8858E30DE0FC', raw: <Buffer 30 82 05 dd 30 82 04 c5 a0 03 02 01 02 02 10 03 96 85 ca c5 4c 5d 17 63 8a 88 58 e3 0d e0 fc 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 46 31 0b ... 1455 more bytes>, issuerCertificate: { subject: [Object: null prototype], issuer: [Object: null prototype], infoAccess: [Object: null prototype], modulus: 'C24E1667DDCEBC6AC8375AEC3A30B01DE6D112E8122848CCE829C1B96E53D5A3EB03391ACC7787F601B9D970CCCF6B8DE3E3037186996DCBA6942A4E13D6A7BD04EC0A163C0AEB39B1C4B558A3B6C75625EC3E527AA8E3291607B96E50CFFB5F31F81DBA034A628903AE3E47F20F2791E3142085F8FAE98A35F55F9E994DE76B37EFA4503E44ECFA5A8566079C7E176A55F3178A351EEEE9ACC3754E58557D536B0A6B9B1442D7E5AC0189B3EAA3FECFC02B0C84C2D85315CB67F0D088CA3AD11773F55F9AD4C5721E7E01F19830632AAAF27A2DC5E2021A86E5323E0EBD11B4CF3C93EF1750109E43C2062AE00D68BED3888B4A658C4AD4C32E4C9B55F486E5', bits: 2048, exponent: '0x10001', pubkey: <Buffer 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 c2 4e 16 67 dd ce bc 6a c8 37 5a ec 3a 30 b0 1d e6 ... 244 more bytes>, valid_from: 'Oct 22 00:00:00 2015 GMT', valid_to: 'Oct 19 00:00:00 2025 GMT', fingerprint: '91:7E:73:2D:33:0F:9A:12:40:4F:73:D8:BE:A3:69:48:B9:29:DF:FC', fingerprint256: 'F5:5F:9F:FC:B8:3C:73:45:32:61:60:1C:7E:04:4D:B1:5A:0F:03:4B:93:C0:58:30:F2:86:35:EF:88:9C:F6:70', fingerprint512: 'E0:14:A5:F5:F3:75:FC:E4:9E:F2:34:C4:55:86:32:CE:8B:22:EE:3F:C6:EB:D3:FF:53:20:5A:45:6D:A0:AA:93:3F:50:AB:A0:79:5A:66:2F:2A:0C:8F:ED:83:6D:AD:81:83:AB:7E:EA:28:63:80:2F:45:CC:AE:F8:53:A9:35:0A', serialNumber: '067F94578587E8AC77DEB253325BBC998B560D', raw: <Buffer 30 82 04 49 30 82 03 31 a0 03 02 01 02 02 13 06 7f 94 57 85 87 e8 ac 77 de b2 53 32 5b bc 99 8b 56 0d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 ... 1051 more bytes>, issuerCertificate: [Object] } }, code: 'ERR_TLS_CERT_ALTNAME_INVALID', config: { url: 'https://pay-api.amazon.com/v2/checkoutSessions', method: 'post', data: '{"webCheckoutDetails":{"checkoutReviewReturnUrl":"https://www.infraredsaunarepair.com/paymentstatus"},"storeId":"amzn1.application-oa2-client.fefbccd72a274bf4978e519c11f5a9af"}', headers: { Accept: 'application/json', 'Content-Type': 'application/json', connection: 'keep-alive, close', 'x-zc-request-uuid': '1668884072171_4586', 'x-zc-admin-cred-type': 'token', 'x-zc-user-cred-token': '1001.36451eaf7e99a75d2d403e96bc0aa60d.4edce5500b9b757017fe6a436920fd55', signature: 'ff0Wdepaaiafq3PW0Q2MJ

Do I need to be referencing the certs in code? And along those lines, is there a relative path to the group certs that I can/should be using through node.js?

It's worth noting that the group cert does appear to be working correctly for https requests... e.g. simply calling https://amzn.infraredsaunarepair.com does pull the group cert.

Thanks,
Bryan

    • Announcements

    • Important Announcements in Support for Catalyst Features

      Hello Catalyst Users, This announcement is to bring to your notice some of the recent updates in our support for various Catalyst components, to ensure that your existing Catalyst applications function properly. You can continue to build robust applications

    • Introducing Catalyst 2.0, the simplest cloud-based pro-code development platform.

      Dear Catalyst Community, We are beyond thrilled to present you Catalyst 2.0—the new-age, pro-code development platform that redefines the way you build, deploy, and scale apps. Catalyst 2.0 is not a mere upgrade, but a significant leap into the future

    • Set budgets to optionally disable your Catalyst production environment

      Hello all,    We are pleased to inform you that you can now configure the automatic disabling of a project's production environment upon reaching a specified budget's threshold. Budget alerts in Catalyst facilitate setting usage limits in amounts or Catalyst

    • #CatalystServerless Hackathon 2022

      We are pleased to announce #CatalystServerless Hackathon with prizes worth $5000 up for grabs. Create a working prototype aimed to solve a critical business issue using Catalyst and stand a chance to win exciting prizes. The Hackathon will happen in 3

    • Share your interest to participate in the #CatalystServerless Blogathon

      Hi, we are working on announcing the next edition of the #CatalystServerless Blogathon. Please fill up this form to stay posted on all updates related to the Blogathon. https://zfrmz.com/JN9ChxPU9JQpPgB1vRp8

      Catalyst Community