AWS GameLift Cannot Install Certificate in the Server, API call failing!


One of the API call from my gamelift server is failing due to certificate issue. I tried installing certificate using:

certutil -addstore CA C:\game\PATH\Certificates###.####.crt.

However, the command is failing due to permission issue. How can I run this command provided inside install.bat with admin privilege using "runas" command.

The error received is as follows:

[2023.08.30-06.05.45:507][470]LogHttp: Warning: 0000021177520E30: invalid HTTP response code received. URL:, HTTP code: 0, content length: 0, actual payload size: 0 [2023.08.30-06.05.45:507][470]LogHttp: Warning: 0000021177520E30: request failed, libcurl error: 60 (SSL peer certificate or SSH remote key was not OK) [2023.08.30-06.05.45:508][470]LogHttp: Warning: 0000021177520E30: libcurl info message cache 0 ( Trying [2023.08.30-06.05.45:508][470]LogHttp: Warning: 0000021177520E30: libcurl info message cache 1 (Connected to ( port 443 (#1)) [2023.08.30-06.05.45:508][470]LogHttp: Warning: 0000021177520E30: libcurl info message cache 2 (ALPN: offers http/1.1) [2023.08.30-06.05.45:508][470]LogHttp: Warning: 0000021177520E30: libcurl info message cache 3 (TLSv1.3 (OUT), TLS handshake, Client hello (1):) [2023.08.30-06.05.45:508][470]LogHttp: Warning: 0000021177520E30: libcurl info message cache 4 (TLSv1.3 (IN), TLS handshake, Server hello (2):) [2023.08.30-06.05.45:508][470]LogHttp: Warning: 0000021177520E30: libcurl info message cache 5 (TLSv1.2 (IN), TLS handshake, Certificate (11):) [2023.08.30-06.05.45:508][470]LogHttp: Warning: 0000021177520E30: libcurl info message cache 6 (TLSv1.2 (OUT), TLS alert, unknown CA (560):) [2023.08.30-06.05.45:508][470]LogHttp: Warning: 0000021177520E30: libcurl info message cache 7 (SSL certificate problem: unable to get local issuer certificate) [2023.08.30-06.05.45:508][470]LogHttp: Warning: 0000021177520E30: libcurl info message cache 8 (Closing connection 1)

How can we resolve this issue?

1 Answer

Hello Indie,

The error message you're encountering indicates an issue with SSL certificate validation when your GameLift server is making an HTTPS request. Specifically, it seems to be complaining about the server not being able to verify the SSL certificate from the remote server because it doesn't trust the certificate's issuer (CA - Certificate Authority).

To resolve this issue, you can follow these steps:

  1. Install the Root CA Certificate:

    You mentioned that you tried installing a certificate with certutil, but it failed due to permission issues. To install a certificate, you typically need administrative privileges. You can try running the command with elevated privileges using runas or by opening a Command Prompt as an administrator.

    For example, open a Command Prompt as an administrator and run:

    runas /user:Administrator "certutil -addstore CA C:\game\PATH\Certificates###.####.crt"

    Replace Administrator with the appropriate administrator username.

  2. Restart the GameLift Server:

    After installing the certificate, restart your GameLift server to ensure that it picks up the changes.

  3. Check Your GameLift Server Configuration:

    Ensure that your GameLift server configuration is set to use the correct certificate or CA bundle for SSL verification. Double-check that you've specified the path to the CA certificate or certificate bundle in your server configuration.

  4. Verify the Certificate Chain:

    Ensure that the certificate you've installed is part of the correct certificate chain and is trusted by the server you are connecting to. If you have intermediate certificates, make sure they are installed as well.

  5. Verify the Certificate Configuration in AWS:

    If your GameLift server is connecting to an AWS service, ensure that the SSL certificate and configuration on the AWS side are correctly set up. Make sure you are using the correct endpoint and that the SSL certificate for that endpoint is valid.

  6. Check Time and Date Settings:

    Ensure that the system time and date settings on your GameLift server are accurate. SSL certificate validation depends on the system's clock being correctly set.

  7. Contact AWS Support:

    If you are still facing issues after trying the above steps, consider reaching out to AWS Support for assistance. They can help you diagnose and resolve SSL certificate-related issues specific to GameLift and your AWS environment.

By following these steps, you should be able to resolve the SSL certificate validation issue on your GameLift server and allow it to make secure HTTPS requests without encountering certificate-related errors.

Please give a thumbs up if my suggestion helps

profile picture
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions