Hosting an Alexa Skill yourself

If experimenting with the Amazon Echo / Alexa Skill Kit or running a so-called Skill in production, you generally have two choices:

  1. AWS Lambda functions on AWS Lambda (a service offering by Amazon Web Services)
  2. Hosting the Web service yourself.

If you decide against AWS Lambda, you can build the Web service, using

  1. Java
  2. Node
  3. anything else that can consume and produce JSON documents

However, Amazon provides good support libraries and sample code for Java and Node, making those options preferable.

Building a basic skill, using the Alexa Skill Kit is really not all that hard and reasonably well documented. I’m preferring JAX-RS and building with Gradle, over the older servlet model and Maven and therefore, my build.gradle file, looks something like this (simplified):

he gradle build will create a war file, that can be deployed in a container like Tomcat. However, Amazon’s Alexa server will only talk to that server, using the HTTPS protocol. Additionally, the web server needs to have a valid certificate and unfortunately not every valid certificate gets accepted by the Alexa Server.

Certificates from StartSSL for instance can be validated on sites like but still are not accepted by Amazon. While not free, I have had good results with certificates from COMODO RSA Domain Validation and used sslmate for the generation process.

Here are the details:

Goto and create a user account; you will have to provide a Credit Card number.

sslmate provides you with a short list of commands to execute, based on the Linux distribution installed on the server. E.g.: for my host name ‘’ running on debian linux:

sudo su
wget -P /etc/apt/sources.list.d
wget -P /etc/apt/trusted.gpg.d
apt-get update
apt-get install sslmate
sslmate buy

After ssh into your web server and executing the commands, you will now receive an verification email, sent to an email address that is associated with the domain name. Once you reply to that email, sslmate will generate a private key and certificates, which can then be found in the /etc/sslmate directory.

Private key: /etc/sslmate/
Bare Certificate: /etc/sslmate/
Certificate Chain: /etc/sslmate/
Certificate w/ Chain: /etc/sslmate/

Key and certificates are all what is needed to configure SSL for Apache or NGINX. For Tomcat however, a Java keystore needs to be configured:

Creating a Java keystore from existing certificates and key files

Think of a password (at least 6 characters long) and use it for the following steps

Step1: Creating a PKCS#12 file using OpenSSL

Step2: Create a keystore and import the PKCS#12 file, using KeyTool

Step3: Move the keystore into postion (e.g. tomcat directory)

Step4: Configure Tomcat (/usr/share/tomcat/conf/server.xml)

Stop and restart Tomcat and you should be good to go to deploy a war file containing your Alexa Skill.




Leave a Reply