Apex Code Development You need to sign in to do that
Don't have an account?
gaurav.sfdc SSL certificates
I have uploaded a certificate. I have created a vf page to enter its name but as a part of validation I need to check if certificate name is correct i.e. whether that certificate exists in my org (uploaded in org)
Though I know it throws an an error during callout but is there a way to check before hand i.e. at the time of giving certificate name in my vf page
Thanks in advance
Though I know it throws an an error during callout but is there a way to check before hand i.e. at the time of giving certificate name in my vf page
Thanks in advance
Please let me know if you are getting the error below:
ssl_client_cert_untrusted_issuer
Untrusted SSL Client
Certificate
(HTTP Response Code: 503)
A Web site presents an incorrect or invalid certificate or a configuration error has occurred.
https://bto.bluecoat.com/sgos/cacheflow/CF_webguide/Content/Policy/Built-in-Exceptions-List.htm
It looks like the client certificate you receive does not have the expected properties. Specifically, it looks like it's subject canonical name field isn't matching the expected "proxy.salesforce.com"
In your situation, I would setup a tcpdump on the external interface of your reverse proxy waiting for a connection from 96.43.148.8. I'd then feed the result of that trace into wireshark so that it would parse the SSL handshake and allow you to grab the subject.cn of the certificate used for SSL client authentication.
That should give you a good indication of what is failing.
http://serverfault.com/questions/514933/reverse-proxy-will-not-authenticate-sslrequire-for-salesforce-com
What SSL certificates does Salesforce support for Delegated Authentication SSO, Apex callouts, Outbound Messaging, and other callouts?
https://help.salesforce.com/apex/HTViewSolution?urlname=What-SSL-certificates-does-Salesforce-support-for-Delegated-Authentication-SSO-Apex-callouts-Outbound-Messaging-and-other-callouts-1327366399006&language=en_US
When 2-way SSL/mutual authentication is configured on a target endpoint, if the target server does not advertise the CA signed certificates it accepts, Salesforce will not send the configured custom certificate when making HTTPS callouts. The target endpoint needs to tell Salesforce.com in the HTTPS ServerHello message the list of accepted certificate subject distinguished names (DN) that it accepts. If the provided certificate is signed by at least one of those DNs or if it has a certificate chain where at least one of those certificates was signed by a cert identified by the DNs that the server advertised, then Salesforce.com will send the client certificate.
https://help.salesforce.com/apex/HTViewSolution?urlname=In-2-way-SSL-when-making-HTTPS-callouts-will-Salesforce-send-the-client-certificate-if-my-server-does-not-advertise-any-CA-names&language=en_US
Best Regards
Naga Kiran
This means, is there any way through SOQL query or anything that I can check if the given certificate exist in my salesforce org.?
Suppose for e.g. you created a self-signed certificate named 'testcert.cert' Now you created a vf page where you ask user to input certificate name. Say, he enters 'XYZ' then it should throw error and if it gives 'testcert' then it should pass the validation
Create a small http callout, say to Google, if you provide incorrect certificate then you will get error,
If anybody has anyother standard solution then pls let me know
I am facing the issue with SSL certificate that is not trusted when i checked in the digicert site. the endpoint URL is intranet and we are able to connect with other tools except Saleforce. Is there any way to skip the error in Salesforce. becuse in JAVA and .net there is a way to skip this type of error.
I am getting "certificate unauthorized error" when connecting through REST API.
while uploading the certificate into certification key management getting the file is corrupted error.
Thanks,
Krish
I know it's a bit late but I was facing the exact same issue so I thought I might share my findings anyway:
I also couldn't find a way to query the certificate name and validate it, so I did the following:
Boolean validateCertifcateName(String certificateName) { Auth.JWT jwt = new Auth.JWT(); Auth.JWS jws = new Auth.JWS(jwt, certificateName); try { jws.getCompactSerialization(); return true; } catch System.NoDataFoundException e) { return false; } }Calling getCompactSerialization() results in a System.NoDataFoundException which can be caught.
That's probably not the most elegant solution, but it's the only one I could find without making an extra callout.
Best regards
Patrik