+ Start a Discussion
Chris987654321Chris987654321 

Error using Web Service with SSL

I am getting the following error when making a call to a webservice that we host through apex code:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

I have done some research and found that it has to do with certificates. Our certificate is signed by Verisign. I saw that your certificate has to be added to the keystore. Does it have to be added to the keystore if we are not using 2 way trust? Also, does my Apex code have to send the certificate to the webservice somehow or is that not necessary?

 

 

public class CallESB{
@Future(callout=true)
public static void getRasID(String SSN_nodashes, string id) {
rasmussenidentificationservice.ServiceHTTPBehaviour newSSn = new rasmussenidentificationservice.ServiceHTTPBehaviour();
string output = newSSn.GetRasIDBySSN(SSN_nodashes);
// String output back to the contact record
System.debug('RasID: '+output);
if (output!=null) {
Contact c=[select rasid__c,id FROM Contact where id=:id];
c.RasId__c=output;

try{
update c;
}

catch(Exception e){
System.debug('Error ' + e.getMessage() );
}
}

}
}

 

 

 

Best Answer chosen by Admin (Salesforce Developers) 
Chris987654321Chris987654321
Resolved

All Answers

Chris987654321Chris987654321
Resolved
This was selected as the best answer
pidruspidrus

I'm having the same problem - can you share your solution?

 

I really need help - this is become an urgent issue of us...

 

Thanks!

pidruspidrus

Just to be clear, I'm trying to do a restful callout, here's the code:

 

 

HttpRequest req = new HttpRequest();

//Set HTTPRequest params
req.setMethod('POST');
req.setEndpoint('https://www.someurl.com/somepage.jsp');


//Set the HTTPRequest body
String body = 'this is the message';

Http http = new Http();

try {

//Execute web service call here
HTTPResponse res = http.send(req);

//Helpful debug messages
System.debug(res.toString());
//System.debug('STATUS:'+res.getStatus());
//System.debug('STATUS_CODE:'+res.getStatusCode());

} catch(System.CalloutException e) {
System.debug('Got exception: ' + e);
}

 

 I tried adding the PEM key to the request using:

 

 

req.setClientCertificate(s_certificate,'password');

 


 

 

 But it didn't help - I got a different error:

 

System.CalloutException: DER input, Integer tag error

 

Please Help!!

Chris987654321Chris987654321
There was nothing wrong with the Apex code. There was something wrong with how the server was setup that had the web service running. I am not sure how they fixed it exactly ...Sorry
Chris987654321Chris987654321

Are you using @Future(callout=true) to make sure it's asynchronous?

 

Also, did you set up the Remote Site for this endpoint in Salesforce?

 

(Setup->Security Controls->Remote Site Settings 

pidruspidrus

Thanks for the quick response!

 

Remote site is setup correctly.

 

I don't get the exception with @future, but I also don't see the call in our backend (where the endpoint is).

 

How long does it take for a @future execution to be executed?

 

 

Chris987654321Chris987654321

In my experience it gets executed really quick. Less than a minute.

 

You can even go into Monitoring->Apex Jobs to see the the status of the callout

 

Also, you'll want to look at the Debug logs to see if there are any errors when you do the callout now that you're not getting that error. You're probably getting some other error but it's in the Debug Logs

Message Edited by Chris987654321 on 01-21-2010 01:22 PM
pidruspidrus

I figured out how to get the log messages, so I know the code is executed, and I'm still getting the same exception:

 

System.CalloutException: DER input, Integer tag error

 

I think there is something wrong with the certificates, either on the SFDC side or on the server side, but I'm not sure what (I'm far from being a security / certificate expert).

 

Do you know what the certificates should look like, how to produce them, and what the server configuration should be?

Chris987654321Chris987654321
Sorry I do not know anything about certificates. Other people in our IT dept handled that so I don't know how they fixed it when I got this message. I know the certificate had to be signed (ours is signed by Verisign). You might want to post a new post so that it goes to the top. Someone else might know of a solution.