+ Start a Discussion

Third Party Web Service Calls with PEM Certificate

I are trying to make web service calls from APEX code to a third-party web service.   The third-party has provided a certificate in the PEM format.  A test application, written outside of Salesforce, verfies that the web services are accessable with the provided certificate.  When re-coded to work inside the APEX, the HttpRequest is denied due to certificate issues.


I have discovered two mechanisms for aligning the certificate with the outgoing message.


1.  Salesforce provides "Certficate and Key Management."  Download an unsigned key from Salesforce, sign it, upload it.  Unfortunately, I cannot sign on behalf of the third party, and if I switch the certificates and upload the signed one, Salesforce is quick to identifiy that a switch has taken place and terminates the process.


2. Hard code the certificate into the request with the deprecated call "setClientCertificate".  This seems to have no effect.   I speculate that it will only work with a PKCS#12 certificate.  I have a PEM key.


I must be missing a step in the process, so any help would be appreciated.




Still have the same problems, but I think I understand more of the issues.

Big question right now is:


The third party certificate is signed with a "verisign class 3 - g2, version 3" certificate.

The SF's accepted ca list includes "verisign class 3 - g2,. version 1."

Will the certificate be rejected if the version codes do not match?




Lee ShaLee Sha

Hi Nick,


Did you have a solution for your problem?  I am also trying to use setClientCertificate method but not sure what goes in as its parameters.


Lee Sha.