function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Vinod.JainVinod.Jain 

Issue in callout to external REST service over HTTPS from Salesforce

I have to make callout to an external REST service from salesforce. Service provider has shared an 'HTTPS' endpoint with me.

I am able to access the service by simply pasting service endpoint in browser, and it returns a JSON response. But when I try to invoke same endpoint from Salesforce it does not work and gives below error:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I contacted my service provider and they mentioned that the service is working in browser because the browser trusts my service provider's certificate and similarly Salesforce should also trust the certificate.

I downloaded the certificate from the browser and tried to add it to callout as in Approach-1 and Approach-2 below. And also tried to add a salesforce self-signed certificate as in Approach-3 below. But every time I get the same error.

HttpRequest request = new HttpRequest();
String endpoint = 'https://serviceprovider.com/querystring';
request.setEndPoint(endpoint);

///Approach-1////
//String cert1 = 'certificate details';
//request.setClientCertificate(cert1,'password');

///Approach-2////
//String cert1 = 'certificate details';
//String cert2 = EncodingUtil.base64Encode(Blob.valueOf(cert1));
//request.setClientCertificate(cert2,'password');

///Approach-3////
request.setClientCertificateName('Testing');

request.setMethod('GET');
HttpResponse response = httpProtocol.send(request);
System.debug('######'+response.getBody());

Any help to resolve the issue will be appriciated.
Thanks in advance.

BinayakBinayak

You can solve your problem in 2 ways as far as I think:

(1)Bringing some middle-ware in between:SF will make request to the middleware and the middle-ware in turn will call the server X.But 1 thing,the middle ware should be able to accept the request coming.(As a middleware we can write java code also).

(2) upgrade the certificate of Server X with any certificate signed by a CA that is trusted by salesforce.

 

Through apex code I guess cant solve it directly.

Vinod.JainVinod.Jain
Thanks Binayak!!
(2) According to my service provider there is a chain of certificates: Issuer: GeoTrust SSL CA -> Issuer: GeoTrust Global CA -> Issuer: GeoTrust Global CA. 'GeoTrust Global CA' is there in salesforce's list