You need to sign in to do that
Don't have an account?
Package two-way SSL certificates
I've found several good tutorials describing two-way SSL authentication for external REST services:
http://wiki.developerforce.com/page/Making_Authenticated_Web_Service_Callouts_Using_Two-Way_SSL
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_callouts_client_certs_http.htm
These seem to indicate that the process is repreated for each org that wants to use two-way SSL. Is it possible to develop a app (managed package) which supports two-way SSL without additional configuration required by the installer?
The goal is not to authenticate individual client orgs. The goal is to simply verify that requests reaching my REST server originated from Salesforce.com.
To elaborate, the goal is to publish on the AppExchange, and allow customers to install the SF app and immediately access an external REST service over two-way SSL without any configuration by the customer.
Thanks,
Andreas
scrwball, I have found a solution using the method:
You can use this to hard-code a certificate and password into your Apex class.
The documentation can be found here:
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_restful_http_httprequest.htm
As well as some related discussion (in the replies):
http://boards.developerforce.com/t5/Security/Ability-to-import-certificates-for-mutual-authentication/td-p/240333
The method is marked as deprecated, but is the only way to achieve the desired behavior.
Edit:
This well written blog post recommends a similar strategy:
http://eplatypus.blogspot.com/2012/09/using-third-party-generated.html
All Answers
Did you try (your first link)?:
http://wiki.developerforce.com/page/Making_Authenticated_Web_Service_Callouts_Using_Two-Way_SSL
On Tutorial #3, if you use the public CA signed SSL, you don't need to reload the certificate (created on Salesforce and signed by public CA) on the other server.
Andreas, did you find resolution to this problem? I desire the same behaviour.
I followed the toturials to setup my development org., but now, like you, wish to package this certificate access.
scrwball, I have found a solution using the method:
You can use this to hard-code a certificate and password into your Apex class.
The documentation can be found here:
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_restful_http_httprequest.htm
As well as some related discussion (in the replies):
http://boards.developerforce.com/t5/Security/Ability-to-import-certificates-for-mutual-authentication/td-p/240333
The method is marked as deprecated, but is the only way to achieve the desired behavior.
Edit:
This well written blog post recommends a similar strategy:
http://eplatypus.blogspot.com/2012/09/using-third-party-generated.html