function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
_Andreas__Andreas_ 

Package two-way SSL certificates

I've found several good tutorials describing two-way SSL authentication for external REST services:
http://wiki.developerforce.com/page/Making_Authenticated_Web_Service_Callouts_Using_Two-Way_SSL
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_callouts_client_certs_http.htm

These seem to indicate that the process is repreated for each org that wants to use two-way SSL.  Is it possible to develop a app (managed package) which supports two-way SSL without additional configuration required by the installer?

 

The goal is not to authenticate individual client orgs.  The goal is to simply verify that requests reaching my REST server originated from Salesforce.com.

 

To elaborate, the goal is to publish on the AppExchange, and allow customers to install the SF app and immediately access an external REST service over two-way SSL without any configuration by the customer.

 

Thanks,

Andreas

Best Answer chosen by Admin (Salesforce Developers) 
_Andreas__Andreas_

scrwball, I have found a solution using the method:

HttpRequest req;
String cert, password;
req.setClientCertificate(cert,password);

 

You can use this to hard-code a certificate and password into your Apex class.

The documentation can be found here:
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_restful_http_httprequest.htm


As well as some related discussion (in the replies):
http://boards.developerforce.com/t5/Security/Ability-to-import-certificates-for-mutual-authentication/td-p/240333

 

The method is marked as deprecated, but is the only way to achieve the desired behavior.

Edit:
This well written blog post recommends a similar strategy:
http://eplatypus.blogspot.com/2012/09/using-third-party-generated.html

All Answers

38Force38Force

Did you try (your first link)?: 

http://wiki.developerforce.com/page/Making_Authenticated_Web_Service_Callouts_Using_Two-Way_SSL

 

On Tutorial #3, if you use the public CA signed SSL, you don't need to reload the certificate (created on Salesforce and signed by public CA) on the other server.

 

scrwballscrwball

Andreas, did you find resolution to this problem? I desire the same behaviour. 

I followed the toturials to setup my development org., but now, like you, wish to package this certificate access. 

_Andreas__Andreas_

scrwball, I have found a solution using the method:

HttpRequest req;
String cert, password;
req.setClientCertificate(cert,password);

 

You can use this to hard-code a certificate and password into your Apex class.

The documentation can be found here:
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_restful_http_httprequest.htm


As well as some related discussion (in the replies):
http://boards.developerforce.com/t5/Security/Ability-to-import-certificates-for-mutual-authentication/td-p/240333

 

The method is marked as deprecated, but is the only way to achieve the desired behavior.

Edit:
This well written blog post recommends a similar strategy:
http://eplatypus.blogspot.com/2012/09/using-third-party-generated.html

This was selected as the best answer