+ Start a Discussion

Urgent: need help with CertificateException

SFDC gurus,

I am new to SFDC and have implementaeda integration of our java web app. with SFDC. This integration is working fine on DEV sandbox and DEV server. But on staging we get the System.CalloutException: java.security.cert.CertificateException.

The remote site setting is set to the proper url 'https://ccc.bbb.com and is active. The endpoint works fine when used in a browser.
Below is the exception that we see in logs. The same endpoint works fine in browser. Any ideas for solving this issue?


08:38:48.049 (49762000)|SYSTEM_METHOD_EXIT|[16]|System.HttpRequest.setEndpoint(String)
08:38:48.049 (49813000)|SYSTEM_METHOD_ENTRY|[22]|System.Http.send(ANY)
08:38:48.049 (49891000)|CALLOUT_REQUEST|[22]|System.HttpRequest[Endpoint=https://ccc.bbb.com/MyWebApp/getPrimary.htm?id=430783, Method=GET]
08:38:48.235 (235735000)|EXCEPTION_THROWN|[22]|System.CalloutException: java.security.cert.CertificateException: No name matching croc1-stg.toshiba-solutions.com found
08:38:48.235 (235854000)|SYSTEM_METHOD_EXIT|[22]|System.Http.send(ANY)









The SSL certificates used by Sites in sandbox aren't accepted by all browsers and web service clients. Production sites and developer edition sites using the Force.com domain will not give you this problem.


SSL isn't currently supported with a custom web address in Sites.


Also if you are trying to access the webservice with URL that is different than it mentioned in the certificate (say if you are using IP address instead of dns-name) then you should get this error. If that URL you are using is not specified in "dnsName" attribute while creating the certificate. 


If, more than one identity of a given type is present in   the certificate (e.g., more than one dNSName name, a match in any one   of the set is considered acceptable.) Names may contain the wildcard   character * which is considered to match any single domain name   component or component fragment. E.g., *.a.com matches foo.a.com but   not bar.foo.a.com. f*.com matches foo.com but not bar.com.


Hi Vinta,

we are not doing sites. We are just making Http Callout from SFDC to java web application. This webapp is hoste on weblogic server. The exception happens when we make call from withthin SF page to the webservice.

IS there anyway we can see what is the exact payload we get back from the server in the SFDC debug logs, meaning instead of just seeing exception can we see the whole response?





Hi mk2013,

Did you find any solution for the issue, I am also facing same problem.