You need to sign in to do that
Don't have an account?
The default Outbound Message certificate has expired
Hi,
I am trying to implement 2-way SSL on our Outbound Messages.
I understand there is a default Client Certificate that is included with all Outbound Messages. However, the administrator of the endpoint tells me that this default Client Certificate expired on Dec 7 2011. And has shown me logs from the endpoint to prove it:
Sep 18 09:54:10 BQLEPLPFSLT03 info tmm[14058]: Rule /Common/Salesforce-Cert <CLIENTSSL_HANDSHAKE>: Subject = CN=proxy.salesforce.com,OU=Application,O=Salesforce.com\, Inc.,L=San Francisco,ST=California,C=US, Hash = a5:55:24:61:c8:6c:fb:52:5f:17:99:d5:64:96:e7:9f and CN=proxy.salesforce.com, Expiry date = Dec 7 00:00:00 2011 GMT
The only other related posting I could find was this one (but it is 5 years old and inconclusive in terms of a solution).
http://boards.developerforce.com/t5/Java-Development/Salesforce-Client-SSL-certificate-is-expired/td-p/82683
How do I get the default Client Certificate updated? I am currently in a sandbox environment.
Hi,
Seems you are using old certificate. I woul suggest you to download new certificate, you can file a case with Support, or follow these instructions:
Vinita,
Thanks for responding but you've given me instructions on how to update the certificate on the receiving application server. In this case I am talking about the default Client Certificate that is send with EVERY Outbound Message. Our one has an expired date on it.
In this case the certs DON'T match. They don't match because the one in the SSL handshake has expired - it's different from the one that I downloaded via Setup | Develop | API.
- The cert that I've downloaded and sent to the endpoint administrator is valid until 8/12/2013.
- The cert that is automatically sent with the Outbound Messages expired on 7/12/2011.
> Seems you are using an old certificate?
Yes. That is why I've created this post - the cert that is sent with the Outbound Messages has expired and I don't know how to get it updated.
Thanks for raising this, ScottC. To help expedite the resolution of this, can you share which instance your organization lives on, such as NA1, NA8, EU1, AP1, CS1, CS5, etc? That is, the instance that is experiencing this issue. The automated tests are showing that all is well across the instances, so knowing the instance will help narrow down the investigation.
Thanks
Just a follow up to anyone reading this.
The fault lay in the administrator of the endpoint. He had constructed an iRule to examine the [Not Valid Before] date instead of the [Expiry Date].
There was nothing wrong with the SFDC cert.