function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Heidi RichterHeidi Richter 

Issues with remote site security - new certificate

 

I have setup a 'Remote Site setting' and in 'Develop / Custom Setting' I've added the 'Web Service Settings'.

We are currently getting the error:

IO Exception: java.security.cert.CertificateException: No name matching dt-esb.workcover.com found

when calling an integration end point from within our Salesforces application. This integration end point has been working for some time up until a recent certificate upgrade. The message/failure below is displaying in all test Salesforce sandpit environments. (all calling the same test dt-esb.workcover.com integration server).

The production Salesforce application is working and is not displaying the message/failure below although the certificate was updated there as well.

We have confirmed that the dt-esb.workcover.com (web service url) is working by calling the same url using SoapUI. Using this tool returns the expected result.

 

Salesforce assisted by checking the call and reported back this problem:

>>>>>>>>>>>>>>>>>>>>>>>>> 

got Exception : javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

 

Remote server's SSL/TLS configuration has one or more errors or warnings

Error: The domain name dt-esb.workcover.com wasn't in the supported set of domain names in the certificate: Thesis.headoffice.corporate.local.

Error: No certificates in the chain are trusted by Salesforce.com's list of trusted certificate authority certificates.

 

Remote Server Certificate Chain

Subject: CN=Thesis.headoffice.corporate.local, O=WorkCover, C=AU

Valid between 7/18/2013 12:42:13 AM PDT and 7/17/2018 12:42:13 AM PDT.

Issuer: CN=Thesis.headoffice.corporate.local, O=WorkCover, C=AU

Error: Self-signed certificate "CN=Thesis.headoffice.corporate.local, O=WorkCover, C=AU" found. This is not supported. A certificate that has been signed by a trusted certificate authority must be used.

It seems like a configuration issue at your end. Please check with your infrastructure team to check the configuration to avoid the above errors.

<<<<<<<<<<<<<<<<<<<<<<<<< 

Our Infrastructure people don’t understand why Salesforce is hitting our Thesis certificate which is the machine certificate and is an untrusted certificate.

 

Salesforce support suggested to try the Developer support as they are running out of ideas.

Heidi – WorkCover SA

Sonam_SFDCSonam_SFDC
Hi Heidi,

Let me check your setup, I understand you must have given the details on the case you've raised with us - will update you with my findings..
Heidi RichterHeidi Richter
Hello Sonam
I haven't heard from you for quite some time. I really would appreciate some assistance!!
Heidi
Arun BalasubramanianArun Balasubramanian
Hi Sonam or Heidi, can  you share the details on how this was resolved ? We are running into this same error when trying to connect to Cast Iron from our outbound message after upgrading our cert (it was working fine until then). Appreciate a response.
Heidi RichterHeidi Richter
Hello, for us it was a Networking issue related to the removal of  “unused” firewall ports.
That's all I was able to get out from our Network group.