function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
gaurav.sfdcgaurav.sfdc 

Salesforce not sending certificate to server (Netscaler)

Our client is using Netscaler, they have put client cert as OPTIONAL and handeling certificate authentication at application layer i.e. PHP code.
It works for them in internal testiing using curl etc but when we ping through Salesforce it fails.

In logs it shows Client certificate not sent. I checked this article, this should be condition for sending certificate 
https://help.salesforce.com/apex/HTViewSolution?id=000180836&language=en_US

When I ping same certificates to another normal tomcat server, it works fine.

Can anybody tell what specific setting is required at Netscalar level to make it working

Any help would be appreciated
 
NagaNaga (Salesforce Developers) 
Hi Gaurav,

You require some knowledge on SAML and NetScaler in general to be able to configure this and understand what you are doing.
NetScaler 10.5 (or higher) Enterprise Edition (we need AAA feature)
A directory to talk to (LDAP based, AD preferred)
The ability to create certificates (PKI / On the NetScaler / etc.)

Please see the link below for more info

https://netscalerrocks.com/netscaler/netscaler-10-5-saml-identity-provider-idp/

Best Regards
Naga Kiran
gaurav.sfdcgaurav.sfdc
Thanks Naga,

They added the self signed certificates and it worked but for Public signed certificates it failed. So far I know we dont need to add public signed certificates as when I tested with tomcat it worked (I do not added public signed certificate in tomcat). public signed certificate comes as a bundle (mycert-->signedby intermediate cert. --> signed by root) , how they should upload it. Are client certificates uploaded the same way as server certificates? Another thing is why we need to add public signed certificate in Netscaler when it is not required with Tomcat