+ Start a Discussion
Hetal ShethHetal Sheth 

WebService Outbond Call Question

We are building outbound webservice call. We have built a client that is invoking external web service. Our web service provider has created following JKS (and password). Unfortunately, when we import JKS file and password, we are seeing following error.

You've created 0 non-expired certificates out of a limit of 50.

Here is how we created certificate

Keystore type: jks
Keystore provider: SUN
 
Your keystore contains 1 entry
 
Alias name: sfcert
Creation date: Jun 8, 2015
Entry type: trustedCertEntry
 
Owner: CN=armpilot.hud.gov, OU='TMD', O='US Department of Housing and Urban Development', L='Washington D.C.', ST='District Of Columbia', C=US
Issuer: C=US, ST=West Virginia, L=Charleston, O=HP-HUD, OU=Opensystems,EMAILADDRESS=charles.swiger@hp.com, CN=hwvalap3222.hud.gov
Serial number: 4c
Valid from: Mon Jun 01 15:16:12 EDT 2015 until: Thu May 29 15:16:12 EDT 2025
Certificate fingerprints:
         MD5:  7E:21:1E:A4:C0:ED:5E:4D:D0:2C:58:58:8B:AF:E3:A9
         SHA1: 12:C2:95:C3:EA:A7:91:89:75:4D:D6:E5:95:AF:71:E8:AD:B4:CB:CD
 
NagaNaga (Salesforce Developers) 
Hey Hetal,

When a certificate is expired, its revocation status is no longer published. That is, the certificate might have been revoked long ago, but it will no longer be included in the CRL. Certificate expiration date is the cut-off date for CRL inclusion. That's the official reason why certificates expire: to keep CRL size bounded.

(The unofficial reason is to make certificate owners pay an annual fee.)

So you cannot trust an expired certificate because you cannot check its revocation status. It might have been revoked months ago, and you would not know it.

Best Regards
Naga Kiran
Hetal ShethHetal Sheth
Hi Naga,
Thanks for your suggestion.
I have check the expiration date.
It has expiration date below
Thu May 29 15:16:12 EDT 2025

Please help me to resolve issue?
--------------------------------------------------------------------------------------------------------------------
Alias name: sfcert
Creation date: Jun 8, 2015
Entry type: trustedCertEntry
 
Owner: CN=armpilot.hud.gov, OU='TMD', O='US Department of Housing and Urban Development', L='Washington D.C.', ST='District Of Columbia', C=US
Issuer: C=US, ST=West Virginia, L=Charleston, O=HP-HUD, OU=Opensystems,EMAILADDRESS=charles.swiger@hp.com, CN=hwvalap3222.hud.gov
Serial number: 4c
--------------------------------------------------------------------------------------------------------------------
Valid from: Mon Jun 01 15:16:12 EDT 2015 until: Thu May 29 15:16:12 EDT 2025
--------------------------------------------------------------------------------------------------------------------
Certificate fingerprints:
         MD5:  7E:21:1E:A4:C0:ED:5E:4D:D0:2C:58:58:8B:AF:E3:A9
         SHA1: 12:C2:95:C3:EA:A7:91:89:75:4D:D6:E5:95:AF:71:E8:AD:B4:CB:CD