+ Start a Discussion
Chris LitesChris Lites 

REST Post from SFDC using 3rd party provided SSL

Hi folks,

I was having a bit of difficulty figuring out how to implement an integration and I was hoping someone might have some insight. What I need to to is make an HTTPS callout from SFDC to another system where there system is expecting an incoming XML file where the connection is secured with SSL and they provide SSL files. I am unaware of how to use their SSL files within SFDC and my APEX code. I have seen plenty of discussions of how to generate SSL certificates in SFDC but I assume that I should just be using theirs and I am not sure how. I have also seen many examples going from an external source and posting in to SFDC but not much the other way around. I have also seen that this may be how to use it in APEX once it is generated but that same material only explains how to create it in SFDC, not how to use a provided certificate.

below is my current code which is hitting their server but returning an unauthorized 401 error. Sensitive or unnecessary parts have been changed/removed.
    @future (callout=true)
	public static void basicAuthCallout(String name, Id id){
	system.debug('point 3');
	String xmlToEscape = '<?xml version="1.0" encoding="UTF-8"?>' +
	'<PartnerRecord version="2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="PartnerXml.xsd">' +
	'<PartnerId>' + id + '</PartnerId>' +
	'<OrgCode></OrgCode>' +
 	'<CompanyCode></CompanyCode>' +
	'<Name>' + name + '</Name>' +
	// unnecessary parts of XML string removed
	String xmlToSend = xmlToEscape.escapeXml();
	HttpRequest req = new HttpRequest();
	req.setEndpoint('https://example integration endpoint URL');
	// Specify the required user name and password to access the endpoint 
	// As well as the header and header information 
	String username = 'exampleUserName';
	String password = 'examplePassword';
	Blob headerValue = Blob.valueOf(username + ':' + password);
	String authorizationHeader = 'BASIC ' +
	req.setHeader('Authorization', authorizationHeader);
	// Create a new http object to send the request object 
	// A response object is generated as a result of the request   
	Http http = new Http();
	HttpResponse res = new HttpResponse();
	try {
            res = http.send(req);
    catch(System.CalloutException e) {
        System.debug('Callout error: '+ e);
	//HTTPResponse res = http.send(req);

and here is the info that I got from the 3rd party as well as 2 zip files:

Please find the following information related to our SSL certificates and authentication:
Attached are the certificates:
STAR.MANAGEMENTDYNAMICS.COM.zip: This has a wild card certificate; like: *.managementdynamics.com. It works for both eoduat (test) and eod (production).
root-intermediate-certificates.zip: This has three certificate files; one root and two intermediate 
Our certificates are issued by:

Network Solutions CA company
Network Solutions CA company gets their certificate signed from UTN-USERFIRST CA company
UTN-USERFIRST CA company gets their certificate signed from AddTrustExternal CA  (this is root CA) 
In order to make a secured connection, your certificate store must have intermediate & root certificates. If you already have these, there is no need to import them. 
The Actual SSL Certificates in STAR.MANAGEMENTDYNAMICS.COM.zip are valid until 01/16/2018. 
Our servers do not support non-SSL connections. While sending the inbound XML request, you have to set the Authorization HTTP header in the following format in order to successfully logon (Reference Section 3.1.3, page 28 of Integration guide): 
Basic<Space><Base 64 Encode(UserName:Password)>
Be sure to post your files to the correct URL based on whether you want to send to the test or the production environment, and be sure you use the correct UserName and Password for each environment.

finally, a slightly off topic question, I have set them up as a remote site but I just used the base URL of their company, I did not include the application context after the .com that I use for the endpoint connection. Is this correct or do I put the whole endpoint connection for the remote site? Anyway, any ideas or suggestions would be greatly appreciated. Thanks!
Chris LitesChris Lites
Whoops, I think that this should be in the API's and Integration section. Is there a way for me to move it or should I just re-post it?
Chris LitesChris Lites
well, no replies so I reposted in the correct forum. I do not see a way to move or delete this post but if anyone knows how, I would be happy to do so.