+ Start a Discussion
Chris LitesChris Lites 

REST Post from SFDC using SSL certs provided by destination vendor

Hi folks,

I was having a bit of difficulty figuring out how to implement an integration and I was hoping someone might have some insight. What I need to to is make an HTTPS callout from SFDC to another system where there system is expecting an incoming XML file where the connection is secured with SSL and they provide SSL files. I am unaware of how to use their SSL files within SFDC and my APEX code. I have seen plenty of discussions of how to generate SSL certificates in SFDC but I assume that I should just be using theirs and I am not sure how. I have also seen many examples going from an external source and posting in to SFDC but not much the other way around. I have also seen that this may be how to use it in APEX once it is generated but that same material only explains how to create it in SFDC, not how to use a provided certificate.

below is my current code which is hitting their server but returning an unauthorized 401 error. Sensitive or unnecessary parts have been changed/removed.
@future (callout=true)
public static void basicAuthCallout(String name, Id id){
system.debug('point 3');
String xmlToEscape = '<?xml version="1.0" encoding="UTF-8"?>' +
'<PartnerRecord version="2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="PartnerXml.xsd">' +
'<PartnerId>' + id + '</PartnerId>' +
'<OrgCode></OrgCode>' +
	'<CompanyCode></CompanyCode>' +
'<Name>' + name + '</Name>' +
// unnecessary parts of XML string removed

String xmlToSend = xmlToEscape.escapeXml();
HttpRequest req = new HttpRequest();
req.setEndpoint('https://example integration endpoint URL');

// Specify the required user name and password to access the endpoint 

// As well as the header and header information 

String username = 'exampleUserName';
String password = 'examplePassword';

Blob headerValue = Blob.valueOf(username + ':' + password);
String authorizationHeader = 'BASIC ' +
req.setHeader('Authorization', authorizationHeader);
// Create a new http object to send the request object 

// A response object is generated as a result of the request   

Http http = new Http();

HttpResponse res = new HttpResponse();
try {
           res = http.send(req);
   catch(System.CalloutException e) {
       System.debug('Callout error: '+ e);
//HTTPResponse res = http.send(req);
and here is the info that I got from the 3rd party as well as 2 zip files:

Please find the following information related to our SSL certificates and authentication:
Attached are the certificates:
STAR.MANAGEMENTDYNAMICS.COM.zip: This has a wild card certificate; like: *.managementdynamics.com. It works for both eoduat (test) and eod (production).
root-intermediate-certificates.zip: This has three certificate files; one root and two intermediate 
Our certificates are issued by:

Network Solutions CA company
Network Solutions CA company gets their certificate signed from UTN-USERFIRST CA company
UTN-USERFIRST CA company gets their certificate signed from AddTrustExternal CA  (this is root CA) 
In order to make a secured connection, your certificate store must have intermediate & root certificates. If you already have these, there is no need to import them. 
The Actual SSL Certificates in STAR.MANAGEMENTDYNAMICS.COM.zip are valid until 01/16/2018. 
Our servers do not support non-SSL connections. While sending the inbound XML request, you have to set the Authorization HTTP header in the following format in order to successfully logon (Reference Section 3.1.3, page 28 of Integration guide): 
Basic<Space><Base 64 Encode(UserName:Password)>
Be sure to post your files to the correct URL based on whether you want to send to the test or the production environment, and be sure you use the correct UserName and Password for each environment.

finally, a slightly off topic question, I have set them up as a remote site but I just used the base URL of their company, I did not include the application context after the .com that I use for the endpoint connection. Is this correct or do I put the whole endpoint connection for the remote site? Anyway, any ideas or suggestions would be greatly appreciated. Thanks!

Hi Chris.

Please go through https://developer.salesforce.com/page/Making_Authenticated_Web_Service_Callouts_Using_Two-Way_SSL   for details 
Chris LitesChris Lites
Hi viruS,
Thanks for the reply. I actually read through that article before posting. I read through it again though and I am still a bit confused. It mentions how to create a signed client certificate in SFDC and then how to upload that cert once it is created. I have seen other articles like this too. Where I am confused is that the 3rd party already provided certificates so I do not need to creat them, at least I think. I need to use theirs somehow. Or do I just create one as outlined there and try to use it. Sorry if I am just missing the obvious, using SSL certs is completely new to me and I am not sure exactly how to handle them.