+ Start a Discussion
Nicolas VuillamyNicolas Vuillamy 

Need workaround for CallOut to HTTPS with invalid certificate

Hi ,

I'm currently facing the following problem :

- I need to connect SalesForce via CallOut to a REST API hosted on AWS 
- The certificate on this AWS is not valid ( we're currently setting up the env )
- I tried to disable protocol security on the named credential
- I still have error System.CalloutException: java.security.cert.CertificateException: No name matching ec2-XXXXXXX.eu-west-1.compute.amazonaws.com found

Is there a way to really deactivate the certificate check , knowing that i can't have a valid certifiate for some time and I need to do tests asap ?

Some more infos :

Named Credential:
Label AIARESTAPI
Name AIARESTAPI
URL https://ec2-XXXXXXX.eu-west-1.compute.amazonaws.com/csc/insurance/
Certificate : none
Identity Type Anonymous
Authentication Protocol No Authentication

Remote site setting :
Remote Site Name GTAIA_SaaS_Omni
Remote Site URL https://ec2-XXXXXXX.eu-west-1.compute.amazonaws.com
Disable Protocol Security Checked
Active Checked

Code:
String uri ='quotes/' ;
String httpMethod = 'GET' ;

Http h = new Http();
HttpRequest req = new HttpRequest();

// Set endpoint
String endpoint = 'callout:AIARESTAPI/' + uri ;
req.setEndpoint(endpoint);
// Set Http method ( GET,POST,PUT ...)
req.setMethod(HttpMethod);

// Set Http headers
req.setHeader('Accept','*/*'); //'application/vnd.hal+json');
req.setTimeout(5000);

System.debug('Request: '+req);

// Process the call to remote API
HttpResponse res = h.send(req);
return res ;

Result:
System.CalloutException: java.security.cert.CertificateException: No name matching ecXXXXXXX.eu-west-1.compute.amazonaws.com found

Many thanks & best regards
ShivaKrishna(Freelancer)ShivaKrishna(Freelancer)
Hi there,

In an outbound integration cerificate be sent from Salesforce to external system along with the certicate which would be verified on external system end. Normally that cerificate will be verify at the firewall of the external system. So I would suggest you to talk to your external system techies and ask them to remove certificate verification logic for sometime.

let me know, if it helps you or need any help :)
shiva.sfdc.backup@gmail.com
Nicolas VuillamyNicolas Vuillamy
Hi Shiva ,

I already requested him, but he says he can't switch from HTTPS to HTTP, even if the remote certificate is invalid :/
I would really need something like groovy HttpBuilder ignoreSSLIssues() doesn't it exist with Apex callouts ?

Thanks & best regards