Sign Up ›
  • Hari Krishnan
  • NEWBIE
  • 25 Points
  • Member since 2011
  • Chatter
    Feed
  • 1
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 3
    Replies
SOLVED
2 replies

Apex Runtime Exception: toDerInputStream rejects tag type 77"|0xb661bce

Hi,

I'm trying to make an apex callout to external secured (HTTPS) web service and I'm getting the following exception:

 

common.apex.runtime.impl.ExecutionException: IO Exception: toDerInputStream rejects tag type 77"|0x24444ac2

 

The external web service is a Cast Iron Web Service. CA signed certificate is imported into Cast Iron.

 

Here are the steps I followed:

 

1. I exported the key along with the password from the Cast Iron WMC.

2. Added the following code:

instance.endpoint_x         = 'https://server.mycompany.com/mywebservice';
        instance.inputHttpHeaders_x = new Map<String, String>();
        updateStatusInstance.inputHttpHeaders_x.put('OrganizationId', UserInfo.getOrganizationId());
        String sKey = ''; // the key that was exported from Cast Iron
        Blob keyBlob = Blob.valueOf(sKey);
        String sKeyBase64 = EncodingUtil.base64Encode(keyBlob);
        updateStatusInstance.clientCert_x = sKeyBase64;
        updateStatusInstance.clientCertPasswd_x = 'password';
        updateStatusInstance.timeout_x          = 60000;

 

I followed the advice from the following threads/blogs, but I still getting this error. It looks like the error happens if the key is of DER type. But when I exported the key, I did select the PKCS#12 format.

 

http://boards.developerforce.com/t5/Apex-Code-Development/Mutual-SSL-on-WebSvc-callouts-getting-a-jump-on-Summer-08/td-p/75898

 

http://techblog.kruelintent.com/post/13821841289/how-to-connecting-to-a-secure-web-service-https-from

 

What am I doing wrong? Any help would be much appreciated.

 

Regards,

Hari Krishnan.

SOLVED
2 replies

Apex Runtime Exception: toDerInputStream rejects tag type 77"|0xb661bce

Hi,

I'm trying to make an apex callout to external secured (HTTPS) web service and I'm getting the following exception:

 

common.apex.runtime.impl.ExecutionException: IO Exception: toDerInputStream rejects tag type 77"|0x24444ac2

 

The external web service is a Cast Iron Web Service. CA signed certificate is imported into Cast Iron.

 

Here are the steps I followed:

 

1. I exported the key along with the password from the Cast Iron WMC.

2. Added the following code:

instance.endpoint_x         = 'https://server.mycompany.com/mywebservice';
        instance.inputHttpHeaders_x = new Map<String, String>();
        updateStatusInstance.inputHttpHeaders_x.put('OrganizationId', UserInfo.getOrganizationId());
        String sKey = ''; // the key that was exported from Cast Iron
        Blob keyBlob = Blob.valueOf(sKey);
        String sKeyBase64 = EncodingUtil.base64Encode(keyBlob);
        updateStatusInstance.clientCert_x = sKeyBase64;
        updateStatusInstance.clientCertPasswd_x = 'password';
        updateStatusInstance.timeout_x          = 60000;

 

I followed the advice from the following threads/blogs, but I still getting this error. It looks like the error happens if the key is of DER type. But when I exported the key, I did select the PKCS#12 format.

 

http://boards.developerforce.com/t5/Apex-Code-Development/Mutual-SSL-on-WebSvc-callouts-getting-a-jump-on-Summer-08/td-p/75898

 

http://techblog.kruelintent.com/post/13821841289/how-to-connecting-to-a-secure-web-service-https-from

 

What am I doing wrong? Any help would be much appreciated.

 

Regards,

Hari Krishnan.

13 replies

Outbound messaging error - javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Hi All,
 
We are implementing Outbound messaging to one of our endpoint. The workflow is giving the following error :
 
 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
 
What kind of Server certificates are supported by Outbound messaging. Can we import our certs in trusted store ?.
 
Any help is appreciated.
 
Thanks
Manish 
SOLVED
17 replies

Mutual SSL on WebSvc callouts - getting a jump on Summer '08

Hey,

Looking at the Summer '08 Apex dev guide re setting up two-way SSL in WebSvc callouts.  The instructions are as follows (pp. 144-146 of the guide):
  1. Set up your Web server to request the SSL client certificate.
  2. Generate a PKCS12 key store with your client certificate.
  3. Verify that the server's trust keystore contains/accepts your client certificate
  4. Encode your client certificate keystore in base64 and assign it to a variable on the stub (in this case, clientCert_x).
Steps 1 thru 3 are done on the web server (the callout endpoint), is that correct?

Step 4 is the key one.  There's an example in the doc right after these steps, that purports to work with the sample WSDL file shown a page or two further down.  The example refers to two stub variables:  'clientCert_x' (as in the instructions) and 'clientCertPasswd_x'.  These are nowhere to be found in the sample WSDL nor its derived Apex stub class.

Presumably these variables, minus the '_x' suffixes, need to appear in the WSDL from the WebSvc endpoint as header variables, is that correct?  Is this something that falls naturally out of the first three steps above (plus a re-generation of the WSDL itself)?  You can't just go in and modify the stub class and add these variables manually, surely, as they will have no meaning to whatever consumes the class.

Thanks!  Would like to hit the ground running on this, when Summer '08 makes its production debut.

-philbo