function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

"Unknown_ca" while making a call out using two way SSL authentication

I am making a call out from salesforce to an external server using two way SSL. Server has a certificate which is signed by digicert intermediate certificate (DigiCert SHA2 High Assurance Server CA) which in turn signed by digicert root certificate(DigiCert High Assurance EV Root CA) and salesforce is presenting a self-signed certificate which is installed in servers trust store.

Still we are not able to make callout because salesforce raises an exception which says “unknown_ca”.

After researching, I found a list of SSL CA which salesforce supports, the list has 3 digicert ROOT certificates and NO INTERMEDIATE certificates.

So my question is, while salesforce validates the the server certificate does the entire chain of certificates needs to be installed in there trust store? or only the root certificate is enough to validate?

What about signature algorithm ? Does salesforce support SHA2 ? as my intermediate certificate is based on SHA2 and root is SHA1

Entire chain of certificates needs to be installed. Supported algorithms are- MD5, SHA1, SHA256 and SHA512.