function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

SSL certificates

I have uploaded a certificate. I have created a vf page to enter its name but as a part of validation I need to check if certificate name is correct i.e. whether that certificate exists in my org (uploaded in org)

Though I know it throws an an error during callout but is there a way to check before hand i.e. at the time of giving certificate name in my vf page

Thanks in advance
NagaNaga (Salesforce Developers) 
Hi Gaurav,

Please let me know if you are getting the error below:

Untrusted SSL Client
(HTTP Response Code: 503)
A Web site presents an incorrect or invalid certificate or a configuration error has occurred.

It looks like the client certificate you receive does not have the expected properties. Specifically, it looks like it's subject canonical name field isn't matching the expected ""

In your situation, I would setup a tcpdump on the external interface of your reverse proxy waiting for a connection from I'd then feed the result of that trace into wireshark so that it would parse the SSL handshake and allow you to grab the of the certificate used for SSL client authentication.

That should give you a good indication of what is failing.

What SSL certificates does Salesforce support for Delegated Authentication SSO, Apex callouts, Outbound Messaging, and other callouts?

When 2-way SSL/mutual authentication is configured on a target endpoint, if the target server does not advertise the CA signed certificates it accepts, Salesforce will not send the configured custom certificate when making HTTPS callouts. The target endpoint needs to tell in the HTTPS ServerHello message the list of accepted certificate subject distinguished names (DN) that it accepts. If the provided certificate is signed by at least one of those DNs or if it has a certificate chain where at least one of those certificates was signed by a cert identified by the DNs that the server advertised, then will send the client certificate.

Best Regards
Naga Kiran
Thanks Naga, I just need to check that the name of the certificate provided in my vf page is valid. 

This means, is there any way through SOQL query or anything that I can check if the given certificate exist in my salesforce org.?

Suppose for e.g. you created a self-signed certificate named 'testcert.cert' Now you created a vf page where you ask user to input certificate name. Say, he enters 'XYZ' then it should throw error and if it gives 'testcert' then it should pass the validation
I have created a workaround for this : 

Create a small http callout, say to Google, if you provide incorrect certificate then you will get error,

If anybody has anyother standard solution then pls let me know
Hi Naga,

I am facing the issue with SSL certificate that is not trusted when i checked in the digicert site. the endpoint URL is intranet and we  are able to connect with other tools except Saleforce. Is there any way to skip the error in Salesforce. becuse in JAVA and .net there is a way to skip this type of error.

I am getting "certificate unauthorized error" when connecting through REST API.
while uploading the certificate into certification key management getting the file is corrupted error.

Patrik JakoberPatrik Jakober
Hi gaurav.sfdc,

I know it's a bit late but I was facing the exact same issue so I thought I might share my findings anyway:
I also couldn't find a way to query the certificate name and validate it, so I did the following:
Boolean validateCertifcateName(String certificateName) {
    Auth.JWT jwt = new Auth.JWT();
    Auth.JWS jws = new Auth.JWS(jwt, certificateName);
    try {
        return true;
    } catch System.NoDataFoundException e) {
        return false;

Calling getCompactSerialization() results in a ​System.NoDataFoundException which can be caught.
That's probably not the most elegant solution, but it's the only one I could find without making an extra callout.

Best regards