Apex Code Development You need to sign in to do that
Don't have an account?
Cem_ PKIX path building failed error
Hi All,
I am trying to connect with a third party system via Web Services. Got a local certificate that given by an authority that is not on the salesforce's trusted list.
I did create a keystore and uploaded it into Salesforce. But when im trying to send requests to server 'PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target exception' error pops up.
I know there are other topics with that error on it but i want to know if this is related to my non-CA certificate or am i doing something wrong and can continue development with that that non-CA certificate.
Thank you all in advance.
I am trying to connect with a third party system via Web Services. Got a local certificate that given by an authority that is not on the salesforce's trusted list.
I did create a keystore and uploaded it into Salesforce. But when im trying to send requests to server 'PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target exception' error pops up.
I know there are other topics with that error on it but i want to know if this is related to my non-CA certificate or am i doing something wrong and can continue development with that that non-CA certificate.
Thank you all in advance.
As I understand, most SSL cert providers issue certificates to their customers using "Intermediate" certificates (which are signed by a "Root" certificate held by the issuing company).
Browsers (and Salesforce) trust the root certificates, so to have Salesforce trust the certificate that you were issued, your certificate needs to include the entire chain of certificates back up to one of the trusted root certificates (e.g. your cert -> intermediate cert -> root cert).
When the certificate chain is broken, you get this error.
Fixing SSL certs on external servers is beyond the scope of this site.
For further reference, you can check this too (https://help.salesforce.com/articleView?id=000326722&type=1&mode=1).
Let me know if it helps you and close your query by marking it as solved so that it can help others in the future.
Thanks.
"The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate
- This certificate issue should be fixed by the endpoint, your application (endpoint) server must send any intermediate certificates in the certificate chain, and the certificate chain must be in the correct order. The correct order is:
1.Server certificate.
2.Intermediate certificate that signed the server certificate if the server certificate was not signed directly by a root certificate.
3.Intermediate certificate that signed the certificate in step 2.
4.Any remaining intermediate certificates. Do not include the root certificate authority certificate. The root certificate is not sent by your server. Salesforce already has its own list of trusted certificates on file, and a certificate in the chain must be signed by one of those root certificate authority certificates.
Please find help article for the same here
Let me know if it helps
Thanks for fast reply.
I did the chain of certificates but forgot to mention it on question. So i think i have to specify those steps that i take to get that point.
My client sent me just one certificate on pfx format. Then i do following actions:
- Created a JKS and import certificate with that. After that i researched and found out i have to order certificates as you mentioned.
- Exported sub and root certificates from windows because i couldn't find them on pfx file.
- Opened client-intermediate-root certificates with notepad and simply copy-paste them with that order and updated the existed certificate on Salesforce.
My root certificate is not in Salesforce's trusted list is confuses me.
Can you guys correct me if my chain of certificate method is right?
I have already answered your query in the above.
https://help.salesforce.com/articleView?id=000326722&type=1&mode=1
Check the article.
Salesforce trusts only root certificate authority (CA) certificates, with few historical exceptions. Salesforce's certificate trust policy is to require server and client certificate chains to include all intermediate certificates that exist between the server or client certificate and the chain's root certificate. Salesforce will not honor requests to add intermediate certificates to its trust list. Salesforce trusts many generally trusted root certificates, but not all.
I hope it helps.
As I understand, most SSL cert providers issue certificates to their customers using "Intermediate" certificates (which are signed by a "Root" certificate held by the issuing company).
Browsers (and Salesforce) trust the root certificates, so to have Salesforce trust the certificate that you were issued, your certificate needs to include the entire chain of certificates back up to one of the trusted root certificates (e.g. your cert -> intermediate cert -> root cert).
When the certificate chain is broken, you get this error.
Fixing SSL certs on external servers is beyond the scope of this site. https://www.targetehr.me/
I have faced the same issue-SSL certificate Validation Error Finally We got it resolved. It is the issue with client Server Firewall. It is not allowing the Salesfore url(Site url) we got whitelisted it in all those firewall servers. Then it is working Fine without any errors.
Pls check with your Client IT Team for this Error.
OR It might be error with the certification as they might not be configured Properly or Its validation