You need to sign in to do that
Don't have an account?
AndreyVol
Outbound Message: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Hi,
I am looking for some help with the following:
I get the following error when attempt to send outbound message to my test server: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
- I have a real certificate installed on the server.
- I am also able to view the listener description when I point browser on my dev workstation to the test server (same URL as the endpoint specified in my O/B message).
- In the IIS log, I can see all the hits from my dev workstation, but no hits from either of SFDC IPaddresses (204.14....)
Appreciate any info that will help me understand and debug this, or at least point me in the right direction.
Thanks!
I am looking for some help with the following:
I get the following error when attempt to send outbound message to my test server: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
- I have a real certificate installed on the server.
- I am also able to view the listener description when I point browser on my dev workstation to the test server (same URL as the endpoint specified in my O/B message).
- In the IIS log, I can see all the hits from my dev workstation, but no hits from either of SFDC IPaddresses (204.14....)
Appreciate any info that will help me understand and debug this, or at least point me in the right direction.
Thanks!
My sample php script produces the following response ($tf = true):
function respond($tf) {
print '<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<notifications xmlns="http://soap.sforce.com/2005/09/outbound">
<Ack>' . $tf . '</Ack>
</notifications>
</soapenv:Body>
</soapenv:Envelope>';
}
Any help would be much appreciated.
Thanks
Colin Goldberg
Colin Goldberg
A related question:
As I am using PHP (5.2) for my listener, are you aware of any issues that might arise in this respect. For example, does Salesforce's certificate have any restrictions/differences in communicating with anything other than Java or .Net (even if an authority on your list - say GeoTrust - is used)? Are there specific versions of, say, curl or openssl that I would need to be fully compliant?
Many thanks for your help.
Colin Goldberg
My certificate was (simply!) reissued, and is the "exact identical certificate as before with different validation".
I hope this helps anyone who may have encountered a similar problem.
Regards
Colin Goldberg
We are using self-signed certificate.
I have gone through this link on same forum- Outbound message error, peer not authenticated
but unable to find out the solution.
Any pointers will be really helpful.
Thanks,
Swapnil
Is having the endpoint configured to request a client certificate from the OM delivery process supported at this time or, if not, are there plans to support it?
More directly, our service developer is asking can Saleforce OM make an authenticated call or the best way to authenticate the call is from Salesforce.
Hi NPM,
As far as I'm aware, all outbound calls that go from Salesforce.com to your endpoint server will send the proxy.salesforce.com client certificate if your endpoint requests a client certificate. This includes workflow outbound messaging. It's possible to perform an exact match against the proxy.salesforce.com certificate that you can download from Setup | App Setup | Develop | API | Client Certificate.
If you want to ensure that the request is coming from your organization and not a random Salesforce.com customer, additional steps can be used. It is possible to send a session ID with your outbound message, and with that session ID, it's possible for your endpoint to use that session ID to call getUserInfo() on your Salesforce.com instance's API endpoint (na5-api.salesforce.com, ap0-api.salesforce.com, etc) to get the user ID and organization ID, which can both be compared against what you expect to see. If they don't equal, then either the outbound message's user changed, another user in your org is sending that message to your endpoint, or a user in another customer org is sending that message.
Hopefully, this helps.
We were getting javax.net.ssl.SSLPeerUnverifiedException: SSL Peer shut down incorrectly >>
The issue was though we had shared Certificate (self-signed) as well as WSDL from the outbound message with the third party Integration systems/applications. while outbound messages were getting triggered from SFDC the request was going to third-party system without the SSL certificate in the request XML, for this - we had to go to Certificate and Key Management> API Client Certificate -- select the certificate name