+ Start a Discussion

How to make use of self-signed certificate (by SF) in a 2 way communication via a HTTP callout?

Hi there,


I am kind of new to SSL so any help is greatly appreciated. 


I have a self-signed certificate generated within Salesforce.  According to the documentation, when making HTTPs callout to a 3rd party service, I have to deliver this SF signed cert to the 3rd party.  This part makes sense because the 3rd party needs the cert to decrypt data that is encrypted by the private key associated to the cert (which SF has). 


But how about the response from the 3rd party system back to Apex?  It seems like the 3rd party system will need (in addition to the signed cert) the private key associated to the self-signed cert generated by SF to encrypt the data back to Apex?  Is this correct? If so, will I need the private key SF used to generate that specific cert in the first place?





Ah, I think I know what I am missing here.  In order for this to work, the 3rd party probably has to provide its own self-signed certificate to be added to the SF keystore.  However, SF does not currently allow uploading of 3rd party self-signed certs to treat as trusted ...