You need to sign in to do that
Don't have an account?
Anto Hotelbeds
Import server certificate to Salesforce
Hi all,
I need to make a call out to an external web service from Salesforce. The administrator of the server has sent me a certificate for https communications.
How can I upload this certificate into Salesforce? I read something about generating a CA-signed certificate from Salesforce but, my question is, cant I just upload the certificate I got directly into Salesforce?
Thanks a lot. Regards,
Antonio
Please see this link : https://help.salesforce.com/apex/HTViewHelpDoc?id=security_keys_uploading_mutual_auth_cert.htm&language=en_US
So, Salesforce has an article that states that it will not trust any server it is connecting to without the server having a CA-signed cert installed. This is correct. This must be installed on the server that Salesforce is connecting to. Jia Hu is correct: a certificate does not need to be on the Salesforce end (if your server does not require one to be presented to it). Only if you choose to require Salesforce to present a certificate (in this case it would be a CLIENT certificate) then this is when you would use the buttons "Create Self-signed Certificate" or "Create CA-signed Certificate".
My understanding is that from Salesforce, you can present it in one of 2 ways:
1. Directly using the "Unique Name" or "Alias" which is specified at the creation of the cert: 2. Using a "Named Credential":
There may be other ways, but these are what I am aware of.
When making a "New Named Credential" you have some options. You can use OAuth, or just basic username and password auth, or you can use a certificate...I think you can use both a cert and username/password but don't quote me on that.
In our case, our code was written to use a named credential. All that was required by our server was a username and password (don't worry--we have other security measures in place), so we only needed to choose basic authentication in the Named Credential and enter the username and password it would use to connect to our server.
So the moral of the story is that you can get this working with this minimal configuration: