function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
ScottC.ax1850ScottC.ax1850 

The default Outbound Message certificate has expired

Hi,

I am trying to implement 2-way SSL on our Outbound Messages.

I understand there is a default Client Certificate that is included with all Outbound Messages. However, the administrator of the endpoint tells me that this default Client Certificate expired on Dec 7 2011. And has shown me logs from the endpoint to prove it:

Sep 18 09:54:10 BQLEPLPFSLT03 info tmm[14058]: Rule /Common/Salesforce-Cert <CLIENTSSL_HANDSHAKE>: Subject = CN=proxy.salesforce.com,OU=Application,O=Salesforce.com\, Inc.,L=San Francisco,ST=California,C=US, Hash = a5:55:24:61:c8:6c:fb:52:5f:17:99:d5:64:96:e7:9f and CN=proxy.salesforce.com, Expiry date = Dec 7 00:00:00 2011 GMT

The only other related posting I could find was this one (but it is 5 years old and inconclusive in terms of a solution).
http://boards.developerforce.com/t5/Java-Development/Salesforce-Client-SSL-certificate-is-expired/td-p/82683

How do I get the default Client Certificate updated? I am currently in a sandbox environment.

Vinita_SFDCVinita_SFDC

Hi,

 

Seems you are using old certificate. I woul suggest you to download new certificate, you can file a case with Support, or follow these instructions:

  1. Download the certificate from http://wiki.developerforce.com/images/3/34/New_proxy.salesforce.com_certificate_chain.zip
  2. Unzip the certificate and import it into your application server, and configure your application server to request the client certificate. The application server then checks that the certificate used in the SSL/TLS handshake matches the one you downloaded.
ScottC.ax1850ScottC.ax1850

Vinita,

 

Thanks for responding but you've given me instructions on how to update the certificate on the receiving application server.  In this case I am talking about the default Client Certificate that is send with EVERY Outbound Message.  Our one has an expired date on it.


In this case the certs DON'T match. They don't match because the one in the SSL handshake has expired - it's different from the one that I downloaded via Setup | Develop | API. 
- The cert that I've downloaded and sent to the endpoint administrator is valid until 8/12/2013. 
- The cert that is automatically sent with the Outbound Messages expired on 7/12/2011.

> Seems you are using an old certificate?
Yes. That is why I've created this post - the cert that is sent with the Outbound Messages has expired and I don't know how to get it updated.

Steven LawranceSteven Lawrance

Thanks for raising this, ScottC. To help expedite the resolution of this, can you share which instance your organization lives on, such as NA1, NA8, EU1, AP1, CS1, CS5, etc? That is, the instance that is experiencing this issue. The automated tests are showing that all is well across the instances, so knowing the instance will help narrow down the investigation.

 

 

Thanks

ScottC.ax1850ScottC.ax1850

Just a follow up to anyone reading this.

 

The fault lay in the administrator of the endpoint.  He had constructed an iRule to examine the [Not Valid Before] date instead of the [Expiry Date].

 

There was nothing wrong with the SFDC cert.