Apex Code Development You need to sign in to do that
Don't have an account?
Salesforce Certificate Exception: No subject alternative DNS name matching found
Hi,
We are trying to make a callout to "https://support.breadwinnerhq.com/bwpayment/v1/accounts/00Db0000000b9t" from Salesforce. But, we are facing an exception:
System.CalloutException: java.security.cert.CertificateException: No subject alternative DNS name matching support.breadwinnerhq.com found.
The domain has a valid SSL certificate.
We have checked from SSL shopper: https://www.sslshopper.com/ssl-checker.html?submit=submit&hostname=support.breadwinnerhq.com (https://www.sslshopper.com/ssl-checker.html?submit=submit&hostname=support.breadwinnerhq.com)
But, still we are facing this issue.
We don't understand why is Salesforce not allowing us to make callouts to this domain when it has a valid SSL certificate and the browsers allow it.
Thanks,
Rupali
We are trying to make a callout to "https://support.breadwinnerhq.com/bwpayment/v1/accounts/00Db0000000b9t" from Salesforce. But, we are facing an exception:
System.CalloutException: java.security.cert.CertificateException: No subject alternative DNS name matching support.breadwinnerhq.com found.
The domain has a valid SSL certificate.
We have checked from SSL shopper: https://www.sslshopper.com/ssl-checker.html?submit=submit&hostname=support.breadwinnerhq.com (https://www.sslshopper.com/ssl-checker.html?submit=submit&hostname=support.breadwinnerhq.com)
But, still we are facing this issue.
We don't understand why is Salesforce not allowing us to make callouts to this domain when it has a valid SSL certificate and the browsers allow it.
Thanks,
Rupali
Thanks for testing! We had just solved this a few days ago and not updated the question, sorry.
The reason we had this error was that Salesforce cannot apparently handle multiple SSL certs on a single IP address. Once we put our subdomain on a dedicated IP address it worked. Salesforce also apparently has problems with wildcard certs and may give the same (innacurate) error message for those as well.
Hope this helps those with the same error!
stony
All Answers
Salesforce support the certificates from trusted CA authorities as listed on
https://developer.salesforce.com/page/Outbound_Messaging_SSL_CA_Certificates
Please check if the certificate you are using is signed from a trusted authorities listed on the above link.
If you do not find your CA authorities in the above list then the error message is correct and you need to get the certificate signed from the Salesforce trusted CA authority.
Please mark this as ""Best Answer"" if it helps you.
Thanks.
Did you click the link we provided? And did you notice that we got our certificate from Go Daddy, which is in that list?
You gave us very clear instructions on what do to if our CA Authority wasn't on the list, perhaps you'd be kind enough to tell us what to do if it is on the list?
Kindly escalate this case to the next tier.
thanks
stony
We understand that Salesforce only supports the certificates from trusted CA authorities as listed on
https://developer.salesforce.com/page/Outbound_Messaging_SSL_CA_Certificates
Our certificate provider is GoDaddy which is listed in the list in above link. Our our fingerprint matches with godaddyclass2ca
Simple steps to recreate the issue are as follows-
1) Create a remote site setting for URL - "https://support.breadwinnerhq.com"
2) Exceute the following code from developer console -
HttpRequest httpReq = new HttpRequest(); Http httpObj = new Http(); HttpResponse httpResp = new HttpResponse(); httpReq.setEndPoint('https://support.breadwinnerhq.com/bwpayment/accounts/orgid'); httpReq.setMethod('GET'); httpResp = httpObj.send(httpReq);3) The execution will fail. Check debug logs for details of exception
Can you please exaplain the reason for this issue?
Thanks for testing! We had just solved this a few days ago and not updated the question, sorry.
The reason we had this error was that Salesforce cannot apparently handle multiple SSL certs on a single IP address. Once we put our subdomain on a dedicated IP address it worked. Salesforce also apparently has problems with wildcard certs and may give the same (innacurate) error message for those as well.
Hope this helps those with the same error!
stony
Hi Stony,
I am getting 'java.security.cert.CertificateException: No subject alternative DNS name matching 'xxx.aaa.com' exception in production only. but it is working fine in Sandox.
'I am unable to find the reason for this.
Please help me.
Thanks,
Hussain.
This error was realyl tricky. First support told me that we needed to have an SSL Cert with no Chained Certs in it. But that isn't true as Heroku itself has chained certs and we could resolve to their SSL Heroku-branded domains. Then we were told Salesforce's Java is behind by a few years. Finally we pushed the case more and someone in their Oregon support office talked to me. She said she'd look into it. I never heard back from her but it started working 2 days later so I guess she did something? I'd say to keep pushing support and push them some more.
best of luck
stony
I have the same error works fine in staging but not in production.. I have a Symantect Class 3 EV SSL CA G3.
I dont have wildcard certificates, I dont have multiple certificates per ipaddress..