Apex Code Development You need to sign in to do that
Don't have an account?
Confused with certificates for integration
Hello Experts,
We have a integration between salesforce and SAP via SAP PI. The external system is using HTTPS protocol and has asked if any other set up is required to have a secure connection while triggering outbound messages from SAP to salesforce.
This is when certificates come to my mind. We have both inbound as well as outbound integration between the systems.
I would want to know if:
1.While sending outbound messages from salesforce the certificate generated and provided by the external system has to be used in SOAP callouts. Correct?
2.When the external system sends outbound messages from SAP to salesforce, we need to generate and provide them CA signed certificate,which they will sign and send back to us. We then upload it in salesforce and the external system uses it while sending outbound messages from SAP to salesforce? Is my assumption correct?
3. Also i wish to know the difference between self signed and CA signed certificates and why should we not use self signed instead of CA signed?
Any help is appreciated
Regards,
SFDC coder
We have a integration between salesforce and SAP via SAP PI. The external system is using HTTPS protocol and has asked if any other set up is required to have a secure connection while triggering outbound messages from SAP to salesforce.
This is when certificates come to my mind. We have both inbound as well as outbound integration between the systems.
I would want to know if:
1.While sending outbound messages from salesforce the certificate generated and provided by the external system has to be used in SOAP callouts. Correct?
2.When the external system sends outbound messages from SAP to salesforce, we need to generate and provide them CA signed certificate,which they will sign and send back to us. We then upload it in salesforce and the external system uses it while sending outbound messages from SAP to salesforce? Is my assumption correct?
3. Also i wish to know the difference between self signed and CA signed certificates and why should we not use self signed instead of CA signed?
Any help is appreciated
Regards,
SFDC coder
That sounds like a cool integration!
Regarding your question: I only have experience with option 1. So, I'll focus on that one.
In order to setup two way SSL you'll need to do the following:
1: Create Server-side SSL connection (this is in your case on the SAP side, so not for you).
2: In Salesforce, you go to "Certificate and Key Management" and generate a CA-signed certificate. You fill the form based on the information you get from the 3rd party admin (SAP side. Common Name and such are usually provided by them).
3: You download the Certificate Signing Request document (.csr file) and send it to the network specialist (at SAP side) to have it signed by a CA (Certificate Authority).
4: You should get a certificate back (.crt file), which you upload in Certificate and Key Management Section in Salesforce
5: You pass the client certificate with each callout to SAP
There's a great article that explains the process above in more detail:
https://developer.salesforce.com/page/Making_Authenticated_Web_Service_Callouts_Using_Two-Way_SSL
Regarding your last question: Self-Signed Certificates are less secure than CA-signed certificates. Self-Signed certificates can be created by anyone, as opposed to CA-signed. those are signed by a Certificate Authority, and therefore more secure (and more expensive as well)
I hope this helps!
Best regards,
Martijn Schwärzer
Any answer how these certificate settings affect the second points? :/
Thanks