I am making a call out from salesforce to an external server using two way SSL. Server has a certificate which is signed by digicert intermediate certificate (DigiCert SHA2 High Assurance Server CA) which in turn signed by digicert root certificate(DigiCert High Assurance EV Root CA) and salesforce is presenting a self-signed certificate which is installed in servers trust store.

Still we are not able to make callout because salesforce raises an exception which says “unknown_ca”.

After researching, I found a list of SSL CA which salesforce supports, the list has 3 digicert ROOT certificates and NO INTERMEDIATE certificates.

http://wiki.developerforce.com/page/Outbound_Messaging_SSL_CA_Certificates

So my question is, while salesforce validates the the server certificate does the entire chain of certificates needs to be installed in there trust store? or only the root certificate is enough to validate?

What about signature algorithm ? Does salesforce support SHA2 ? as my intermediate certificate is based on SHA2 and root is SHA1

My first question, Is it possible to add a remote site dynamically through apex ?

 

Regardless of the answer, I still tried to achieve this by using Metadata API within Salesforce. Below is my code.

 

public static void createremoteSiteSettings()
{
MetadataService.MetadataPort service = createService();
MetadataService.RemoteSiteSetting remoteSiteSettings = new MetadataService.RemoteSiteSetting();
//remoteSiteSettings.fullName = 'Test';
remoteSiteSettings.url = 'http://www.google.com';
MetadataService.AsyncResult[] results = service.create(new List<MetadataService.Metadata> { remoteSiteSettings });
}

public static MetadataService.MetadataPort createService()
{
MetadataService.MetadataPort service = new MetadataService.MetadataPort();
service.SessionHeader = new MetadataService.SessionHeader_element();
service.SessionHeader.sessionId = UserInfo.getSessionId();
return service;
} 

 

I am getting this error : System.CalloutException: Web service callout failed: WebService returned a SOAP Fault: Must specify a {http://www.w3.org/2001/XMLSchema-instance}type attribute value for the {http://soap.sforce.com/2006/04/metadata}metadata element faultcode=soapenv:Client faultactor=

 

Any help would be appreciated ! 

 

My first question, Is it possible to add a remote site dynamically through apex ?

 

Regardless of the answer, I still tried to achieve this by using Metadata API within Salesforce. Below is my code.

 

public static void createremoteSiteSettings()
{
MetadataService.MetadataPort service = createService();
MetadataService.RemoteSiteSetting remoteSiteSettings = new MetadataService.RemoteSiteSetting();
//remoteSiteSettings.fullName = 'Test';
remoteSiteSettings.url = 'http://www.google.com';
MetadataService.AsyncResult[] results = service.create(new List<MetadataService.Metadata> { remoteSiteSettings });
}

public static MetadataService.MetadataPort createService()
{
MetadataService.MetadataPort service = new MetadataService.MetadataPort();
service.SessionHeader = new MetadataService.SessionHeader_element();
service.SessionHeader.sessionId = UserInfo.getSessionId();
return service;
} 

 

I am getting this error : System.CalloutException: Web service callout failed: WebService returned a SOAP Fault: Must specify a {http://www.w3.org/2001/XMLSchema-instance}type attribute value for the {http://soap.sforce.com/2006/04/metadata}metadata element faultcode=soapenv:Client faultactor=

 

Any help would be appreciated ! 

 

I get the endpoint where the request has to be sent at runtime. Later i want to send an HTTP post request to this endpoint, so I have to create a remote site setting too at runtime.

Is there a way to create a remote site setting through apex code?

 

Thanks,

Rupali.